《质量风险管理-王旭206上海医药协会.ppt》由会员分享,可在线阅读,更多相关《质量风险管理-王旭206上海医药协会.ppt(55页珍藏版)》请在三一办公上搜索。
1、风险管理,王 旭 Y2011,介绍风险管理系统要求和指南的来源背景GSK/GSK Bio 风险内部控制和框架GSKBS 风险管理方法概况,目的,英国Turnbull指南公司丑闻Enron,WorldCom,Parmalat,etc.美国塞班斯法案,风险管理的历史,background,在应该对公司的监管,通过一系列的委员会审核和报告,变得愈来愈严格:-1992 Cadbury report(建立公司财务监管标准)Use of board committeesSeparate roles of Chairman and Chief Executive1995 Greenbury report(对
2、高管薪酬进行管理)Disclosure of directors remuneration and compensation in company reports 1998 Hampel committee and report(要求公司制定内部控制体系保障股东利益)Reviewed the Cadbury Code and its implementation,followed up on matters arising from Greenbury reportAddressed the role of shareholders and auditors in corporate gove
3、rnance issues1998 UK Listing Authority Combined Code14 Code Principles and 45 Code provisionsKey principle relates to boards maintenance of a sound system of internal controlCode provision references risk management 1999 Turnbull report Provides guidance on the internal control and internal audit pr
4、ovisions of the 1998 Combined Code Risk based approach,一些英国的历史.,background,Companys internal control system should:be embedded within its operations and not be treated as a separate exercisebe able to respond to changing risks within and outside the companyenable each company to apply it in an appro
5、priate manner related to its key risksRequires companies to identify,evaluate and manage their significant risks and to assess the effectiveness of the related internal control systemBoard directors are to regularly review and annually assess on internal controls.,May 2007,GSKBS,Turnbull Requirement
6、s,background,May 2007,GSKBS,Corporate Missteps,background,The Sarbanes-Oxley Act provides a comparable rule in the USManagement must assess annually the internal controls and procedures for financial reportingCEO must certify quarterly and annually that financial statements are fairly presentedIndep
7、endent auditors must attest to and report on managements assessment of internal controls.,May 2007,GSKBS,塞班斯法案-Y2002 关于公司管理的汇报要求,background,May 2007,GSKBS,公司的响应:内部的控制模式,GSK RM overview,May 2007,GSKBS,内部控制的要素,Five interrelated components,May 2007,GSKBS,控制的氛围人 正直诚信 职业道德 能力运营环境,内部控制的要素,May 2007,GSKBS,政
8、策、规程和标准公司 法律合规ITGMP,GSK RM overview,内部控制的要素,May 2007,GSKBS,信息和沟通运营、财务和合规报告沟通流程教育和培训,内部控制的要素,May 2007,GSKBS,监控管理者审核审计,内部控制的要素,May 2007,GSKBS,Control Environment,Risk Management,Policies and Procedures,Information and Communication,Monitoring,风险管理组织框架,内部控制的要素,May 2007,GSKBS,Policy Excerpts:,Policy Hig
9、hlights,GSK Policy POL-GSK-500 Risk Management and Legal ComplianceApproved in 2001,GSK RM overview,May 2007,GSKBS,Policy Excerpts:,Policy Highlights,GSK Policy POL-GSK-500 Risk Management and Legal ComplianceApproved in 2001,GSK RM overview,May 2007,GSKBS,Policy Excerpts:,Policy Highlights,GSK Poli
