Tag: auditing technology
The day when you’ll see the everyday things- from phones, cars and doors, to lights, refrigerators and washing machines, connected to the internet is not very far. In fact there are over 13.4 billion connected devices already and it is expected that the number of internet-connected devices will reach 50 billion by 2020.
In spite of becoming an integral part of personal lives, the IoT will also bring major paradigm shifts at every phase of businesses. Many companies have already started adopting IoT and to plan their business around it. There are only two options- either get ready to embrace this revolution and stay on top, or face the consequences.
The manufacturing business will have to bring major changes to be in the game, around software, data and connectivity mainly. According to Gartner’s 2015 overview of manufacturing industries, business intelligence and performance management are the top priorities of manufacturing sector and both these areas are heavily dependent on software and data gathering. Hence, Manufacturing is in the top list of industries looking to hire data and software experts.
The software everywhere helps make all devices programmable and narrows the gap between digital and physical. While software everywhere redefines the manufacturing industry, it also redefines the scope for audits, inspections and compliance because it brings with it new challenges. Let us see some of the challenges the Internet of Things will pose to audit, inspection or compliance sector in detail.
Challenges for auditors dealing with software everywhere
Auditing is not a walk in the park when it comes to organizations adopting new technologies and automating tasks with software everywhere. While the Internet of Things brings many rewards, it also poses serious risks, which if not carefully dealt with, can lead to organizational disasters.
Technologies move very fast and manufacturers are under pressure to keep pace. Each passing day there arise new laws to which the businesses, organizations, industries and agencies should conform. Most often, there might be less thought devoted to the risks associated with certain deployments of technologies in businesses, and the manufacturer, law bodies and compliance bodies may not be aware of all the risks. The IT departments are generally the ones bearing the brunt of the storm, with a variety of auditing issues, which if not managed properly can spoil the compliance and security of even the most ambitious organizations. One of the biggest challenges for them is to make sure that all the technology and software deployed adhere to multiple compliance standards. The internal auditors should stay abreast of the new IoT developments to foresee these risks and controls in their business.
While software everywhere will ensure quick, flexible, easy and smart business processes, such flexibility can also be a loophole to circumvent compliance requirements. For instance, a machine or a device can be programmed to identify that it is being inspected or audited, the software can recognize the test pattern and it can then generate results, which appear to be compliant to the audit. One way to overcome this problem is to adapt smart auditing strategies like those used by quality assurance professionals, who constantly deal with such issues. For instance, auditors could use heuristic based techniques, where audit design and execution are combined and the auditor explores the system to identify non-conformance to high-level heuristics.
Another key aspect to consider in the area of software, is regarding ownership. The Digital Millennium Copyright Act (DMCA) makes it unlawful for independent auditors to look at the code that runs on a machine, thus making it easier to conceal intentional wrongdoings. Unfortunately, this law can punish users and auditors who try to understand whether their software or system are compliant, or can be manipulated in a manner that it will endanger the consumers of the product manufactured by these systems. Another important challenge for audit regulators is the need for effective reporting to their stakeholders regarding audit performance, and the efficient conduct of audit inspections, which requires coordination among varied regulators and compliance with differing laws and regulations.
However, the good news is that, changes shall happen over the year 2016 that will make it possible for such business to conduct audits much efficiently, to check if they are compliant to legal norms like FDA or EPA norms and other good manufacturing practices.
Challenges for auditors dealing with large amounts of data
Increased use of computerized systems, smart manufacturing and decreased storage costs have led to generation of large amounts of data that are aggregated, coded and classified to enable good decision making. Auditors can derive value from this data and ensure that decisions made are based on solid, quality information that is trustworthy and relevant. This big data enables root cause analysis in cases where noncompliance or failure is detected, and can be used to provide a near complete picture of the system state at the point of failure. The availability of such valuable data can enable quicker corrective actions. Non-compliance issues detected years after the production can be safely traced back with retrospective auditions.
