Re: Sarbanes Oxley Act (SOX) linkage to a documented QMS - Detailed Procedures Requir
I am about to try to integrate the 2 in the QMS for my company. I do agree with a lot of what has been said in the pro of merging the stds and in the cons of doing so.
To summarize a bit
CONS
Merging both can:
- increase confusion during audit
- REALLY frighten the Finance and Quality guys and will require some education
- lead to a bad SOX implementation and also bad QMS design (and that is where I am looking forward to see a more flexible QMS but the coming revision should deal with it.... somewhere btw 2008 and 2010...)
PROS
Merging both will:
- make a lot of sense in the systemic process approach
- considerably improve the updating process
- save a lot of time
- help the six sigma initiatives
- improve the leadership because of the roles and responsibilities that have to be defined AND applied with DISCIPLINE.
Forget about the QMS, forget about SOX. What does make sense? Having a clear process structure, well defined with appropriate controls and measurements. In Six Sigma, you need to have the current process, you need to have sound measurements, and you should be able to control.
Do we make a distinction between Finance and the shop floor? No (otherwise you've understood nothing about six sigma) They are processes with inputs and outputs and they have risks and you should have controls to cover them. SOX risks are not only in the Finance department. They are in almost all the functions, on many different processes.
Now if you want to describe twice how you define the processes in your company, how you control and measure them, that is your choice, but it makes sense to have one document that just says this is our process design framework with:
- the process itself (flowchart+narrative with RACI/description step by step/controls/KPI/...)
- SOX RCM linked to the process (flowchart and narrative)
- QMS Control plan (the classic control plan)
- Audits for both RCM and QMS Control plan
- Measurements (strategic planning that flows down to procedure level. Six Sigma Y=f(X) basic tool)
And I don't see what in the QMS will be an issue in doing that. And if you struggle, feel free to add a section. After all, you won't suffer from being better than the simple QMS requirements.