Data Governance Charter

Document Sample
Data Governance Charter Powered By Docstoc
					Quality
Management
System

Policy Manual Volume 5
Version 1: February 2008
Document Information

Title of the Document: Quality Management System (Policy Manual Volume 2)
Date Last Ratified by the Management Committee: 23 February 2008
Version: Version 1: February 2008
Date of Printing: Tuesday, 18 January 2011
Location of digital file: \\Server\data\Organisational Policy & Governance
Charter\QDN Policy Development\Current QDN Organisational Policy\QDN Quality
Manual Version Nov06.doc



This Policy Manual forms one part of a series of 5 QDN Policy Manuals. The entire
set of QDN Policy Manuals includes:


      Management Committee Governance Charter - Policy Manual Volume 1
      Networking and Membership – Policy Manual Volume 2
      Financial Control & Human Resource Management – Policy Manual Volume 3
      Health & Safety: Bowen Hills Office – Policy Manual Volume 4
      Quality Management System – Policy Manual Volume 5


Any amendments to any Policy Manual Volume is to be instigated and noted in the
QDN Document Amendment Register utilizing the appropriate amendment form.
Note that this register is not maintained in a digital format. Refer to the Quality
Management System Policy Manual for more information.
  Organisational Policy                                                                                                    3



Contents
1.       Introduction ........................................................................................................ 6

  1.1 Definitions........................................................................................................... 6

  1.2 Limitations .......................................................................................................... 8

  1.3 Responsibility ..................................................................................................... 9

  1.4 List of documents associated with the Quality Management System ................. 9

2. Quality Management System ................................................................................ 11

  2.1 Background ...................................................................................................... 11

  2.2 Quality Policy Statement .................................................................................. 11

  2.3 Quality Objectives ............................................................................................ 12

  2.4 Strategic Planning Process .............................................................................. 12

  2.5 Quality Management System Process.............................................................. 12

  The Quality Management system flow chart........................................................... 14

     2.5.4 Review, Analysis and Improvement............................................................ 16

3 Reviewing the Quality Management System .......................................................... 17

  3.1 Management Review ........................................................................................ 17

4 Internal Audit .......................................................................................................... 18

  4.1 Purpose ............................................................................................................ 18

  4.2 Scope ............................................................................................................... 18

  4.3 Associated Documents ..................................................................................... 18

  4.4 Procedure ......................................................................................................... 18

     4.4.1 Audit Schedule ........................................................................................... 18

     4.4.2 Audit Resources ......................................................................................... 18

QDN Policy Manual Volume 5                                                                   Version 1: February 2008
  Organisational Policy                                                                                                    4


     4.4.3 Preparation for Audits ................................................................................. 19

     4.4.4 Conducting the Audit .................................................................................. 19

     4.4.5        Audit Report ........................................................................................... 19

     4.4.6        Management Committee Actions ........................................................... 20

     4.4.7 Audit Records ............................................................................................. 20

  4.6 Review.............................................................................................................. 20

5 Controlling Nonconformities – What we do when activities arise that were not
planned. .................................................................................................................... 21

  5.1 Purpose ............................................................................................................ 21

  5.2 Scope ............................................................................................................... 21

  5.3 Procedure ......................................................................................................... 21

     5.3.1 Identify ........................................................................................................ 21

     5.3.2 Rectify ........................................................................................................ 21

     5.3.3 Eliminating the cause of the nonconformity ................................................ 22

     5.3.4 Recording ................................................................................................... 22

6. Preventing Nonconformities – Risk Management.................................................. 23

  6.1 Purpose ............................................................................................................ 23

  6.2 Scope ............................................................................................................... 23

  6.3 Procedure ......................................................................................................... 23

     6.3.1 Overview .................................................................................................... 23

     6.3.2 The risk management process ................................................................... 24

     6.3.3 Risk identification ....................................................................................... 24

     6.3.4 Risk rating .................................................................................................. 25

     6.3.5 Risk controls ............................................................................................... 28

QDN Policy Manual Volume 5                                                                   Version 1: February 2008
 Organisational Policy                                                                                                   5


     6.3.6 Risk monitoring and reporting ..................................................................... 28

7 Control of Documents and Records ....................................................................... 30

  7.1 Purpose ............................................................................................................ 30

  7.2 Scope ............................................................................................................... 30

  7.3 Custody & Control Of Documents & Records ................................................... 31

     7.3.1 Responsibility ............................................................................................. 31

     7.3.2 Policy Documents ....................................................................................... 32

     7.3.3 Forms ......................................................................................................... 32

  7.4 Access, Filing And Storage .............................................................................. 32

  7.5 Disposal............................................................................................................ 33

  7.6 Approval and Amendment Of QDN Documents ............................................... 33

  7.7 Withdrawal Of QDN Documents ....................................................................... 34

  7.8 Controlling External Documents ....................................................................... 34

  7.9 Formatting QDN Documents ............................................................................ 34

8. Amendments to this Manual .................................................................................. 36




QDN Policy Manual Volume 5                                                                  Version 1: February 2008
 Organisational Policy                                                              6




  1. Introduction
This Policy Manual Volume titled “Quality Management System” outlines QDN’s
quality processes and commitment to comply with requirements and continually
improve the effectiveness of the quality management system. It has been designed
and based upon the ISO 9001:2000 Quality Management System. This manual is
continually evolving and aims to maintain QDN’s focus on being a network that is
underpinned by sound values and pertinent quality measures to ensure these values
are reflected in all we do.

