Statius has been working with the construction company for some time.  However, recently, there has been a lot of debate, led by Danny Brittin and Chris Miles, about creating an integrated management system for the whole Group to combine the requirements of various management systems: quality, health and safety, and environmental.  

Additionally, agreement has been reached with Longcross Construction who will pilot a Lean Construction project which may later form the basis of the Group’s continual improvement activities.

Various reports addressing the issues of internal control have been written by stock market grandees, probably most notably the Turnbull report which pulled the findings of a number of earlier reports together.

The board is ultimately responsible for the stewardship of the organisation and managing the associated risks, but assurances on how well the risk management controls are working across the wider business should come from the internal auditors. 

Many line managers will have specific audit responsibilities: the quality manager will audit product and process quality; the health and safety manager will audit safety; the IT manager will audit the IT security threat.  However, highly skilled and properly trained internal auditors should also be looking at a range of broader issues and evaluating the controls in place for both overt and covert risks (which might include strained relationships at the top of an organisation, investment in new technology or equipment, reputation and customer management, risks arising from the loss of key people, cost controls, supply chain risks (for instance arising from the exploitation of child workers)), as well as an overview of the finance, quality, safety and IT issues.

Internal auditing may be seen as a big company activity, but assessing and measuring exposure to risk is important for the survival of all companies and is a catalyst for best practice.  It is of value even if everything is found to be okay as it means of ensuring that you are not missing anything.  In the words of one of our clients, “you keep us honest”.  Can you afford to fail?
 

Recognising this as an area of increasing concern, Statius recently hosted a seminar on the subject in London in conjunction with Bureau Veritas and, very kindly, Remploy.

The subjects discussed included the different types of risk involved with information, for instance, are the risks concerned with confidentiality, integrity or availability, and how this risk-based approach can be used as the foundation for a certifiable information security standard such as ISO 27001.

The seminar was well received, one comment being “you have simplified and de-mystified the subject”.

Mark Woods, director of Statius, would like to thank Guy Tanner (Statius’s information security specialist), Mike Foley of Bureau Vertias (the certification agency) and, especially, John Devlin of Remploy for making it such an informative and interesting day. 
 

These finding were echoed by another study undertaken by St John Ambulance who found that small firms were flouting health and safety laws – 79% of firms admitted to having periods where there were no first aiders in place.  Additionally, 15% of SMEs have never carried out an assessment to determine risk within the workplace.

Mark Woods of Statius commented “This is very worrying: there is a moral as well as legal imperative for leaders to ensure that staff go home safely at night.  With recent changes in the law (the Corporate Manslaughter and Corporate Homicide Act and the Health and Safety Offences Act), these leaders are also running a substantial risk to both themselves and their businesses”.
 

The idea of a model for excellence was originally mooted by a number of European companies who wanted to create a framework to systematically assess an organisations current position and to, more importantly, drive improvement and innovation.

The model has now been around for nearly 20 years and is increasingly used by companies wanting to quantify their improvement activities. Key changes to the model include: 

• A definition of excellence
• An increased focus on long-term planning
• More action orientated headings
• An increased focus on creativity
• The introduction of the concept of sustainability (which focuses on the long-term sustainability of the organisation and sustainability from the environmental perspective)

Interestingly, this is the first time a definition of excellence has been included and it suggests excellent organisations “achieve and sustain superior levels of performance that meet or exceed the expectations of all their stakeholders”.

Changes have been made to all sections of the model but the theme has been one of evolution not revolution.

 Mark commented of the changes, “When first published, the excellence model was a revolution in thinking, there really were no authorative and tested models for the practitioner to work with. The model has now been around nearly twenty years and all the studies undertaken in assessing its impact show that real and quantifiable improvements can be made. Like a fine wine, it gets better and better with age..”

 For more information on the excellence model or the changes, contact Mark Woods on 020 8460 3345 or email him at mwoods@statius.uk.com.

However, gaining a place on tender lists and succeeding through the many procurement requirement hoops now has a further high profile hurdle: INFORMATION SECURITY. The loss of some very high profile data (the child benefit debacle, laptops left on trains, disks and CD’s going astray and the recent news of T Mobile account details being sold on) has raised eyebrows and brought the subject to the top of the public sector agenda.
 

Any contract award will obviously be based on the core service provided, but Ministers and Public Sector mandarins are ensuring that not only is their own house in order but that their key suppliers also have their data security systems managed robustly and to the same exacting standards.
 

Standards such as ISO27000, one of a number that Statius has years of experience of supporting companies gain and maintain, have never been so pertinent. The requirement for the strict management of information security is not just for larger “prime” contractors, but also the numerous smaller organisations operating in their supply chains.
 

Obviously, with many public sector services being outsourced, this means that the pre-qualifying and bidding processes are beginning to turn the spotlight on information security.  It also means that any “prime” contractor has information security responsibility for the whole of the supply chain associated with their contract.

One contract round recently completed nearly fell at the last hurdle because these issues had not been adequately and rigorously addressed.  The result was a last minute scramble to build the assurance case before the contract could be properly awarded.

Statius can provide peace of mind through our range of information security services; from a basic health check to a full audit against the IT security standard ISO 27001 or even assistance with implementing an information security culture.  

We are also planning a seminar on information security in the public sector and ISO 27001 early in the New Year.  If you would like to assure your place or discuss any of these issues please call Mark Woods on 07976 426 286 or email him at mwoods@statius.uk.com

Following on from a recent Buyer Beware newsletter, NQA, one of the accredited certification agencies, has recently undertaken a survey with some very revealing results.

The research surveyed 250 directors of UK SMEs and was published under the banner of “Managing with Certainty”.  The research compared companies with and without certification, finding that they were:

 
It was also found that directors of companies with certification felt more able to access new markets, had higher levels of customer satisfaction and were more likely to be legally compliant.

Paul Simpson, technical manager for the Chartered Quality Institute (CQI) said “There is no doubt that effective management systems enable organisations to focus on their important processes”.

(Adapted from an article in Quality World October 2009)

The event will focus on two related themes which are increasingly business critical in these difficult times.

• Reducing Cost: Internal waste accounts for 5 - 40% of turnover in any organisation.  Elimination of that waste by improving business processes puts £££s straight to the bottom line and keeps it there year after year.
• Environmental Waste: With Copenhagenonly weeks away, we are increasingly aware that we need to live more lightly upon the Earth.  Now environmental credentials are becoming critical requirements for approval to join public and corporate supply chains; to say nothing of customer and employee retention.  We look at how reducing resource usage, cutting costs and obtaining recognition go hand in hand.

We would be delighted to see you at 8.30am on Thursday, 3 December 2009 at the Thames Innovation Centre in Erith (near Dartford and conveniently located just 8 miles from the M25 and a short walk from Belvedere railway station).  Please just let us know if you would like to attend or, alternatively, book your place by email enquiries@carnw.co.uk

Field Textiles receives up to 15 articulated lorry loads of goods for disposal each week, which previously would have gone to landfil.  The Company sorts and grades the goods received and is responsible for resale of the used product.  Historically, the statistics for the contract were in the region of 65% to landfill and 30% being recycled.  Through innovative approach and hard work, Field Textiles is reporting monthly figures of less than 0.5% of waste to landfill and 0.18% recycling, meaning that the rest of the product is being reused.

This year, Field Textiles was approached to enter the Basildon District Business Awards in the area of environmental awareness.  A tough judging panel visited the Field Textiles warehouse with Matt from Statius providing the support and guidance.  Matt was asked to attend the awards ceremony on behalf of Field Textiles and accepted the award at the gala dinner.

UKAS, the United Kingdom Accreditation Service is the only national accreditation agency recognised by government to assess organisations that provide evaluation services.

However, whilst accredited certification is not a legal requirement it has a number of potential benefits.  Independent research carried out by Databuild earlier this year (April 2009) suggests that 58% of the organisations surveyed stipulated accredited certification in their prequalification questionnaires, a trend mirrored by the public sector who confirmed that it is are looking to increase confidence in its supplier base by insisting on accredited certification.

UKAS suggest that the reasons for this can be traced to the 2007 Regulators’ Compliance Code which is a central part of the Government’s better regulation agenda.  The code aims to embed risk-based management thinking into the regulatory framework and a key component of this is via the enforcement of recognised accreditation systems.

However, it is not just large businesses and the government who see the value of accredited certification, organisations like the CBI, Federation for small businesses and the IOD all recommend accredited certification.

There are a number of agencies offering quick and cheap, non UKAS, certification and many organisations use their services only to find that they are not acceptable to their client base.

Mark Woods from Statius comments “Very sadly, we usually find at least one or two clients a year that have progressed down this road only to find that they have to start again implementing more robust procedures and practices that actually reflect their business and add real benefit.”.

However, there are risks that we don’t seek, risks we need to plan for, and those we want to positively avoid.  We need to ensure that businesses can plan its future and mitigate any risks to ensure its survival.

These risks come in many different shapes and sizes and after a number of major, if not spectacular, bank and company failures, these risks are usually discussed under the rather academic banners of “business continuity” or “corporate governance”.

Recent research by the Business Continuity Institute examined the impact on the UK economy from disruptions caused by everything from IT outages to bad weather and supply chain problems.  It found that 40% of organisations in the UK suffered from at least one disruption and estimated the cost of downtime at £11.1bn.

Additionally, other reports, particularly the Turnbull report, suggest that organisations need a system for identifying and assessing risks not directly associated with the management of the business but which, with the right (or wrong) environment, could damage the business or cause it lasting harm.

Mark Woods of Statius commented “….even in the good times, problems of this nature hurt …. in the current climate they can and will be the difference between survival and failure”.

This is an evolving area for management systems and there are a number of standards which set out good practice and can be used as a checklist against which organisational processes can be tested.  The information security management standard ISO 27001 focuses, as its name suggests, on IT.  There is also another standard, ISO 25999, which takes a broader view of business continuity management.