Audit and Advisory Services Integrity, Innovation and Quality

Similar documents
Audit and Advisory Services

Audit and Advisory Services Integrity, Innovation and Quality

Audit and Advisory Services Integrity, Innovation and Quality. Follow-Up Audit of Aviation Security

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Recruitment Strategies and the Staffing Process

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Audit and Advisory Services Integrity, Innovation and Quality

SSP Implementation Process CANADA

Follow-up Audit of the CNSC Performance Measurement and Reporting Frameworks, November 2011

Integrated Management System Update for Water, Wastewater and Waste Management

Audit and Advisory Services Integrity, Innovation and Quality

Audit and Advisory Services Integrity, Innovation and Quality

RDIMS (SGDDI ) TP 14693(E) (ISSUE 2, 03/2016)

Audit of Staffing and Classification

Audit of Entity Level Controls

Proposal for a COUNCIL DECISION

Audit of the Management of Projects within Employment and Social Development Canada

Horizontal audit of the Public Services and Procurement Canada investigation management accountability framework

Audit of Information Management. Internal Audit Report

05/14/2008 VS

ESTABLISHMENT OF A QUALITY SYSTEM

TRANSPORT CANADA RISK BASED SURVEILLANCE RBS Workshop, 20 th March 2018

Audit Report. Audit of Contracting and Procurement Activities

ADVISORY CIRCULAR AC

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Business Continuity Planning. Prepared by: Audit and Assurance Services Branch

City of Saskatoon Business Continuity Internal Audit Report

Audit of Shared Services Canada s Information Technology Asset Management

Lake County School District. Quality Assurance & Improvement Program. Internal Self-Assessment for. The Internal Audit Department

TABLE OF CONTENTS 1.0 INTRODUCTION...

Practice Guide. Developing the Internal Audit Strategic Plan

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

DIRECTOR, INFORMATION TECHNOLOGY PROJECT IMPLEMENTATION/ FISCAL INTEGRATION

Internal Audit of Compensation and Benefits

Audit of Public Participation and Consultation Activities. The Audit and Evaluation Branch

Part 148 Aircraft Manufacturing Organisation

Audit of the Management Control Framework (MCF) Spectrum Telecommunication Program (S/TP) Final Report. Audit and Evaluation Branch.

Audit and Advisory Services Integrity, Innovation and Quality

Motor Carrier Enforcement Officer PREAMBLE

Human Resources and Workplace Services Branch (HRWSB) Management Practices Review. November 2010

Audit of Governance and Controls for Reliable Reporting of Civilian Personnel Data. September (CRS)

Final Audit Report. Audit of Information Technology (IT) Planning. June Canada

Implementing an effective Training & Competence Framework: A Practical Guide. Enterprise Learning 2017

Quality Management System. Manual MASTER COPY

INTERNAL AUDIT OF PROCUREMENT AND CONTRACTING

Integrated Business Planning Audit

Audit of the Delegation of Authorities for Select Human Resources Processes

Quality Management System Plan

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

<Full Name> Quality Manual. Conforms to ISO 9001:2015. Revision Date Record of Changes Approved By

August 14, Dear Ms. Gula:

Nature and scope. Purpose of the role. Position Description. Position: Operations Manager Reports to: General Manager Date: December 2016

~ Scope of Work ~ Cooperative Services Feasibility

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

Quality Manual ISO 9001:2015 Quality Management System

AUDIT REPORT INTERNAL AUDIT DIVISION. Human resources management of the Umoja project

CAPITAL AVIONICS, INC. Quality Manual

9001:2015, ISO 14001:2015 & ISO

Audit of Occupational Health and Safety (Canada Labour Code, Part II)

JOINT PROGRAMME OFFICE

Aircraft Manufacturing Organisations Certification

Safety risk based surveillance provisions

Using PSM at All Levels in an Organization

Quality Manual Template ISO 9001:2015 Quality Management System

Gulfstream Flight Test Safety Management System. Evaluation Tool Guidance

External Quality Assessment Are You Ready? Institute of Internal Auditors

Proprietary Document Disclosure Restricted To Employees and Authorized Holders

ONRSR Guideline. Asset Management

4/10/2014. Developing an HR Strategic Plan A Step by Step Approach. Agenda. By a Show of Hands: The HR Strategic Plan. Critical Success Factors