Where relevant this manual will refer to the other Policy Manual Volumes or
associated documentation.

QDN has aligned and overlaid its Quality Management System with the
organisation’s already existent Strategic Planning Processes. These process predate
the existence of the Quality Management System and hence provided the opportune
platform on which to build QDN’s Quality Management System. For the sake of
consistency and understanding, some terms and jargon established by ISO
9001:2000 and hence adopted in this quality management system manual, will have
a similar meaning as terms and jargon used in QDN’s Strategic Planning Process. As
best as possible, these terms will be defined and linked in the Definitions section of
this manual. In other Policy Manuals the pre-existing terminology will be maintained.




1.1 DEFINITIONS
Close out an audit: The time when all recommendations from an audit have been
actioned and finalised. For example, internal audits are closed out with the
president’s signature on the Internal Audit Schedule after the Internal Audit Report is
accepted by the Management Committee and all improvements and amendments
have been made.

Customer: The members of QDN. In particular, it is the members of the association.
We see that there are 3 general levels of membership involvement: 1. Info only -

QDN Policy Manual Volume 5                                     Version 1: February 2008
 Organisational Policy                                                                7

members who only receive information and not known to be actively involved in the
network’s activities. 2. Involved in a limited way – members who attend QDN events
and join in discussions, but not involved in planning activities. 3. Highly involved in
QDN – members who are highly involved in the planning of QDN activities for
example, management committee members, local area contacts and QDN reps.

Major Nonconformance: Activities occurring that a are contrary to the requirements
of the Policy Manuals or the Strategic and Operational Plans and is either:

      The absence or total breakdown of a system to meet the ISO 9001:2000
       requirement.

      A number of minor nonconformities against one requirement can represent a
       total breakdown of the system and thus be considered a major nonconformity.

      Any noncompliance that would result in the probable shipment of
       nonconforming product.

      A condition that may result in the failure or materially reduce the usability of
       the products or services for their intended purpose.

      A noncompliance that judgment and experience indicate is likely either to
       result in the failure of the quality system or to materially reduce its ability to
       assure controlled processes or products.

Minor Nonconformance: nonconformance that is not of the severity indicated by the
definition of major nonconformances, above, but which must be actioned.

Nonconformity: Activities occurring that are contrary to the requirements of the
Policy Manuals or the Strategic and Operational Plans or ISO 9001:2000.

Product: Activities that we undertake to support our members at QDN to establish a
network of and by people with disability. This may include mentoring, distribution of
information such as our eBulletins and position papers, supporting local activities with
limited financial resources and linking members together.

Product Planning: The planning QDN undertakes to identify how we will achieve the
product. This is defined as the Strategic Planning and Operational Planning process.

Product Realisation: Implementing and adhering to our Operational Plan and
working with our members to achieve the goals of the association. This is the core


QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                                   8

activity of QDN, that is the process of working with our members to find how we can
support them in their actions and assist them to carry these actions out.

Quality Objectives: What the Quality Management System is attempting to achieve.
These objectives are the same as the Strategic Plan goals. Refer to Policy Manual
Volume 1 for additional Information on the Strategic Plan.

Strategic Planning: A process used by QDN to set the goals of the organisation
every 5 years.

Top Management: The Management Committee and Network Coordinator.




1.2 LIMITATIONS
One of the failings of modern government in their rationalisation of the Community
Sector has been their lack of understanding that this sector is not comparable to the
Business Sector, nor is it easily open to cooption into business models or ideology.
Generally speaking, QDN has seen that those community services who have
attempted this transition have lead to delivering less flexible and person centred
services. QDN is very mindful of this and wishes to avoid this “pitfall” at all costs.

Consequently, we must outline upfront what we perceive to be the limitations of
implementing a Quality Management System in our organisation. This is indeed not a
fault of the process of Quality Management as defined by ISO 9001:2000, but more
the reality of a community driven model of social participation, which ironically, only
exists via its dependence on formalised government funding and as such is now
faced with the reality of the above mentioned, “rationalisation”.

With regards to this Manual, QDN has identified three limitations which may affect the
way this Quality Management System is implemented:

      The “customers” of QDN are the people who “own” QDN. As an Incorporated
       Association, QDN is owned by its members collectively. The members then
       delegate the management of the association to the Management Committee.
       Consequently, their status as “customers” is not truly typical to that of the
       commercial model. QDN members do not see themselves as “customers” who
       may be ordering a “product” of some description, but part of a collective of
       people with disability acting for positive social change.