10、cy POL-GSK-500 Risk Management and Legal ComplianceApproved in 2001,GSK RM overview,May 2007,GSKBS,风险管理的层次,董事会审计委员会,风险监管和合规委员会,商业风险管理和合规组,合规和风险管理团队,运营团队,监控和审核内部控制体系的有效性和充分性。包括合规控制和风险管理。汇报给董事,识别所有重大风险.监控实施风险控制的有效性.确保为管理层的年度审核提供信息和报告,建立和实施重大风险审核流程,以及确保风险控制管理的有效性,建立内部控制系统:标准,政策,规章 流程.提供建议和实施审计和调查,识别评估潜
11、在风险.消除、监控和报告风险确保重大风险通过内部管理框架被迅速沟通,鼓励新技术的应用资源和优化管理理解流程,例如验证建立面对审计的信心但不是为了帮偏离和缺陷找理由,May 2007,GSKBS,风险管理的好处,May 2007,GSKBS,May 2007,GSKBS,我们说了很多风险的背景来源、管理框架.那么 风险是什么?如何识别风险?如何管理风险?,This is cute,but,风险:是能通过可能性和后果衡量的,一个事件发生后的可感知的后果。可能性:暴露在危险下的可能性。后果:一个事件的结果重大风险:给公司带来重大影响的违法(规)风险,和财务、运营和合规的风险法律风险:有法规问题的风险
12、(如:潜在的违法、违规,承担潜在法律责任),May 2007,GSKBS,风险的定义,What is risk?,May 2007,GSKBS,风险定义,May 2007,GSKBS,预算,运营计划,工厂战略审核,评估部门风险,评估工厂风险Top Down,更新计划预算,实施计划,BCP,工厂验证主计划,风险清单优先级分类,STP 重大风险,风险记录,工厂战略,ISHIKAWA,外部风险,输入过程输出,流程清单,ISHIKAWA,风险台帐,工厂战略,部门战略,STP 重大风险,风险管理方式,May 2007,GSKBS,风险管理工具:,工艺流程清单初步危害分析 Preliminary Haza
13、rd Analysis(PHA)Hazard Analysis of Critical Control Points(HACCP)Hazard Operability Analysis(HAZOP)Fault tree analysis(FTA)Failure Mode Effects and Analysis(FMEA)Failure Mode Effects and criticality Analysis(FMECA)Risk ranking and FilteringInformal risk management,May 2007,GSKBS,风险记录清单格式,May 2007,GS
14、KBS,1-风险识别(编号+流程+风险名称+风险描述):通过鱼骨图对各个流程的风险进行系统识别:Numbering principle:Finance(No:start with 1,1.1,1.2,.)Supply(No:start with 2,2.1,2.2,.)QA(No:start with 3,3.1,3.2,.)EHS(No:start with 4,4.1,4.2,.)People(No:start with 5,5.1,5.2,.)CI(No:start with 6,6.1,6.2,.)Process:refer to process list-level 3,编号+流程+
15、风险名称+风险描述,May 2007,GSKBS,失去商业利益和长期生存能力,合作者,环境,政治,Theft,Earthquake,Flood,Distributors,Suppliers,Contractors,Fire,Sabotage,社会、经济,政府机构,Inspections,Regulators,Taxes,Population Profile,Policies,Laws,Price controls,商务,Competitor activity,Shift in customer Power,Technological change,Accidental Disaster eg
16、crash,environmental,loss of power lines,infrastructure.,Epidemics,外部风险,Just for your references,May 2007,GSKBS,编号+流程+风险名称+风险描述,领导力、战略、声誉,可能影响没有增长失去声誉诉讼 亏损销售市场下降股东利益受损,无效率的管理模式,业务发展无法满足发展需要,无效率的文化和工作氛围,失去声誉、相关人失去信心,Poor PR management,Irregular risk management,Unclear decision making responsibilities,
17、Lack of openness,Quality/Risk management not considered important,Insufficient action and Resolution follow up,No regular governance meetings/agendas,No,wrong or not communicated strategy,vision,No or wrong volume forecasts,No external sensing of needs,Poor Shadow of the leader,No consistency of mes
18、sage,Miss the big picture,No proactive involvement With stakeholders,Dont keep up with New requirements/policies,Poor employee relationships,Peoples needs not take into account,High stress/accidents,Blame culture Issues hidden,Poor communication,Poor morale motivation,Lack of marketing intelligence,
19、Scope for future Business opportunities not considered,Poor Reward/recognition,IE not embeddedDont walk the talkPoor feedback,Lack of accountability,Actions not followed up,Poor process measures,Unethical practices,Adverse event,Failure to meet regulatory compliance,May 2007,可能后果资产流失公司资源被误用 坏帐,1.3 公
20、司资产没有很好管理,1.1 信息慢,不准,1.2 不合规,Poor credit control,changes in business law,changes in tax law,Asset register/management,Low liquidity,Debt collection,Corruption,Fraud,Non existent employees,suppliers.Deliveries,customers,expenses,Customs&excise,Long cash to cash cycle,Data and information maintenance,
21、Inaccurate project costing,Poor project cost control,Budget process/control,Forecast accuracy,Lost sales-tenders,Costs of materials not understood by users,Pay roll/Pensions-contractors,Support of businessDecision making,Division of duties,Under insured,Theft or assets used for non business use,财务,M
22、onthly closing,Stock taking accuracy,编号+流程+风险名称+风险描述,Share service,Inventory control,Share service,Share service,供应 计划,Critical Parameters not understood,可能后果供应能力不能满足需求物料、人无法完成生产计划由于加班造成成本增加外包服务造成成本增加,2.3 供应、订单能力没有平衡,或不能满足成本、服务要求,2.1 客户要求没有转为生产指令,2.2 不清楚供应能力,Demand not levelled,Bottlenecks not ident
23、ified,managed,Long lead times,Plans not based on demonstrated capacity,materials,High/low inventory,Forecast demand not Visible/highly variable,Long lead times,Patient,Doctor Hospital,Logistics,Wholesaler,Retailer,Brand strategy,Promotions,CSAs,Service levelsNot agreed,Disruptive/Unsuccessful tender
24、s,Inflexible supply,Too high/low Contingency stocks/safety stock levels,High overtime,Inaccurate BoM,Finished goods,WIP,Write offs,Stock outs,Unsupported plans,BOM rationalisation,No scenario planning,Source changes(SUPPLIER),Increasing complexityProduct mix,Insufficient capacityHigh utilisation,编号+
25、流程+风险名称+风险描述,May 2007,GSKBS,可能后果 产品质量差造成返工、召回不合规造成不好的政府关系:产品收回、推迟批准.改进措施没有效果造成成本提高.,3.1 产品质量和服务差,3.2 不合规,Poor validation,Low quality/high variability of material,Deviation from SOP,Rework,Insufficient knowledge,Poor quality culture/leadership does not put quality first,Critical to quality parameters
26、 not understood,Equipment failure,Poor materials,TrainingSOP not in use,SOPsSpecs,Methods,Too manyOut of datepoor,Inadequate resource,Specification failure,3.3 质量基础流程,Slow or incorrect Batch release,Slow or poor CAPAs,Poor document control,Non approval of new product,Adverse audits or inspections,Co
27、mplaints,Recalls,Failed or wrong material used,PPRs poor quality does not improve process capability,Validation-high cost/status not maintained,Uncontrolled changes to material,process,equipment,Product not made in line with filing,Deviations not root caused,QMS in place not in use,Slow feedback whe
28、n processMoving out of control limits,质量,编号+流程+风险名称+风险描述,May 2007,GSKBS,环境,Energy usage,Use of non-sustainable resources,New legislation eg carbon tax,Waste managementReduce,Reuse,recycle,Water usage,Emissions,AirWater,Hazardous materialsinformation,Contamination,GroundwaterLandAsbestosPCBsRadiation
29、 OdoursNoiseFire water.,Environmental accidents,Bio diversity,Land usage,Erosion,infringement of historic areas,Wild life,Safety,Accidents:-at work,travelling,Alcohol/drug abuse,4.2&4.3 健康安全,Stress/Poor work life balance,HighAbsence,Absence process,Protectiveclothing,Poor Ergonomics and Job design,E
30、quipment not used/Poor,Poor safety Audit process,Poor 5S/housekeeping,High Sound levels,Poor Lighting,Air quality,Infectious disease,Flu,Insufficient knowledge,Poor EHS culture/leadership does not put EHS as priority,SOPsSpecs,Methods,Inadequate resource,Adverse audits or inspections,Too manyOut of
31、datepoor,4.1 不合规,EHS,可能后果 工伤事故不合规造成不好的政府关系,编号+流程+风险名称+风险描述,May 2007,GSKBS,为了进行风险识别,应有风险台帐来更好帮助风险记录清单的更新流程其中所有可能导致潜在细微风险的危害都应记录.,May 2007,GSKBS,风险评估:收集相关历史数据 当前控制评估可能后果和可能的发生频率评估风险重要性和优先性,May 2007,GSKBS,后果严重性评估-财务:,potential consequences,当同一风险造成不同的后果,选高分,May 2007,GSKBS,potential consequences,When one
32、 risk has different levels consequences,go for the higher one,后果严重性评估-供应:,May 2007,GSKBS,potential consequences,When one risk has different levels consequences,go for the higher one,后果严重性评估-质量:,May 2007,GSKBS,potential consequences,When one risk has different levels consequences,go for the higher on
33、e,后果严重性评估-人员,May 2007,GSKBS,probability of occurrence,可能性评估,Risk index value,风险系数值,优先性高(Red):risk index value in range 10-25+catastrophic risks中度优先(Amber):risk index value in range 5-9低优先(Green):risk index value in range 1-4,后果严重性风险系数值=x 发生后果可能性,Escalation,向上汇报:2 级-工厂级别 和 工厂以上级别渠道:从部门向工厂汇报:每月管理会从工厂向
34、总部汇报:月报和风险报告,风险汇报,消除评估+修改和制定风险消除计划:,May 2007,GSKBS,红色风险必须有风险消除计划,目的至少是将风险由红色降为黄色黄色风险必须有风险消除计划,目的至少是将风险由黄色降为绿色绿色风险不用有进一步的整改行动,但必须记录,并且下一轮风险评估时重新评估到.如何风险后果达到严重程度(5分),尽管可能性为罕见,必要在持续运营计划中考虑,消除评估+修改和制定风险消除计划:,指定专人负责(accountable)重要风险(red and amber)必须是部门负责人重大风险必须准备 STP-每月在部门会议上评估然后,重新评估风险系数值(Consequence,Li
35、kelihood,Risk Index Value),消除评估+修改和制定风险消除计划:,实施计划通过项目管理的方式对风险消除行动计划进行管理依据计划对进展进行监控和审核CAPA 监控系统,当任何触发点出现,必须马上更新风险记录清单(risk register),May 2007,GSKBS,触发点-重要变更,May 2007,GSKBS,审核和监控:每月通过整合风险台帐,更新风险记录清单每月在部门会议中审核回顾通过”KPI监控”来监控整改前后的工艺流程的表现,总结:,Line managementOther functions(audits),Line management,Line man
36、agement,Linemanagement,Line management,Other functions,List of risks,Assessed RisksPrioritized significant risks,Decision to continue,revise,or create mitigation plan,Risk Mitigation Plan,Major milestones and datesEvidence of compliance,Exception Reports and Successes,结果,工具,BrainstormingISHIKAWASupp
37、ly chain risk matrixValue Stream mapping/IPOSWOTRisk Checklists,FMEA5 by 5 Risk index matrixRAGPotential problem analysis,STP,STP,ACM-project managementCAPA system,N/A,职责,52,53,Risk Management Matrix 风险管理矩阵,URS,DS,IQ,OQ,PQ,风险评估在设计阶段的应用,用户要求说明文件,安装确认,运行确认,性能确认,54,Process URS,QC Environment Monitoring Risk Management Matrix,IOQ,PQResidue Risk Verify&Study,EMVerified Residue Risk Monitoring,风险评估在制定环境监控和清洁计划的应用,END,