However, the unstructured nature of big data poses big challenge for the auditors. There need to be a good standard of managing the generation, classification and storage of data, for it to prove useful in auditing or inspecting activities. Data processing standards today do not cover the governance processes for management, storage and expiration of data. However, changes are expected in 2016 that will address the present state of big data with respect to the audit environments.
Challenges for auditors dealing with storage and ownership of data
Image courtesy: Cloud Lounge
In production environments, the data produced by the equipment and system used in production line are mostly stored in clouds. In the cloud, these data may be stored on storage devices that may not even be owned by the manufacturers who generate data, but will be owned by third party service providers, like analytic provider or storage service provider (like amazon). In such cases, it is not the manufacturer but the third party, who gets the ownership of these data. In fact, data may not be even stored in the same country. Such a 3rd party doctrine complicates the issue when confidential transitional data is stored by cloud server providers and this raises more issues like confidentiality and contract, availability of data for audits, and liability issues.
Challenges for auditors dealing with Connectivity
The Internet of Things (IoT) as we have all heard of has been around for quite a while and this year we saw a large number of connected devices flood the market. This is only going to increase and by 2020, we are expected to have over 50 billion connected devices. The Internet of Things is not just connected cars, cameras, and doors. IoT also extends to heavy machinery, to jet engines, oil drills and to connected devices and equipment in manufacturing and production, as well. As smart manufacturing gains momentum, more and more machines on the production lines are connected and online. Machines are connected to each other to exchange data, and to servers in the cloud to enable machine learning, monitoring, forecasting preventive maintenance, etc. This ensures cycle time reductions for corrective and preventive actions post audits. Remote monitoring and diagnostics can ensure that the product complies with the legal requirements. Connectivity can help conduct remote inspections eliminating the need for people to travel to the locations to get the audits done.
While connectivity brings the above advantages, it brings with it, its share of challenges as well. Poor security, for example on connected equipments can make systems vulnerable to hacking and systems can be compromised without the hackers having direct access to the systems. As a matter of fact, vulnerabilities in any connected device can compromise an entire system. The security of connected equipment will soon be an area of compliance for audits and inspections across industry segments. With time, it can even enable production to happen at the supplier’s end or the consumer’s end, rather than at the factory, which can further increase the risks for auditors and inspectors. They will have to take into consideration the entire chain of equipment that communicate with each other, and modify their audit strategies accordingly.
Everyone, who are in the business of audit and compliance are impacted by the IoT and by the fact that all the equipment we use are connected online, is programmable and is generating enormous amount of data. The auditors, inspectors and all of us in the audit and compliance field need to learn about the new skills and competencies pertaining to the software deployment, vulnerability detection and software compliance. The good news is that there are established practices in the software QA (quality assurance) industry, which can provide good reference points for those who wants to upgrade their skills. However, the hardest part is to change the mindset and culture among auditors and inspectors to adapt to this new paradigm of Software Everywhere. We need to move faster to adopt practices, processes, and new mindset and to learn new skills that will enable us to do a better job in auditing, compliance and inspections for devices that are connected, generate lots of data and are managed by software!
View this webinar on the ubiquity of software in the compliance industry, by Deepu Prakash, Head of Process and Technology Innovation at Fingent Corp:
Food safety- how much does this factor affect you while having food that are not made at home? Not much? Let’s see some facts then;
Centers for Disease Control and Prevention (CDC) estimates that every year, 48 million people (equal to one in every 6 Americans) get sick from the food they consume. Of that, 128,000 wind up in hospitals and close to 3,000 die!
Now you probably see the need for ensuring the safety and quality of food that you give your children. That is not all, if you are still sitting back and relaxing that the Government regulates the food safety through regular inspections and acts to make sure that the safest food reaches you, see some more figures below:
“To speak only of food inspections: the United States currently imports 80% of its seafood, 32% of its fruits and nuts, 13% of its vegetables, and 10% of its meat. In 2007, these arrived in 25,000 shipments a day from about 100 countries. The FDA was able to inspect about 1% of these shipments, down from 8% in 1992. In contrast, the USDA is able to inspect 16% of the food under its purview. By one assessment, the FDA has become so short-staffed that it would take the agency 1,900 years to inspect every foreign plant that exports food to the United States.”