QDN Policy Manual Volume 5                                          Version 1: February 2008
 Organisational Policy                                                               9


      There is no tangible “product”. Following on from the previous point, QDN
       sees that another limitation lies in the fact that as a collective of people with
       disability we do not offer “customers” a tangible “product” as such. In our eyes
       it is more about building relationships with our members via our vast network
       and supporting their actions. Whilst it is this activity which we will define as
       being the “product” QDN offers for the purpose of the Quality Management
       System, we must be mindful that it is not a “product” that is paid for by the
       “customer” nor a “product” that we are obliged to provide to all members. This
       is a reality brought about by the limited funding QDN receives from
       government.

      QDN to a certain degree cannot control the resources to ensure satisfaction of
       QDN’s “product”. As government funding is the only major source available to
       QDN to generate the resources required to produce the “product” QDN is
       offering, QDN is not able to ensure adequate supply of this “product” to meet
       the needs of our “customers”, who as described above are the members and
       owners of QDN. This will no doubt have a great bearing on “customer”
       satisfaction and possibly the quality of the “product”.



1.3 RESPONSIBILITY
Whist the overall responsibility of ensuring the processes needed for the Quality
Management System are established, planned, implemented, reviewed and
maintained lies with the Management Committee of QDN, the day to day operational
responsibility of the Quality Management System including the establishment,
implementation and maintenance, lies with the Network Coordinator. This role will
also include reporting the performance of the Quality Management System to the
Management Committee, and the promotion of it with our members and network.



1.4 LIST OF DOCUMENTS ASSOCIATED WITH THE
QUALITY MANAGEMENT SYSTEM
Following is a list of all documents and registers that are associated with the
maintenance, implementation and improvement of the Quality Management System.

      Quality Management System Review and Continuous Improvement Register

      Quality Management System Review and Continuous Improvement Form

QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                 10

     Document Amendment Register

     Document Amendment Form

     QDN Values Checklist Register

     QDN Values Checklist

     Internal Audit Register

     Internal Audit Checklist

     Internal Audit Report Form

     Internal Audit Schedule

     Nonconformity Recognition and Action Register

     Nonconformity Recognition and Action Form

     Risk Register

     Risk Register Form




QDN Policy Manual Volume 5                            Version 1: February 2008
 Organisational Policy                                                               11




2. Quality Management System
2.1 BACKGROUND
QDN has for several years been developing an improving its processes of
governance, decision making and strategic and operational planning. The
implementation of this Quality Management System will give QDN the opportunity to
ensure that the strategic planning process is done in a way that is monitored and
conforms to ISO 9001: 2000 standards.

Product Realisation Planning in the QDN context is about our Strategic Planning
Process. The introduction of the Quality Management System has allowed QDN to
overlay the two processes ensuring, ongoing monitoring, feedback and continuous
improvement.



2.2 QUALITY POLICY STATEMENT

Our aim is to provide a voice for people with disability in Queensland, through the
implementation of strategies which consistently meet the immediate and imminent
needs of our members. To this end, QDN is committed to developing and
maintaining processes that reflect the proficiency of QDN to our members, the public,
and external auditing bodies.

Achievement of this policy involves all staff and committee members taking individual
responsibility for the quality of their work, resulting in a continuously improving work
environment for all.

Within this Policy we are committed to operating our organisation under the
disciplines and control of a Quality Management System conforming to the
International Standard IS0 9001:2000.

QDN is committed to the continual promotion of our Quality Management System and
the need for members to be actively involved in it via our various means of
communication, such as the QDN website, eBulletins, public displays and network
development activities.




QDN Policy Manual Volume 5                                        Version 1: February 2008
 Organisational Policy                                                              12


2.3 QUALITY OBJECTIVES

QDN’s Quality Objectives reflect the QDN Strategic Planning Process. They will be
reviewed as part of the 5 year Strategic Planning Process, with progress reviews
taking place within our 12 month review cycle.

Goal 1.      Build a strong vibrant network by, for and with people with disability

Goal 2.      Support collective action to improve the lives of people with disability

Goal 3.      Share relevant information and knowledge in appropriate formats

Goal 4.      Be an effective and accountable organisation that reflects our values in
             all we do.




2.4 STRATEGIC PLANNING PROCESS
Refer to the Quality Policy Volume 1 section 3.2 for this process.




2.5 QUALITY M AN AGEMENT SYSTEM PROCESS
Following are two diagrams – the Quality Management System and the Strategic
Planning Cycle. As already highlighted the Quality Management System has been
built upon the Strategic Planning Cycle.

The Quality Management System flow chart diagram consists of two key parts: the
Quality Management System cycle and the corresponding Strategic Planning Cycle.
The Quality Management System is represented as an outer cyclic flow chart made
up of 4 parts being Management Responsibility; Resource Management; Product
Realisation or Activities to meet our members needs; and Review, analysis and
Improvement.