Conseil scolaire Viamonde (Conseil scolaire de district du Centre Sud-Ouest)

COMPARISON - SMS AND QMS

Safety Management System Assessment Guide TP 14326E (05/2005)

Guidance for Industry Quality Systems Approach to Pharmaceutical Current Good Manufacturing Practice Regulations

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Strategic Asset Management Plan

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Audit of Policy on Internal Control Implementation (Phase 1)

APPENDIX A. OPERATIONAL PROCESS FLOW CHARTS

Management Practices Review. November 2009

Audit of Departmental Security

Implementing a Security Management System: An Outline

Preparation of Inspectors for ATO oversight

Final review report Review of corporate accommodation Public Works and Government Services Canada Office of Audit and Evaluation March 31, 2016

Review of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

Quality Manual ISO 9001:2015 Quality Management System

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

OPERATOR S QUALITY SYSTEM 1.0 PURPOSE

Table of Contents. Project Agreement Schedule 14

ISC: UNRESTRICTED AC Attachment. Human Resources - Succession Planning Audit

ISO 14001:2015. EMS Manual.

Open Government Implementation Plan (OGIP)

SAM National continuous monitoring coordinators (NCMC) regional meeting

TABLE OF CONTENTS 1.0 INTRODUCTION...

1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General

UNITED NATIONS DEVELOPMENT PROGRAMME Junior Professional Officer (JPO) JOB DESCRIPTION

Common Quality Framework for International Search and Preliminary Examination

IPMA-Canada Certification Program

Transcription:

Audit and Advisory Services Integrity, Innovation and Quality Audit of Quality Management Systems for Oversight Programs File Number: 1577-14/15-101 April 2015

Table of Contents i Audit of Quality Management EXECUTIVE SUMMARY... II STATEMENT OF CONFORMANCE... iii 1.0 INTRODUCTION... 1 1.1 BACKGROUND... 1 1.2 AUDIT OBJECTIVES AND SCOPE... 3 1.3 AUDIT APPROACH AND ASSESSMENT CRITERIA... 3 2.0 FINDINGS... 5 2.1 DIRECTIVE ON SAFETY AND SECURITY OVERSIGHT... 5 2.2 SAFETY AND SECURITY TRANSFORMATION 2020 INITIATIVES... 5 3.0 CONCLUSION... 9

Executive Summary ii Audit of Oversight Management EXECUTIVE SUMMARY Introduction A key responsibility of Transport Canada (TC) is conducting transportation safety and security oversight through legislative, regulatory, surveillance and enforcement activities. The TC Safety and Security Group s national oversight programs contribute to achieving the strategic outcome of A Safe and Secure Transportation System. Quality management is an integral component of an oversight program to help ensure consistent and effective delivery within and across regions. Audit Objective and Scope The Audit of Quality Assurance (QA) Practices for Oversight Programs was included in TC's 2014-15 Risk-Based Audit Plan (RBAP). At the outset, the audit objective was to assess the effectiveness of the QA activities within the various Safety and Security oversight programs. Based on consultations with senior management, Internal Audit expanded the scope of the audit to include an assessment of the design of the quality management system (QMS) for each of Safety and Security s oversight programs. The scope of the audit included all quality management related activities at the Safety and Security Corporate, HQ and the Regional levels. The oversight programs from the Program Alignment Architecture (PAA) included in the audit were Civil Aviation, Marine Safety and Security, Rail Safety, Motor Vehicle Safety, and Aviation Security. The Transportation of Dangerous Goods oversight program was excluded since an internal audit had been recently completed that included a review of the design of its QMS. Conclusions The results of our audit indicate that the Department lacks an overarching QMS framework. Inconsistencies and gaps with respect to QMS design within and between the oversight programs impedes the Department s ability to monitor and report on the effective delivery of its oversight programs. However, the many initiatives under Safety and Security Transformation 2020 will address the majority of these gaps. As well, Internal Audit has made several observations for Safety and Security s consideration as it moves forward with its initiatives to address its changing environment. We are confident that these initiatives will support the Department s efforts in managing its oversight programs.