― Marion Nestle, Pet Food Politics: The Chihuahua in the Coal Mine
As you can see, FDA has long been incapable of ensuring food safety standards for a vast number of food-processing facilities out there, shows the report. The overall number of FDA inspected facilities decreased from 17000 in 2004 to 15900 in 2009. In 2009 FDA contracted with 41 states to conduct inspections and about 59% of FDA’s inspections were carried out by them. Lack of enough personnel to carry out the investigations, ineffectiveness of the current systems, poor technology adoption in auditing, lack of proper software or applications that automate work etc. have contributed to this ineffectiveness. The report concludes that serious steps should be taken to ensure that contract inspections are effective and food given to citizens are safe. Yes, of course, but how can FDA fix this?
Business Process Automation
Will an increase in funding, or hiring and training more inspectors to carry out the inspections change the situation? Is it going to help in the long run? Maybe not. Surviving in the world of food business will need a lot of planning, intelligence, automation, attention to details and as many industry leaders say, a smart and latest auditing technology that reduces the overheads of manual processes and speeds up the processes efficiently through automation.
Auditing is indispensable to ensure the processes and procedures in food manufacturing, processing and transportation occur safely and correctly. Yet the system has long been inefficient in terms of accuracy and time management. In an era where technology permeates in skyrocketing speed in every aspect of business, the food companies should very well understand its capabilities and take maximum advantage of it. Technology should be applied to automate the regulation of quality and safety assurance programs to yield improved data accuracy, better time savings, corrective action tracking, reliable validation, real-time reporting, customizable data collection, and management. The amount of manual work going into inspections should decrease and technology should enable fast, easy and reliable food audits.
Any new food safety auditing technology should include the following basic features:
- The system should be able to standardize and centralize all food regulation records in a single place, so that it is easy to create, approve and distribute documents. Document/ record control must be made easy and convenient.
- Should manage internal and external food compliance audits including tasks like scheduling, reporting and corrective action follow-up.
- Should provide a flexible configurable platform to manage, define, track and report on changing business practices to support food safety.
- The audit trails should have facilities for electronic signatures to eliminate the inefficiencies of paper and pen based reporting systems.
- Transparency of supplier’s quality processes.
- The system should be able to integrate document systems for single/multiple locations, such that information needed is easily accessible to participants, anywhere, anytime.
- Should allow better visibility over activities and processes internally and externally.
- The system should be able to output different visual representations for data. For instance, numeric data collected by representatives should be made available in graphs or charts.
- Users should be able to see histories and data collected over a period of time to view the trends in the readings collected, enabling better decision making.
- Ability to collect pictures, videos and documents as evidence.
- Provision for responsibility assignment.
- Fast generation of automated reports and documents to demonstrate compliance.
- Ability to make any module mobile through mobile apps.
The benefits of using such auditing software are:
- It standardizes workflows into simple processes that repeat over time.
- Quality remains consistent and will improve the overall efficiency.
- All related information is available in a central place.
- No jobs or duties are left unattended or forgotten.
- Easy to assign responsibility at each stage.
- Increased integration and timely interaction helps for better collaboration between you and your suppliers.
It’s only when the entire industry streamlines its processes, and communicates via a streamlined, efficient and accurate technology can we expect a progress in the quality of food we consume outside. Our own product, Reachout allows authorities to create and manage the audit work orders and track the trends of audit compliance. It might be tough to change existing processes but the key to transition is selecting software that can be customized according to your unique auditing processes and needs. Choosing software which can easily integrate into the current processes and procedures without the need to make major revamps to existing systems will be ideal for a start. Talk to our experts to know what kind of software will work best for your business needs.
Image courtesy: Canadian Food Safety