2014年7月14日星期一

IRCA & CQI Seminar on Risk Based Audit

The Seminar entitled "Risk Based Audit" was organized by International Register of Certificated Auditors (IRCA) and the Chartered Quality Institute - Hong Kong Branch (CQI-HK) on 14 July 2014. The seminar aimed to examine the value of management approach to construction and engineering business critical areas, including the governance benefits to be derived from risk based auditing. Firstly, Ir. Mohamed Hasan Isa (Sr. QA/Env Manager, Chun Wo-CRGL-MBEC JV) gave welcome speech and introduced speaker to us.


Before the seminar started, I met two old friends from Hong Kong Society for Quality (HKSQ) and we took a photo for memory.
(Left: Mr. K.W. LEE (HKSQ Exco member 2002 to 2005), I and Mr. Ricky Or (HKSQ member))


Then Mr. Mark Divers (Branch Honorary Chair, CQI HK Branch) introduced CQI to all participants. CQI’s vision is “To place quality at the HEART of every organisation”.


Our guest speaker was Mr. Richard Green (Head of IRCA Technical Services; CQP and IRCA QMS Principal Auditor) and his topic entitled “Risk Based Auditing – Engineering and Construction”.


In the beginning, Mr. Green briefed some excellence buildings like Millau Viaduct, Apeiron Hotel Dubai, and Concorde. Then he mentioned some disasters as comparison such as “Hyatt Regency Skywalk Collapse – Kansas City July 1981”, “Deepwater Oil Spill – Gulf of Mexica April 2010”, “Sampoong Department Store collapse – Seoul June 1995” and “Rana Plaza Factory – Bangladesh April 2013”. He identified some common themes in accidents that people died unnecessarily, management system failures; and someone, somewhere decided to take a risk!

Then Mr. Green used ISO 31000 to define risk to be “effect of uncertainty on an expected result”. He emphasized risk was not talking about probability but considered it impact. Therefore, he defined risk into Event, Cause and Effect. (See the following table.)


Gross risk = Probability of event x Severity of Impact of event
GR = P(E) x S(I) (where P(E)>0 and P(E)<1)
Net risk = GR x ability to manage
If our ability to manage risk is strong, net risk is reduced.
Mr. Green introduced the basic risk assessment matrix using Probability / Impact grids with Risk Tolerance.


The risk management overall process was shown in the flow chart below. However, risk perceptions, appetites and tolerances vary from individual to individual and organization to organization. Therefore, organization had own risk management framework.


The project risk owners would be in different position and activities. The following matrix showed the project risk responsible person in different parties. After that Mr. Green classified different categories of risk in construction projects included “Political”, “Financial”, “Construction”, “Design”, “Environmental”, “Legal/Contractual”, “Physical”, “Economical”, “Technical” and “Operational”.


In second section, Mr. Richard Green explained Risk Based Auditing (RBA) in which focused to your limited audit resource and ensured appropriate audit resource to be assigned. RBA worked successfully was based on the organization understood its risks and be able to rank them. The following audit programs compared the procedure audit and RBA.


Finally, Mr. Richard Green shared two case studies on risk based audit in which one was Engineering focus (i.e. Rolls Royce) and the other one was Construction focus (i.e. Caterpillar). Companies’ risk criteria for audit plan were consolidated to be considered the impacts on “Brand/Reputation”, “Customers”, “Profit”, “Product Safety”, “People Safety”, “Business Continuity”, “Product/Service Process”, “Cost of Poor Quality” and “Business Strategy”.

Eventually, Mr. Green introduce IRCA to participant that its vision were “To make a positive and profound contribution to the business management systems audit profession”; “To inspire and empower auditors and auditor training organisations worldwide to achieve excellence”; and “To promote the value auditors add to businesses”.

We took a group photos before the end of seminar.
CQI members


IRCA auditors


Reference:
IRCA – www.irca.org
CQI-HK Branch – www.thecqi.org.hk
CQI-UK – www.thecqi.org

沒有留言:

發佈留言