The inner core of the diagram is the Strategic Planning Cycle. Refer to Section 3.2 of
the Management Committee Governance Charter for more information of the
Strategic Planning Cycle. The corresponding elements of the two processes align as
follows:

      Management Responsibility (QMS) : Priorities Setting (SPC)

QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                       13


     Resource Management (QMS) : Development of the Operational Plan and
      Budget (SPC)

     Product Realisation – Activities to meet our members needs (QMS) : Doing
      and maintaining the work (SPC)

     Review, analysis & improvement (QMS) : Network Review (SPC)




QDN Policy Manual Volume 5                                 Version 1: February 2008
 Organisational Policy                                                14




THE QUALI TY M AN AGEMENT SYSTEM FLOW CHART

                             The Quality Management System is
                             complementary to the Strategic Planning
                             Cycle. Refer to Section 3.2 of the
                             Management Committee Governance
                             Charter for more information of the Strategic
                             Planning Cycle.




QDN Policy Manual Volume 5                         Version 1: February 2008
 Organisational Policy                                                              15




2.5.1 Management Responsibility
This stage in the QMS is about the responsibility the Management Committee and
staff will take in planning, resourcing, implementing and reviewing the Quality
Management System. It is essential that planning for the Quality Management
System occur at the same time as the Strategic Planning so that budget
considerations can be taken into account.



2.5.2 Resource Management
Once a plan has been established the organisation needs to assess what resources
are required to implement that plan. This will include an operational budget to
undertake such things as reviews, staff recruitment and training, maintenance of a
healthy workplace and any thing else that is required in undertaking our operations.

The organisation will also invest time and resources into establishing and maintaining
documented processes designed to effectively and efficiently manage these various
elements. In essence these documents form the five policy manuals.



2.5.3 Product Realisation – Activities to meet our members needs.
This phase in the Quality Management System is about QDN doing what we do. It is
about implementing and adhering to our Operational Plan and working with our
members to achieve the goals of the association. This is were QDN networks with
our members to find how we can support them in their actions and assist them to
carry these actions out. We will document the planning behind how we support our
members.

As we do this we shall periodically review this support with our members to ensure it
is what they require and meeting their needs. Such reviews or validation will also
highlight QDN’s limitations and act to define what QDN is able to do and what it is
not. This clarity, it is hoped, will offer members a sense of the realistic expectations
they can anticipate from QDN’s involvement.

In going about the process of undertaking our activities we will ensure that resources
are used effectively.




QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                               16

2.5.4 Review, Analysis and Improvement.
The final phase of the Quality Management System is about how we review and
improve our work at QDN. At no less than twelve monthly, we will review our Quality
Management System to ensure it is doing what it is planned to do and is being
maintained.

Additionally, QDN will always be aware that the activities of the organisation stay
within the defined and agreed plans: ie the Operational and Strategic Plans. A
procedure will be established to address activities that fall outside of these plans (in
the language of Quality Management such activities are called nonconformities).




QDN Policy Manual Volume 5                                        Version 1: February 2008
 Organisational Policy                                                          17


3 Reviewing the Quality
Management System
3.1 MAN AGEMENT REVIEW
The Management Committee is responsible for the ongoing review of the Quality
Management System.

This review process shall be conducted and minuted at a Management Committee
Meeting, with a frequency of no less than 12 months. The Network Coordinator will
be responsible for running the review meeting and providing the necessary
information for the Management Committee to conduct the review. It will draw upon
all available information concerning the Quality Management System, such as
Internal Audit Reports, results of previous reviews and improvement strategies and
so on.

The Management Committee will clearly make any recommendations for
improvement to the Quality Management System and these will be recorded in the
Quality Management System Review and Continuous Improvement Register.




QDN Policy Manual Volume 5                                    Version 1: February 2008
 Organisational Policy                                                          18


4 Internal Audit
4.1 PURPOSE
The Management Committee is responsible for undertaking an internal audit of
QDN’s Quality Management System. The purpose of the internal audit is to
determine whether the Quality Management System conforms to the Strategic and
Operational Plan, to the requirements of the International Standard and to the
requirements set out by this Manual.




4.2 SCOPE
This procedure only extends to process and activities covered under QDN’s Quality
Management System.




4 . 3 AS S O C I AT E D D O C U M E N T S
      Internal Audit Register

      Internal Audit Checklist

      Internal Audit Report Form

      Internal Audit Schedule

      Quality Management System Review and Continuous Improvement Register.

      Nonconformity Recognition and Action Register

4.4 PROCEDURE
4.4.1 Audit Schedule
The Network Coordinator shall prepare an Audit Schedule prior to the start of each
financial year and may further revise the annual schedule to meet additional audit
requirements on a progressive basis.

4.4.2 Audit Resources
The Management Committee shall ensure that internal auditors assigned to audits
are independent of the process being audited and have the appropriate skills to
conduct such audits.

QDN Policy Manual Volume 5                                   Version 1: February 2008
 Organisational Policy                                                             19


Where external auditors are appointed to conduct audits the Management Committee
shall ensure that selected auditors are appropriately qualified and have experience to
conduct such audits.

4.4.3 Preparation for Audits
The Network Coordinator shall prepare the scope of each audit. The auditor
appointed to undertake the audit in collaboration with the Network coordinator shall
prepare an Audit Checklist .

An Internal Audit Report Form shall be completed for each Internal Audit and all
documentation related to the audit (eg: completed Audit Checklist) shall be attached
to this form and filed in the Internal Audit Register.

All employees responsible for the area to be audited shall be informed of the
impending audit at least seven days in advance of the audit.

Where information or documentation is required to be made available to the auditor
at the commencement of the audit the relevant employee shall arrange for such
items to be made available.

4.4.4 Conducting the Audit
Audits shall be conducted in such a manner as to cause minimum disruption to the
normal operation of the organisation.

The auditor shall at the commencement of an audit brief the person responsible for
the area being audited on the scope of the audit and any special requirements such
as the close out of non-conformances from previous audits.

The auditor shall progress through the Internal Audit Checklist addressing each of
the items. The auditor shall record observations on the Internal Audit Checklist and
where necessary note nonconformities for items requiring attention in the
Nonconformity Recognition and Action Register. Any nonconformance requiring
urgent action shall be brought to the attention of the Network Coordinator.

4.4.5 Audit Report
Within one week of completing the internal audit program, the auditor prepares a
brief internal audit report (Internal Audit Report Form) and submits it to the Network
Coordinator for review and approval. The audit report includes the audit's scope, the
names and titles of the audit team members, a summary of general observations
(i.e., general degree of compliance and any significant problems encountered), all
identified nonconformities, weaknesses, and/or opportunities for improvement.


QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                          20


The Network Coordinator reviews and approves the Internal Audit Report Form, and
then tables the report with the Management Committee.

The Network Coordinator notes any opportunities for improvements to be made in
the Quality Management System Review and Continuous Improvement Register.

4.4.6 Management Committee Actions
The Management Committee shall record the status of the audit on the Internal Audit
Schedule, review audit findings and completed action items, and assign responsibility
or take other appropriate action for outstanding action items.

A record of all approved corrective actions shall be recorded and retained on the
audit file as well as noted in the Quality Management System Review and
Continuous Improvement Register. Outstanding corrective actions shall be reviewed
at each Management Committee Quality Management System Review meeting, until
such items are closed out.

4.4.7 Audit Records
Audit records shall be retained in accordance with the organisations document and
record systems.




4.6 REVIEW
Any suggested improvements or modifications to this procedure are to be passed on
to the Management Committee for discussion at the next Quarterly Quality Review
Meeting.




QDN Policy Manual Volume 5                                    Version 1: February 2008
 Organisational Policy                                                                21


5 Controlling Nonconformities

5.1 PURPOSE
This section will outline what QDN will do when it recognises that there are activities
occurring that are not sanctioned by the Policy Manuals or the Strategic and
Operational Plans – this would constitute a nonconformity.




5.2 SCOPE
This procedure only extends to process and activities covered under QDN’s Policy
Manuals, Strategic Plan and Operational Plans.




5.3 PROCEDURE
This procedure will outline the process that QDN uses to identify, rectify and
eliminate the cause of nonconformities.

5.3.1 Identify
Unauthorised activities can take various forms, for example, members who speak
publically without the appropriate approval or failure to complete a process essential
to the organisations operations. This information may come to the attention of the
Management Committee via a variety of methods, such as a formal complaint, public
record of an unauthorised event, internal audit via the Quality Management System
or as a result of planning reviews at QDN.

Once the Management Committee has identified that an issue has arisen then action
needs to be taken to rectify the situation. The first step of this action is documenting
the nonconformity. This is done with the use of a Nonconformity Recognition and
Action Register.

5.3.2 Rectify
Once a clear picture of the nonconformity is established, the Management
Committee or Network Coordinator must takes steps to rectify the issue. This will
vary depending on the situation and could involve such things as requesting the
member to cease their unauthorised activities, issuing a public statement either
distancing or aligning QDN with the activities, or in the case of an administrative
QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                             22


nonconformity, identifying and undertaking the appropriate action that is required to
rectify the situation.

5.3.3 Eliminating the cause of the nonconformity
After the nonconformity has been rectified, the Network Coordinator will explore how
the nonconformity arose and what steps need to be taken to prevent the event
occurring again. Recommendations will be put to the Management Committee for
ratification. The resultant ratified actions will be noted in the Nonconformity
Recognition and Action Register.

5.3.4 Recording
Records about nonconformities will be kept by QDN. A Nonconformity Recognition
and Action Register will be established to document information about a
nonconformity. This information will include the nature of the nonconformity, how it
arose, what action is taken to rectify the nonconformity, and what action is taken to
eliminate the cause of the nonconformity.




QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                             23


6. Preventing Nonconformities –
Risk Management
6.1 PURPOSE
This section outlines the procedure QDN will use to predict and prevent possible
nonconformities – this is a process defined as Risk Management.




6.2 SCOPE
This procedure only extends to process and activities covered under QDN’s Policy
Manuals, Strategic Plan and Operational Plans.




6.3 PROCEDURE
6.3.1 Overview
QDN’s process of risk management and internal compliance and control includes:

• Identifying and assessing significant risks that might impact upon the achievement
of the organisation’s Strategic and Operational Plans and operations as defined in
QDN’s Policy Manuals.

• Developing risk management strategies to manage identified risks, and designing
and implementing appropriate risk management policies and procedures.

• Monitoring the performance and improving the effectiveness of risk management
procedures.

In particular, procedures are in places that are directed towards achieving the
following objectives:

• Effectiveness and efficiency in the use of the organisation’s resources. QDN
adheres to a rigorous and detailed budgetary and reporting procedure that effectively
monitors deviations in budgeted revenues, costs and capital expenditures.
Procedures are established for the protection of the organisation’s assets and
records from breaches of security, fire and breakdown.




QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                             24


• Compliance with applicable laws and regulations. QDN has a range of procedures
to minimise risks in areas of occupational health and safety, internal and external
fraud, trade practices and environment.

• Preparation of reliable published financial information. QDN’s accounting
procedures and internal and external audit programmes are designed to produce
accurate financial and operating reporting.

The Management Committee oversees an annual assessment of the effectiveness of
risk management and internal compliance and control.

6.3.2 The risk management process
QDN will utilise a risk management process that consists of the following key stages:

Risk identification: Identifying all reasonably foreseeable risks associated with its
activities.

Risk rating: Quantifying those risks (residually – ie after control strategies have been
put in place) using the criteria detailed in this procedure.

Risk controls: Assessing the risk, identifying options to treat risks and developing
controls to mange the risk.


Risk monitoring and reporting: Reporting risk management activities and risk
specific information to the Management Committee.

6.3.3 Risk identification
A key mechanism for the identification of risks at QDN is the development and
maintenance of the Risk Register.

The Risk Register identifies the key strategic risks that may potentially prevent QDN
from achieving its Strategic and Operational Plans and operations as defined in
QDN’s Policy Manuals. The register outlines the key risks, risk rating and controls
currently in place to manage the risk.

Risks may also be added to the Risk Register on a periodic basis throughout the
year.

All new initiatives undertaken by QDN, such as one off project work, will require a risk
assessment as part of the project development phase.

An updated Risk Register will be reported to the Management Committee by the
Network Coordinator on an annual basis.
QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                                25

6.3.4 Risk rating
Risks will be assessed and rated in terms of the potential consequence of the risk
and the likelihood of the risk occurring. This assessment should include consideration
of the controls in place to mitigate those risks. A standard and uniform approach and
rating scales are necessary in order to be able to correctly prioritise risk management
activities within QDN. This approach is as follows:

STEP ONE

Estimate the potential consequences in terms of the severity of harm should an
incident occur without the risk controls being in place for this task or process.

In determining the risk level, rate the consequences based on the most probable or
likely consequences/outcome of exposure, but when performing high risk activities be
mindful of the worst case scenario of exposure to the hazard.

Table 6.1 Consequences level

Level                        Descriptor

1 Insignificant                    Injuries not requiring first aid

                                   Little financial loss. $0 - $400 *

2 Minor                            First aid required.

                                   Financial loss $400 - $1000*

3 Moderate                         Medical treatment required.

                                   QDN’s image is tarnished within the network itself,
                                    but not without.

                                   Financial loss $1000 - $5000*

4 Major                            Extensive or multiple injuries. Hospitalisation
                                    required. Permanent severe health effects.

                                   QDN’s image is tarnished within the disability
                                    sector. Funding body responds to incident, but no
                                    action taken.

                                   Financial loss $5000 - $10000*


QDN Policy Manual Volume 5                                         Version 1: February 2008
 Organisational Policy                                                             26


5 Severe                          Death of one or more people.

                                  QDN’s image is tarnished in the broad public.
                                   Funding body responds to incident resulting in
                                   action being taken including the loss of funding.

                                  Financial loss greater than $10000*

* Financial loss includes direct costs eg workers compensation and property damage
and indirect costs, eg impact of loss of data and accident investigation time.




STEP TWO

Estimate the most probable likelihood of the above consequences occurring should
an incident occur in the event of exposure to the hazard.

Table 6.2 Likelihood level

Level      Descriptor         Description

A          Almost certain     The event is expected to occur in most circumstances.
                              eg. common or repetitive occurrence at QDN

B          Likely             The event will probably occur in most
                              circumstances.eg. known history of occurrence at
                              QDN

C          Possible           The event could occur at some time. eg. history of
                              single occurrence at QDN

D          Unlikely            The event is not likely to occur in normal
                              circumstances.

E           Rare              The event may occur only in exceptional
                              circumstances




STEP THREE

Estimate the overall risk using Table 6.3 below for each hazard that would be present
during the task or process from combining the individual rankings for likelihood and
QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                                    27


consequences for each hazard that has already calculated above. Prioritise all the
assessed risks in order of significance and focus first on those with the highest risk
level in terms of determining the risk control measures and their importance in
managing the risks.

Table 6.3 Overall Risk Rating

Likelihood       Consequences level
level
                 1(insignificant) 2 (minor)       3 (moderate)      4 (major)      5 (severe)

A (almost        Moderate            High         High              Extreme        Extreme
certain)

B (likely)       Moderate            Moderate     High              High           Extreme

C (possible)     Low                 Moderate     High              High           Extreme

D (unlikely)     Low                 Low          Moderate          Moderate       High

E (rare)         Low                 Low          Moderate          Moderate       High




STEP FOUR

Determine what action is required as result of the overall risk rating for each hazard.

Review risk controls if risk level arising from the initial estimate is not low.

Table 6.4 Recommended Action Guide

Abbrev Action          Descriptor
       Level

E          Extreme     The proposed task or process activity MUST NOT proceed until
                       the Management Committee has reviewed the task or process
                       design and risk controls. They must take steps to firstly eliminate
                       the risk and if this is not possible to introduce measures to
                       control the risk by reducing the level of risk to the lowest level
                       achievable . In the case of an existing hazard that is identified,
                       controls must be put in place immediately.



QDN Policy Manual Volume 5                                          Version 1: February 2008
    Organisational Policy                                                              28


H          High           Urgent action is required to eliminate or reduce the foreseeable
                          risk arising from the task or process. The Management
                          Committee must be made aware of the hazard. However, the
                          Management Committee may give special permission for staff to
                          undertake some high risk activities provided that system of work
                          is clearly documented, specific training has been given in the
                          required procedure and an adequate review of the task and risk
                          controls has been undertaken. This may include providing risk
                          controls identified in Legislation, Australian Standards, Codes of
                          Practice etc.

M          Moderate Action to eliminate or reduce the risk is required within a
                    specified period. The Management Committee should approve
                    all moderate risk tasks or process activities.

L          Low            Manage by routine procedures.



6.3.5 Risk controls
Options for treating each risk will be identified.

The following options may be used for treating risks and will be determined in the
light of risk assessment:

        avoid the risk

        mitigate the risk

        transfer the risk, and

        accept the risk

Risk mitigation, or risk treatment, involves putting in place controls to reduce the level
of residual risk to a level that is considered acceptable by the Management
Committee.

Risk controls will be developed for all risks that are rated residually as Extreme, High
or Moderate, and these will be documented in the Risk Register.

6.3.6 Risk monitoring and reporting
All risks will be reported annually to the Management Committee by the Network
Coordinator.

QDN Policy Manual Volume 5                                          Version 1: February 2008
 Organisational Policy                                                     29


The Management Committee will also receive quarterly reports on the management
of risk control issues, including any new areas of risk.




QDN Policy Manual Volume 5                                Version 1: February 2008
 Organisational Policy                                                              30


7 Control of Documents and
Records
7.1 PURPOSE
This procedure is to record how QDN Policy Manual and associated documents and
records are controlled to ensure that they are traceable for content and currency. The
purpose of this procedure is to define the controls required:

a) to approve documents for adequacy prior to issue

b) to review and update as necessary and re-approve documents

c) to ensure that the current revision status of documents are identified

d) to ensure that relevant versions of applicable documents are available to members

e) to prevent the unintended use of obsolete documents, and to apply suitable
identification to them if they are retained for any purpose.

f)to define the records necessary for the effective operation of the organisation and
the storage and access mechanisms for these records.




7.2 SCOPE
This procedure applies to all QDN Policy Manuals and associated documents and
records.

Records include the following:
ISO Ref      Record

5.6.1         Management Committee minutes, Networking Review Workshop
              minutes, Strategic Planning evaluation minutes.

6.2.2         Records of education, training, skills and experience of staff.

7.1           Evidence that the Strategic Planning processes fulfil requirements.

7.2.2         Records of sales activities.

7.4.1         Results of supplier evaluations and any actions arising.

QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                                 31


7.5.3           Records regarding keeping track of QDN projects.

7.5.4           Members property including their personal details and records should it
                be lost, damaged or otherwise found to be unsuitable.

8.2.2           Internal audit results and follow-up actions.

8.2.4           Indication of the authorisation of release of materials generated by
                QDN projects – Management Committee ratification and values
                checklists.

8.3             Records of nonconformities and any subsequent actions.

8.5.2           Results of corrective action.

8.5.3           Results of preventive action.

Unless associated with the above it does not apply to:

         QDN position papers or eBulletins

         Staff appraisals

         Emails

         Web pages

         Brailed or alternative formatted documents

         Correspondence

         Library items


7.3 CUSTODY & CONTROL OF DOCUMENTS &
RECORDS
7.3.1 Responsibility
The QDN Secretary is ultimately responsible for documents and records
management, however, the day to day management of this task has been delegated
to the Network Coordinator.




QDN Policy Manual Volume 5                                        Version 1: February 2008
 Organisational Policy                                                              32

7.3.2 Policy Documents
All Policy Documents shall on every page state the Name of the Document, the
Version Number, the Date of Issue and the Page. The front of every Policy Document
shall contain a Document Information page stating:

       Title of the Document:

       Date Last Ratified by the Management Committee:

       Version:

       Date of Printing:

       Location of digital file:

7.3.3 Forms
All forms that are supplementary to the Quality Management System will contain a
footer containing the version number and date of the latest version, and a digital file
location (if the form is printed it will only show the digital file location at time of
printing).

The numbering of Forms in Registers will be in sequential order with a prefix
identifying the type of form it is.

      CI - Quality Management System Review and Continuous Improvement Form

      DA - Document Amendment Form

      VC - QDN Values Checklist

      AR – Internal Audit Report Form

      NR - Nonconformity Recognition and Action Form

      RR - Risk Register Form




7 . 4 AC C E S S , F I LI N G AN D S T O R AG E
All documents and records must be secured against loss, kept in a appropriate filing
system and accessible to those responsible for their use and storage. Achieved
documents can be kept in an inaccessible way, however, they should be easily
retrievable should this be required.

QDN Policy Manual Volume 5                                       Version 1: February 2008
 Organisational Policy                                                              33


Electronic documents must be backed up on a weekly basis and stored in a separate
location, physically removed from where the parent data is stored.

A relevant version of the Policy Manuals shall be kept on the QDN website for all
members to access.




7.5 DISPOS AL
QDN may dispose of records that have exceeded their retention period. The retention
period for documents or records concerning financial management is five years; and,
administration, employment and project management is seven years. Documents or
records considered to have a historical benefit may be archived.

The method of disposal is at the discretion of the Network Coordinator, however the
chosen method must ensure that records are obliterated and cannot be reconstituted.




7 . 6 AP P R O V A L AN D AM E N D M E N T O F Q D N
DOCUMENTS
When an approval or amendment is required to a document within the scope of this
policy, it is to be noted in the Document Amendment Register. This includes all new
documents.

The Network Coordinator is responsible for maintaining the Document Amendment
Register and making the associated amendments. Once entered, required
amendments may stay unmanned for a period not exceeding 12 months, unless
otherwise ratified by the Management Committee.

All new and amended documents shall be clearly marked “Draft” on every page until
the “Draft” document is ratified by the Management Committee. There is no need to
keep a copy of “Draft” documents.

“Draft” documents shall be circulated to the Management Committee on less than
one week prior to the document’s ratification by the Management Committee.

As part of the ratification process, a “QDN Values Checklist” shall be completed by
the Management Committee. Copies of the checklist shall be filed in the Values
Checklist File.


QDN Policy Manual Volume 5                                     Version 1: February 2008
 Organisational Policy                                                               34


When a QDN document is to be revised the entire document is to be re-issued. A
new Version Number and a new Issue Date shall be shown on the revised document.

A copy of the previous version of the document may be kept at the QDN office.

Brailed and alternative formats shall be made available upon request.




7.7 WITHDRAW AL OF QDN DOCUMENTS
In the event that a QDN document is considered to be no longer relevant, a
recommendation shall be made to the Management Committee to endorse the
document’s withdrawal.




7.8 CONTROLLING EXTERNAL DOCUME NTS
All documents that are of an external origin which may fall into the scope of this
policy and shall be used conjointly by QDN and the external party ( for example the
DSQ Service Agreement), shall not be subject to the processes of this policy. The
document control process of the external source shall be utilised in this case and
consultation with the external source shall take place to ensure its effective use.

External origin documents that are to be solely used by QDN shall be treated as a
new QDN document and follow the relevant procedure for new documents. They
initially shall be marked as a first version.



7.9 FORMATTING QDN DOCUMENTS
The following recommendations will ensure that documents are easy to read and
meet the requirements of the quality management system.

      Use Arial font

      Use at least 12 point type size, for ease of reading

      Use a white background.

      Do make links from one HTML document to another. That is the idea of
       hypertext.


QDN Policy Manual Volume 5                                      Version 1: February 2008
 Organisational Policy                                                   35


     Do link to reference materials on the Internet.

     Avoid the use of PDF documents




QDN Policy Manual Volume 5                              Version 1: February 2008
 Organisational Policy                                                     36




8. Amendments to this Manual
Amendments to this manual will be tracked in the Document Amendment Register. A
summary of the amendments is listed below.




QDN Policy Manual Volume 5                                Version 1: February 2008

				
DOCUMENT INFO
Description: Data Governance Charter document sample