Executive Summary iii Audit of Oversight Management STATEMENT OF CONFORMANCE This audit conforms to the Internal Auditing Standards for the Government of Canada, as supported by the results of an external assessment of Internal Audit s quality assurance and improvement program. Signatures Dave Leach (CIA, MPA), Director, Audit and Advisory Services Date Martin Rubenstein (CPA, CIA, CFE), Chief Audit and Evaluation Executive Date

Introduction 1 Audit of Oversight Management 1.0 INTRODUCTION 1.1 BACKGROUND One of the ongoing challenges for Safety and Security is delivering its national oversight programs consistently within and across regions. Safety and Security has been continually looking at ways to improve delivery of its national programs including conducting its own Blueprint 2020 exercise to identify initiatives to modernize its oversight programs. It is within this context that an assessment of quality assurance (QA) of the oversight programs was included in Transport Canada s (TC) Risk-Based Audit Plan (RBAP). At the outset, the audit objective was to assess the effectiveness of the QA activities within the various Safety and Security oversight programs. Based on consultations with senior management, Internal Audit expanded the scope of the audit to include an assessment of the overall quality management system of Safety and Security s oversight regime. Quality Management System (QMS) A QMS is a management system used to define objectives and standards for quality and it directs and controls how an organization achieves these. Overall, QMS is a collection of inter-related policies, processes, and practices that focus on achieving an organization s quality objectives. QMS should apply to all components of an oversight program. Internal Audit defined Safety and Security s oversight programs as including three basic components: creation of rules and regulations; oversight activities to promote and determine compliance with the rules and regulations; and enforcement activities to manage instances of non-compliance with the rules and regulations. The following diagram depicts the phases of a QMS around the three basic components of an oversight program.

Introduction 2 Audit of Oversight Management 6. Q M S Continuous Im provem ent - Audit/R eview - Continuous M onitoring - Feedback & Corrective Action 1. QM S Design & Developm ent - M gm t. Com m itm ent - Q M S Policy/Objectives \ -Q M S M anual - IM & R ecords Control - Com m unication Rules & Regulations 2. QM S Im plem entation - Im plem entation Plan - Q M S resourcing - Em ployee Aw areness 5. Program Continuous Im provem ent - Quality Assurance - Em ploye e Pe rform ance - Program Perform ance - P rogram Evaluation Enforcem ent Oversight - Com pliance - SM S/ Se M S - Testing - Lice nse s/ Perm its 3. Program Design and Developm ent - R equirem ents Definition - R esourcing and com petency profile - Program Design and developm ent review 4. Program Delivery - Training - SOPs - System s/tool/ Tech. - Q C & M gm t. Supervision Figure 1: QMS Phases of an Oversight Program Effective quality controls (QC) and QA are required at all levels involved in the delivery of a national oversight program to help ensure consistency. At TC, there are three levels involved in the delivery of the oversight programs: Safety and Security Corporate (hereafter referred to S&S Corporate) provides overall Safety and Security corporate direction including objectives and policies. HQ Functional Authority for each modal oversight program (hereafter referred to as HQ) provides modal oversight program-specific direction including guidance (e.g., procedures, training) based on S&S Corporate direction. Each oversight program should have the necessary controls in place to ensure that the regions deliver the national program as designed. These controls should also include a function to conduct periodic risk-based quality assurance reviews. Region delivers the oversight programs based on requirements from HQ. Regions should also have the required controls to ensure they are delivering the program as designed. The following diagram depicts these three levels as well as their responsibilities and the bi-lateral flow of information between them.

Introduction 3 Audit of Oversight Management QMS framework/policy objectives, principles and guidelines are established and communicated to modes. Info. regarding performance and quality is reported back by the modes to enable continuous improvement. ADM S&S (Corporate Level) Modal specific quality objectives, standards and expectations are provided to programs and to regions. These are broken down by the type of oversight activity specific SOPs, tools, training, etc. Info. regarding performance and quality is reported back based on reporting, Quality Assurance (QA) and Quality Control (QC) activities. HQ Functional Authority - MODE 1 HQ Functional Authority - MODE 2 HQ Functional Authority - MODE 3 HQ Functional Authority MODE n Regions are responsible for delivery of programs in accordance with requirements and are responsible for supervisory/ Quality Control (QC) oversight. Info. regarding performance and quality is reported back through reporting and QC activities. Regional Delivery 1.2 AUDIT OBJECTIVES AND SCOPE Figure 2: Levels of QMS within Transport Canada Given the majority of Safety and Security resources are dedicated to oversight activities and these resources are distributed across five regions, there is inherently greater risk of inconsistent program delivery. As such, our assessment focused on this component. The objective of the audit was therefore to assess the design of the QMS for each of Safety and Security s oversight programs. The scope of the audit included all quality management related activities within S&S Corporate, HQ, and the Regions. The oversight programs from the TC Program Alignment Architecture (PAA) included in the audit were Civil Aviation, Marine Safety and Security, Rail Safety, Motor Vehicle Safety, and Aviation Security. The Transportation of Dangerous Goods oversight program was excluded since an internal audit had been recently completed that included a review of the design of its QMS. 1.3 AUDIT APPROACH AND ASSESSMENT CRITERIA During the planning phase, the audit team interviewed the Safety and Security ADM and the DGs and Directors of each oversight program, as well as Strategies and Programs Integration. We also conducted interviews with a broad sample of oversight program staff in the Ontario, Pacific, and Prairie and Northern regions (RDGs, RDs, Managers, Technical Team Leads, and Inspectors). We concluded early in the planning phase of the audit that Safety and Security does not have an overarching framework defining QMS at the S&S Corporate level, nor does it provide a model that sets out expectations for QMS in the various oversight programs. However, Safety and Security has implemented the Transport Canada Directive on Safety and Security Oversight (DOSSO) (effective April 4, 2014) that includes elements of a QMS. Although, the purpose of the DOSSO is to provide organizational direction for the design, development and delivery of

Introduction 4 Audit of Oversight Management oversight programs across all modes and regions, it does not address all elements of a mature QMS framework. In addition, Safety and Security is implementing a transformation agenda (Safety and Security Transformation 2020) which will focus on various initiatives related to the safety and security of the transportation system. Many of these planned initiatives, to be completed over the next several years, will have a direct impact on various elements of a fully functioning QMS framework. Due to the lack of a formal QMS framework and supporting guidance, Internal Audit conducted research to create a model of a mature and robust QMS framework relevant to TC s oversight programs. Defining the QMS Framework Through our research, the audit team developed a QMS expected practice framework based on the International Standards Organization (ISO) 9001:2008 standard as well as extensive conversations with Safety & Security. ISO 9001 defines QMS fundamental elements and it is the standard used by many organizations to implement QMS. Since it represents QMS in a manufacturing environment, we tailored and streamlined its criteria (expected practices) and descriptions to reflect Safety and Security s oversight program environment. We also developed examples of potential activities that would satisfy the requirements of these criteria. We then grouped these criteria into the following six QMS phases: 1. QMS Design and Development 2. QMS Implementation (at the S&S Corporate level) 3. Program Design and Development 4. Program Delivery 5. Program / Oversight Activity Continuous Improvement 6. QMS Continuous Improvement We also reviewed QMS-related documentation from the S&S Corporate, HQ, and Regional levels. This information, as well as the information gained from extensive consultations with HQ and regions, helped us to assess the design of each oversight program s QMS against our benchmark QMS expected practice framework. The assessment included assigning a rating for each QMS criteria (i.e. rating of 1 if met, rating of 0.5 if partially met, or rating of 0 if not met). We shared the assessment results with each oversight program for validation. Additionally, we assessed the DOSSO against the framework to determine its alignment with requirements of QMS and we validated our assessment with the DOSSO team.

Findings and Conclusion 5 Audit of Quality Management 2.0 FINDINGS Findings are grouped under two headings: Directive on Safety and Security Oversight and Safety and Security Transformation 2020 Initiatives. As previously described, Safety and Security has many initiatives underway to transform the way it manages its oversight programs. Since these initiatives are not yet completed, our observations highlight their status and certain gaps or challenges requiring attention or consideration. Furthermore, we have identified future audit work to provide assurance that the Department has a mature functioning QMS framework in place. 2.1 DIRECTIVE ON SAFETY AND SECURITY OVERSIGHT The results of our assessment of the DOSSO and oversight programs against the QMS expected practice framework are summarized in Appendix A. At the S&S Corporate level, DOSSO provides the necessary corporate direction for the design, development and delivery of oversight programs across all regions. While the DOSSO was not designed to be a QMS framework, it does provide many of the elements and sets expectations that can be used by the oversight programs when developing a QMS. The development and implementation of DOSSO is on going and since the audit began, Safety and Security has been considering ways to evolve the DOSSO as a stepping-stone towards establishing a QMS framework. Within the oversight programs, Civil Aviation and Rail Safety have the most defined and documented QMS with established QMS manuals and accompanying policies, procedures and staff instructions. Marine Safety and Security is currently taking steps to bolster their quality related activities into a more systematic QMS. Aviation Security has pockets of good practices around quality assurance that satisfy some of the requirements of a QMS but these practices differ greatly between the various program elements of Aviation Security. Motor Vehicle Safety is the program with the least structured QMS, which is understandable given its centralized operations and relatively small size compared to the other regionally delivered programs. 2.2 SAFETY AND SECURITY TRANSFORMATION 2020 INITIATIVES Safety and Security has many initiatives underway that will address many of the changes required to have a fully functioning QMS framework. It is clear that Safety and Security recognizes the changes required and is in the process of taking action, including developing a comprehensive overarching plan to manage and report on the initiatives. Presented below are key observations that Safety and Security should consider as it makes improvements to its existing QMS programs and practices. As well, we have highlighted specific areas where further audit work will be required to ascertain effectiveness of the stated improvement. Internal Audit will consider this audit work during the planning for the new threeyear departmental internal audit plan (for fiscal years 2015-16, 2016-17 and 2017-18).

Findings and Conclusion 6 Audit of Quality Management Project Management Work is underway to develop an overarching project management plan to manage and report on the various Safety and Security initiatives. The majority of the initiatives are multi-modal in nature with some modal specific projects. To help support successful implementation of these numerous and broad initiatives, Safety and Security recognizes the need for an overarching and comprehensive project and change management Master Plan in order to: define clear objectives and accountabilities; align projects and priorities to manage interdependencies; enable tracking, measuring and reporting progress; and support clear communication. As part of the implementation process, Internal Audit will review, on an ongoing basis, the framework and controls surrounding the improvement initiatives. This "real-time, continuous review" will provide senior management with the assurance that the framework is robust and meeting its objectives. Civil Aviation s QMS Through the QMS design assessment, it appears that Civil Aviation has addressed most of the criteria required for a QMS through its Integrated Management System (IMS). As a Follow-up Audit of Civil Aviation Oversight was already included in the current three-year internal audit plan, we will expand the audit scope to include an assessment of the adequacy and effectiveness of Civil Aviation s IMS to assess its operating effectiveness. This assessment will assist Safety and Security in considering QMS development and implementation in the other programs. Standard Operating Procedures As part of its DOSSO, Safety and Security is requiring the oversight programs to implement internal QA processes. Guidance and directions such as Standard Operating Procedures (SOPs) are a prerequisite for setting quality standards and assessing conformance. Currently, the SOPs of the various oversight programs have varying levels of quality, completion, and implementation. The Safety and Security Inspectorate must have clear and concise SOPs that are nationally consistent within oversight programs and meet a minimum standard across oversight programs with respect to format and level of detail. We plan to carry out further audit work to assess the adequacy and effectiveness of the existing and planned revisions to SOPs. This assessment will assist Safety and Security in ensuring its programs have SOPs that support accurate and consistent delivery of the oversight programs. It will also assist in the development and implementation of effective QA processes.

Findings and Conclusion 7 Audit of Quality Management Risk-Based Inspection/Audit Planning and Reporting The Safety and Security oversight programs develop and carry out annual national inspection 1 plans to support the planning and execution of inspections as well as tracking progress and reporting performance against those plans. However, we did not observe evidence of reporting to S&S Corporate on the quality or relevance of inspections. It appears the emphasis is ensuring that the regions complete the quantity of inspections indicated in the plans. An effective riskbased inspection/audit planning and reporting process that integrates business needs with operational needs is required across all oversight programs. It enables prioritization of program activities and allocation of resources based on risk. It also provides the basis for monitoring and reporting progress to senior management and supports timely decision making. The planning process should include activities such as risk assessments and review of previous inspection results and of changes in the industry. The reporting process should include the status of progress in completing inspections based on the plans as well as assurance that quality standards are being met. Given the Department s record of year-end surpluses and the fact that Safety and Security represents 60% of the Department s human resources, the integration of risk-based operational planning with business planning is critical to sound budgeting and resource allocation decisions. We plan to assess the adequacy and effectiveness of the risk-based inspection/audit planning and reporting approach across all oversight programs and we will identify best practices. The objective would also be to assess the type and utility of the information reported to Senior Management on progress against the inspection plans. Safety Management Systems/Security Management Systems Regulations require various stakeholders to implement either a Safety Management System (SMS) or Security Management System (SeMS). An SMS/SeMS is a set of management practices for systematically addressing safety/security risk within an organization, including the necessary corporate accountabilities, policies, and procedures. Through our consultations with Safety and Security, it appears that each oversight program currently has its own understanding and practices with respect to SMS/SeMS oversight and enforcement. A common understanding and approach of the requirements of SMS/SeMS regulations is necessary across and within all oversight programs to help ensure consistent program delivery. The S&S Transformation 2020 Project to develop a Transport Canada Strategic Framework for the Oversight of Safety Management Systems and Security Management Systems will provide the Department with a common narrative to internal and external stakeholders on why, how and where TC has chosen to use SMS/SeMS regulations to improve the safety and security of Canada s transportation system. It will inform the design and delivery of TC s SMS/SeMS related oversight activities, and it will guide decision-making around SMS/SeMS regulations for industry. 1 For the purposes of this report, the term inspection refers to any oversight activity (i.e. audits, surveillance, assessments, program validation inspections (PVIs), and process inspections).

Findings and Conclusion 8 Audit of Quality Management We plan on examining each of the oversight programs understanding and approaches related to oversight and enforcement activities for companies with SMS/SeMS in place. We will also determine whether the relationship between SMS/SeMS oversight activities and other risk control activities provides adequate oversight and optimization of resources. This will also include assessments by the Department's Evaluation Group on the effectiveness of SMS/SeMS activities. Staffing and Recruitment For the various oversight programs, TC generally recruits inspectors with extensive industry experience. We observed that this type of recruitment results in several challenges. Difficulties are often experienced in attracting industry personnel for various reasons such as wage gaps. Also, as these individuals usually transition to TC in the latter part of their careers, they have a relatively brief employment period and must be replaced. In order to minimize the challenges in recruiting and retaining inspectors, competencies should be reviewed and alternative approaches should be explored. We plan to assess the efficiency and effectiveness of staffing and recruitment strategies. This would include examining the current Safety and Security model for hiring inspectors as well as identifying best practices for recruitment and retention. Oversight Program Controls HQ functional management is responsible for developing and implementing various controls (e.g., SOPs, training, etc) for their respective oversight programs to follow in order to obtain a level of assurance that the regions are delivering national programs as designed and in a consistent manner. It appears that these required controls for the various oversight programs are not always in place or not working as intended, resulting in the risk of inconsistent program delivery. We plan to assess the adequacy and effectiveness of the oversight program controls to ensure the regions are delivering national programs as designed. This may include the review of the development, communication and use of SOPs, training, functional guidance, supervision, QC, and QA. System Architecture There are numerous information systems used by each of the oversight programs. Some of the challenges with the Safety and Security system architecture include inconsistent practices with respect to data entry and lack of alignment among systems resulting in duplication of work. Efficient system architecture allows for efficient entry and reporting of data that is accurate, complete, and useful. It also promotes sharing of data within and between oversight programs which helps address emerging risks. We plan to review the system architecture in the oversight programs to determine if data is being collected accurately, completely and efficiently. As well, we plan to also identify opportunities to

Findings and Conclusion 9 Audit of Quality Management either consolidate systems or ensure systems communicate with one another, within and across oversight programs. In addition, we will determine if plans are in place for examining how the transition to government-wide Finance (SAP) and HR (PeopleSoft) systems may impact existing safety and security operating systems. 3.0 CONCLUSION The results of our audit indicate that the Department lacks an overarching QMS framework. Inconsistencies and gaps with respect to QMS design within and between the oversight programs impedes the Department s ability to monitor and report on the effective delivery of its oversight programs. However, the many initiatives under Safety and Security Transformation 2020 will address the majority of these gaps. As well, Internal Audit has made several observations for Safety and Security s consideration as it moves forward with its initiatives to address its changing environment. We are confident that these initiatives will support the Department s efforts in managing its oversight programs.

Appendices 10 Audit of Quality Management Appendix A Assessment of DOSSO and the S&S Oversight Programs against the QMS Expected Practice Framework Marine Motor Civ il Rail Av iation QMS Phase Ex pected Practice Ex pected Practice Details Baseline DOSSO Safety & Vehicle Av iation Safety Security Security Safety 1. QMS Design and Dev elopment 1.01 Management Commitment Expected Practice Framew ork Assign responsibility to senior management to dev elop and implement the QMS and its continual improv ement, including the appointment of a senior management representativ e to ov ersee and report on the QMS performance and required improv ements. 1.02 Quality Policy Dev elop, communicate and maintain a Quality Policy that defines the ov erall quality intentions and directions within the organization and the commitment to continuous improvement. Assessment Results 1 0.5 1 1 0.5 0.5 0 1 1 0.5 1 1 0 0 2. QMS Implementation 3. Program Design and Dev elopment 4. Program Deliv ery 1.03 Quality Objectiv es Dev elop, communicate and maintain specific and measurable quality objectiv es that are consistent w ith 1 0 0.5 1 0.5 0.5 0 the Quality Policy. 1.04 QMS Manual Dev elop, communicate and maintain a QMS Manual that clearly defines the QMS scope/ex clusions, 1 0.5 1 1 0.5 0 0 responsibilities and authorities, processes and interrelationships. 1.05 QMS Documents & Dev elop, communicate and maintain procedures for the control and retention of QMS related documents 1 1 1 1 1 0.5 0 Records (e.g. QMS Manual, policies, procedures, SOPs, etc.) and supporting activ ity records (e.g. quality control approvals and review s, training records). 1.06 Stakeholder Focus Consider stakeholder requirements in program design and delivery. 1 1 1 0.5 0 0 0 1.07 Internal Communication Dev elop and implement processes to communicate QMS requirements, processes and performance 1 1 1 1 1 0 0 throughout all levels of the organization. 2.01 QMS Implementation Dev elop and carry -out a project plan for the implementation of the QMS in accordance w ith the Quality 1 0 1 1 1 0 0 Plan Policy, Objectiv es and Manual. 2.02 QMS Resources Determine and prov ide the resources needed to implement and maintain the QMS and to continually 1 0 1 1 1 0 0 improve its performance. 2.03 Employ ee Aw areness Ensure that personnel are aw are of the relev ance and importance of their activ ities and how they 1 0 1 0.5 0.5 0 0 contribute to the achievement of the quality objectives. 3.01 Program Design and Dev elop and implement procedures and controls ov er the design and dev elopment of new 1 0 1 0.5 0 0 0 Dev elopment Procedures programs/ov ersight activ ities. 3.02 Program Parameters Determine the parameters w ithin w hich the programs/ov ersight activ ities are to be dev eloped (e.g. 1 1 1 0.5 0 0 0 Transportation Regulations, MOUs, TBS Policies and Directives). 3.03 Prov ision of Operational Resources Determine and prov ide the resources needed to deliv er the programs/ov ersight activ ities. 1 1 1 1 0 0 0 3.04 Personnel Competencies Determine personnel competencies necessary to deliver the programs/oversight activities. 1 1 1 1 0.5 0.5 0 3.05 Design and Dev elopment Perform sy stematic rev iew s at suitable stages during design and dev elopment to ensure conformance 1 0 1 1 0 0 0 Rev iew w ith defined program parameters. 3.06 Design and Dev elopment Validate that the programs/ov ersight activ ities hav e been dev eloped in accordance w ith the design and 1 0.5 1 1 0 0 0 Validation dev elopment process and stated requirements. 4.01 Guidance, Information Prov ide the guidance (SOPs), information sy stems, equipment, technology and tools necessary for 1 1 1 1 1 1 0.5 Sy stems, Technology and Tools program deliv ery. 4.02 Resource Competency Ensure that personnel hav e the required competencies (e.g. education, training, skills and ex perience) 1 1 1 1 0 0 0 necessary for program deliv ery. 4.03 Provision of Training Provide training to meet required competencies. 1 1 1 1 1 0 0 4.04 Superv ision of Program/Ov ersight Activ ities Implement appropriate superv isory activ ities necessary to ensure the deliv ery of programs/ov ersight activities in accordance w ith requirements (including EPMs). 1 1 0.5 1 0 0 0 4.05 Program Exemptions Carry -out oversight activities in accordance with specific exemptions to rules or regulations. 1 1 1 0.5 0 1 0 4.06 Identification and Status Identify each program/oversight activity to be conducted and track progress. 1 1 1 1 0.5 1 0.5 5. Program/ Ov ersight Activ ity Continuous Improv ement 5.01 Monitoring and Continuously monitor and measure the program/ov ersight activ ity performance to ensure that deliv ery 1 1 1 1 1 0.5 0 Measurement is consistent w ith stated requirements. 5.02 Correctiv e Action Take correctiv e action to eliminate the causes of non-compliance by inspectors in order to prev ent 1 1 1 1 1 0.5 1 recurrence. 5.03 Preventative Action Implement appropriate controls to prevent non-compliance by inspectors before occurrence. 1 1 0 1 0 1 0 5.04 Employ ee Performance Management 5.05 Controls ov er issuance of permits in error Evaluate employee competencies against requirements and the effectiveness of training programs. 1 1 1 0.5 0.5 0 0 Controls and processes to deal w ith licenses, certifications, and permits that hav e been issued and later 1 0.5 1 1 0 1 0 found to not comply w ith stated requirements. 6. QMS Continuous Improv ement 6.01 Continuous Monitoring and Measurement 6.02 Periodic Rev iew / Audit by Senior Management Continuously monitor and measure the performance of the QMS and its ability to achiev e stated Quality Objectiv es. Initiate and ov ersee periodic rev iew s/audits on the effectiv eness and suitability of the QMS and related quality activities. 1 1 1 1 0.5 1 0 1 1 1 1 0.5 0 0 6.03 Stakeholder Input Incorporate stakeholder feedback on programs/ov ersight activ ities into rev iew s/audits and continuous 1 0.5 1 1 0 0 0 improv ement activ ities. 6.04 Continual Improv ement Continually improv e the effectiv eness of the QMS through the use of the Quality Policy, Quality 1 1 1 1 1 0 0 Objectiv es, rev iew /audit results, analy sis of data, correctiv e and prev entiv e actions, and management rev iew. 6.05 Update and Integrity Maintain the integrity of QMS when updates and changes are implemented. 1 0 1 1 1 0 0 Total 32 22.5 29.5 29 15 9 2 Key: 1=Met, 0.5=Partially met, 0=Not met

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback