Expanding Role of Quality Stretches Resources and Capabilities
Quality management is being challenged to cover a range of operational and processlevel risk management areas, a broad array of quality audits, increasing regulatory compliance requirements, and expanding demand for third party (e.g., vendor, supplier) audits across a dynamic and distributed business. Therefore, quality management itself needs to have a strategy that encompasses both the dynamic need for quality audits as well as the planned and cyclical. There is growing interest in dynamic audits - but the best approach is a hybrid in which there are regularly scheduled and planned quality audits yet there are resources available for the dynamic needs of business for quality audits when risk and situations require them. This grows particularly challenging as business is constantly changing and distributed across a mesh of business relationships. Providing assurance to stakeholders in the modern organizations has become a real challenge to quality management and has increased quality’s role and visibility while stretching its resources. To effectively manage quallity requires new paradigms in managing quality audits, quality processes, analytics, and the role of technology to make quality management successful.
The issues facing quality management are more challenging than ever before. The quality management department is being asked to do more audits and manage a range of incidents and issues across more areas of business operations with limited resources. It has become an ongoing challenge to document and maintain quality auditor and investigator skill sets, develop and deliver audit work papers, and provide assurance across business operations and relationships. The business has grown in diversity, complexity, and processes that challenge quality management to build a program that is sustainable, efficient, effective, and agile to the needs of a distributed and complex business environment. The need for resources and tools to drive efficient and effective audits through quality analytics of vast sets of data further adds to the challenges facing quality management.
The bottom line: This is not your father’s quality management program. Quality management today is different than it was twenty to thirty years ago. Today’s quality management department has growing demands to do more audits and manage a diverse range of issues across operations and relationships while still being constrained by limited resources to fulfill these demands. To effectively conduct quality audits, efficiently manage limited resources, and meet the agility required of a dynamic business environment requires a top-down approach to quality management that is driven by risk-based priorities and technology is utilized to manage resources, analyze data, and streamline quality management operations.
Bahrain Petroleum: Value Achieved in Quality Management
The Challenge Bahrain Petroleum Faced
Bahrain Petroleum Company (BAPCO) is a petroleum company that was the first to discover oil in the Arabian Peninsula in 1932. BAPCO is owned by the Government of Bahrain and is engaged in the refining and distribution of petroleum products, natural gas, sales, and exports of crude oil and refined products. It owns a 264,000 barrel-a-day oil refinery and storage facilities for more than 14 million barrels.
BAPCO is deeply committed to managing and raising the quality standards and protecting the environment, ensuring the health and safety of its people and complying with global standards and guidelines. In line with these goals, it has established a rigorous program for safety, quality, and compliance management.
In context of quality management, BAPCO was encumbered with a variety of different department-level issue tracking and monitoring systems that were primarily either manual paper-based approaches or spreadsheets used to track and manage issues. This approach made it difficult to capture and present a cross-department enterprise view of critical incidents.
Quality audits were a time and resource consuming iterative cycle. Audits and issues from various aspects of quality were getting managed in silos due to lack of a single integrated platform. This resulted in redundancy in audit results with no enterprise wide visibility of issues.
Key challenges faced by BAPCO were:
- Absence of a unified process for Issue Management. BAPCO did not have a unified, enterprise-level issue tracking and monitoring system to track issues across quality audit, safety, and environmental. Consequently, it became difficult to capture critical incidents such as fire hazards and oil spills which could impact the safety of workers and the profitability of the company.
- Limited collaboration. With over 60 audits needing to be completed every year, the company’s resources were strained. Each department - such as Operations, Environment, Health, Fire and Safety, and Quality - conducted their own audits without much interaction or collaboration with other departments. This isolated approach of auditing often led to redundant and duplicated audits, which in turn, consumed more resources, time, and effort than was required.
- Lack of automation. BAPCO audits approximately 18 areas of the organizations operations and manages compliance across multiple standards and regulations ranging from ISO 9001 to OHSAS 18001. Most of these audits were conducted using manual paper-based processes. Significant time and resources were spent on collecting the required information, analyzing the information, and delivering the required insights.
- Limited visibility. Given the large scale of the company’s operations, it was imperative that managers gained timely visibility into audit trends to make crucial business decisions. However, their existing systems did not provide them with a centralized and real-time view of audit processes and results. Instead, managers had to wait for the reports to be compiled manually.
Solution to BAPCO’s Problem
As BAPCO’s business operations expanded and became more complex, auditing processes demanded much more time, effort, and investment. Tracking existing and emerging quality regulatory requirements was further complicated with the management of large data volumes of quality compliance information. This became less efficient and time consuming over time and BAPCO realized they needed to do something different. In the face of these developments, the company was keenly focused on addressing and enhancing efficiency of quality audits, while improving their cost-effectiveness and ensuring compliance with all regulations and requirements. To overcome these challenges, BAPCO decided to implement an automated, integrated, and web-based system for Quality Audit Management, Incident Management, and Corrective Action / Preventive Action (CAPA) Management.
After considering several solution providers in the market, BAPCO chose MetricStream because it offered them a single platform approach to streamline quality audit and CAPA management across the organization. BAPCO has utilized MetricStream work processes as the core of their quality management system. This includes an enterprise level Operational intelligence platform integrated across sixteen data sources supported by four MetricStream modules.
MetricStream studied the company’s requirements, conducted a gap analysis, and then implemented its Quality Audit Management, Incident Management, and CAPA Management Solutions. Implementation and adoption of MetricStream by BAPCO was a phased process which was planned and designed per business requirements at every stage with defined timelines. Achieving operational excellence required BAPCO to put in some base systems. They firstly needed a central action tracking system. They chose to use MetricStream’s CAPA as an integral part of the whole process. In the next phase of attaining operational excellence, the need was to integrate audit and interface with CAPA. Incident investigation was the next core system to be addressed and interface with CAPA. Finally, they have adopted and integrated risk management as well to achieve multi-dimensional excellence within their business. Achieving all this on a unified platform has reduced their dependency on different independent systems and given a holistic view to the whole approach.
Key highlights of the MetricStream quality management solution adopted by BAPCO are:
- Quality audit management. MetricStream’s quality audit management solution provides BAPCO with a range of powerful and innovative features including best practices, risk and control assessments, and work-flow based remediation processes. Using the solution, BAPCO manages all quality audit-related activities from a common platform. It has streamlined its entire audit lifecycle across the enterprise - audit scheduling, development of audit checklists, and implementation of audits – both online and offline, generation of audit reports, and review and implementation of audit recommendations.
- Incident management. While BAPCO had a small group of dedicated investigators using another system, they needed to get many users involved in incident investigations. They have leveraged the MetricStream Incident Management module to manage incidents across approximately 300 skilled users.
- Corrective Action / Preventive Action (CAPA). MetricStream’s Non-Conformance and CAPA Management solution facilitates a systematic and consistent approach to managing action tracking at BAPCO. It is the core process for BAPCO’s operational discipline process which is a cofactor in achieving operational excellence.
The solution provided BAPCO the core benefits of scalability, flexibility, and automation. The MetricStream platform was built as a modular system which enables BAPCO to expand to other GRC solutions such as Compliance Management and Risk Management over time. With MetricStream’s Quality Audit Management Solution BAPCO now manages all audit-related activities from a common platform. This enables them to:
- Streamline the entire quality audit lifecycle across the enterprise. This includes audit scheduling, development of audit checklists, implementation of audits (both online and offline), generation of audit reports, and review and implementation of audit recommendations.
- Enables BAPCO auditors to define each audit in a logical structure/hierarchy. Audits related to quality standard ISO 14001 can be defined along with detailed templates, work orders, risk and control assessments, pass/fail criteria, checklists, and audit tasks. Each audit can be scheduled periodically or triggered on an adhoc basis depending on requirements of the organization.
- Automatic notifications sent to auditor and entity that is being audited. During the audit, MetricStream enables auditors to record qualitative and quantitative findings, both onsite and offsite. It provides predefined formats for entering detailed observations and recommendations. Errors and inconsistencies are eliminated through the solution’s systematic, work-flow driven process.
- Route audit findings and recommendations for review. If issues are identified, they are immediately routed to the Issue Management module. This module interfaces with company departments and systems to capture the required information on the incident, including the type of incident and source. A root-cause analysis is then conducted to identify the source of the problem, categorize it and assign it to the appropriate personnel for investigation. Following this, the CAPA module initiates a remediation or corrective action process. The entire process is kept on track with automatic alerts sent out in cases of delay.
BAPCO chose to leverage MetricStream’s information architecture by integration with BAPCO’s existing operational intelligence platform. The operational intelligence platform is built upon traditional visualization process diagrams, lab results, maintenance, and other data sources, which line workers need for the ‘here-and-now’ work. MetricStream provides compliance and performance information into this ‘real-time world’ to provide one environment for contextual intelligence and monitoring. For example:
- While checking the latest flash point lab results for audit, a superintendent can also check to see if direct reports have completed their incident investigations.
- A control operator who is monitoring critical process variables can check whether CAPA actions are due or overdue.
- An area manager can check the latest Audit Findings and quickly trace that back to the contributing factors.
Significant resources are devoted towards training, building awareness, and encouraging employees to fulfill their responsibilities relating to compliance with quality, safety, and environmental standards. In addition, thorough audits are conducted to ensure that all external and internal policies are adhered to, that quality standards such as ISO 9001 are met, and that noncompliance and enterprise risks are mitigated.
The short-term benefits to BAPCO achieved in the first-year of MetricStream implementation were:
- Single system to track quality audits, incidents, and corrective actions issues across multiple business units.
- Resource optimization and attaining maximum results with lesser and more skilled workforce.
- Enhanced collaboration and integration using MetricStream, BAPCO can streamline and integrate audits across the enterprise, thus breaking down restrictive organizational silos and improving collaboration across business departments, operations, and locations.
- Units can perform audits independently but collaborate to ensure that their efforts are not duplicated in other units. This way, costs are saved, operational efficiencies are gained and the accuracy of auditing is improved.
- Better visibility for decision-making with integration of MetricStream modules with BAPCO’s Operational Intelligence Platform, they can evaluate the status of audit and CAPA management at any time.
- Hard facts and metrics delivered by the system enable managers to track and resolve issues efficiently, ensure on-going compliance and make informed business decisions impacting profitability.
- Simplified process management with user-friendly features of the solution, BAPCO can now confidently comply with regulatory demands.
- Automated capabilities reduce the time and effort required for audit and CAPA management, enabling auditors to focus on more value-oriented functions such as analyzing audit trends and advising the company Board.
- Increased cost efficiencies with MetricStream’s automated workflows, control testing and issue remediation enabled the company to reduce the manpower and resources required for auditing and CAPA management.
- Transform audit management into a competitive advantage, thus attracting more customers.
The ongoing long-term benefits for BAPCO over three to five years using MetricStream are:
- Record personal safety approaching 15 million person hours without a lost time injury - 100% improvement.
- Process safety with 370 days without Tier 1 loss of containment - 200% improvement.
- Reliability with a record 384 days without a unplanned shutdown - 150% improvement.
BAPCO Achieved Value in GRC Efficiency, Effectiveness, and Agility
GRC is an integrated capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].1 Successful GRC strategies deliver the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human and financial efficiency, and meet the demands of a changing business environment. GRC solutions should achieve stronger processes that utilize accurate and reliable information. This enables a better performing, less costly, and more flexible business environment.
GRC 20/20 measures the value of GRC initiatives around the elements of efficiency, effectiveness, and agility. Organizations looking to achieve GRC value will find that the results are:
- GRC Efficiency. GRC provides efficiency and savings in human and financial capital resources by reduction in operational costs through automating processes, particularly those that take a lot of time consolidating and reconciling information in order to manage and mitigate risk and meet compliance requirements. GRC efficiency is achieved when there is a measurable reduction in human and financial capital resources needed to address GRC in the context of business operations.
- GRC Effectiveness. GRC achieves effectiveness in risk, control, compliance, IT, audit, and other GRC processes. This is delivered through greater assurance of the design and operational effectiveness of GRC processes to mitigate risk, protect integrity of the organization, and meet regulatory requirements. GRC effectiveness is validated when business processes are operating within the controls and policies set by the organization and provide greater reliability of information to auditors and regulators.
- GRC Agility. GRC delivers business agility when organizations are able to rapidly respond to changes in the internal business environment (e.g. employees, business relationships, operational risks, mergers, and acquisitions) as well as the external environment (e.g. external risks, industry developments, market and economic factors, and changing laws and regulations). GRC agility is also achieved when organizations can identify and react quickly to issues, failures, non-compliance, and adverse events in a timely manner so that action can be taken to contain these and keep them from growing.
GRC 20/20 has evaluated and verified the implementation of MetricStream at BAPCO and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized MetricStream and BAPCO with a 2016 GRC Value Award in the domain of Quality Management.
GRC Efficiency Value
Using MetricStream, BAPCO has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measure of value as they pertain to the human and financial efficiencies they have benefited from. These include:
- Reducing time required in managing activities like audit execution, CAPA, root cause analysis, risk identification and so on.
- Overall increased in efficiency by 150% without any unplanned shut down.
- BAPCO has automated multiple manual processes such as audit scheduling, incident tracking, remediation, and audit trails which are a critical party of quality management. This has saved valuable resources, manpower, time, and costs.
- Effectiveness quotient of BAPCO has increased as the number of resources has reduced and the time spent on aggregating issues and viewing the reports to identify areas of quality concern has reduced drastically with ease of view of below reports at a click.
- Significant reduction in the time taken to identify and close the issues.
GRC Effectiveness Value
Using MetricStream, BAPCO has been able to identify both quantitative and qualitative measures of value as they pertain to the effectiveness of quality management that BAPCO has benefited from.
- Single platform to manage all quality audit, incident, environmental and safety issues
- Effectiveness has increased as BAPCO have been able to achieve 100% improvement in personal safety, 200% improvement in process safety
- BAPCO has attained tangible benefits in record achievement in personal safety and process safey without any unplanned shutdown in 384 days.
- BAPCO has minimized redundancies in quality issues. Earlier the same issue was captured and worked on by multiple business divisions. With an integrated quality management solution, there is no duplication of effort.
GRC Agility Value
By using MetricStream, BAPCO has been able to identify both quantitative and qualitative measures of value as they pertain to the agility and responsiveness of quality management they have benefited from.
- Expansion from Quality Management to other GRC Solutions like ERM with MetricStream’s platform.
- Increased accountability at all levels by clearly defining and tracking roles and responsibilities.
- Improved collaboration between various processes by breaking down organizational silos with improved the efficacy of decision-making.
- Advanced and centralized reporting and analytics to provide real-time visibility into all quality issues and help uncover potential risk areas by identifying trends and patterns.
GRC 20/20’s Final Perspective . . .
The MetricStream solution has empowered BAPCO to better address the quality related issues and track closed-loop actions on an enterprise level. The best practices that were buried in one department can now be automated and shared across departments. The extensibility of the solution to Risk and Compliance, has helped them adopt a holistic approach towards GRC and Quality on a unified platform.
About GRC 20/20 Research, LLC
GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide objective insight into GRC market dynamics; technology trends; competitive landscape; market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem of GRC solution buyers, professional service firms, and solution providers. Our research clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000 companies, major professional service firms, and the breadth of GRC solution providers.
GRC 20/20 research reports are written by experienced analysts with experience selecting and implementing GRC solutions. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria, regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and best practices. Research facts and representations are verified with client references to validate accuracy. GRC solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion.