Every company, regardless of industry sector, has experienced an increase in regulatory pressures during the past decade. In part, this is based on the mistrust of executives following numerous scandals, well-publicized business collapses and billions of dollars unsuspecting investors lost. In response to this disturbing trend, the Sarbanes-Oxley Act of 2002 went into effect in 2004 requiring public companies to prove to their auditors, shareholders and the SEC that there are adequate controls in place to safeguard investors.
More recently, International Financial Reporting Standards (IFRS) introduced as a replacement for Generally Accepted Accounting Principles (GAAP) extend international standards for recognition, measurement, presentation and disclosure of transactions and events. IFRS was introduced amidst the even greater economic turmoil of the past year, including government bailouts for banks, automobile manufacturers, etc.; collapse of some huge multinational enterprises; and high-profile executives doing jail time for white-collar crime.
Another key trend that has no doubt led to increased regulatory activity is the growing asset complexity and the consequences of their failure in terms of cost, public health and safety, and the effects on the environment. To be sure, there have been some notable disasters around the world as a result of catastrophic failure of every asset class — collapsed infrastructure such as bridges, global downtime of IT equipment, premature failure of facilities, exploding plant equipment and so on.
Unquestionably, this trend has been fuelled by the evolution of “smart assets” i.e., assets that have a greater level of computerization and integration. For example, fleet or mobile assets now have multiple computers onboard controlling what used to be primarily a mechanical device in terms of operation of the vehicle, maintenance schedules, safety systems, navigation systems, fuel economy and emissions. There even are systems for communicating with and tracking the whereabouts of the vehicle from anywhere in the world. Similarly, smart buildings have extensive control systems for safety systems, climate control and energy consumption. The advent of smart assets and the integration of those assets translate into greater complexity, and in turn, greater risk of catastrophic consequences upon failure.
So, for many reasons, it’s not surprising to see regulatory bodies busy drafting legislation, standards and guidelines to mitigate and manage the growing risk in every industry. But the good news for asset managers is that excellent tools already are available to ensure regulatory compliance. Modern CMMS packages are well equipped to deal with the demands of most regulators as their requirements have similar themes. The more common risk factors are discussed below, including what features and functions of your CMMS are useful in managing risk and staying compliant.
Traceability: Most of us have heard the expression, “Follow the money.” One of the first things auditors look for in a given process is whether one can recreate and determine exactly what happened and why. The ability to retrace your steps, or “traceability,” is accomplished through a number of CMMS features, but the most obvious one is the audit trail.
There are three levels of audit trail available. The first and simplest audit trail provides a record of who logged in and out of the system, including date and time. The second level adds a date and time stamp of any changes to the CMMS database, including who made each change. The most intensive audit trail logs every keystroke of every user on the system, regardless of whether any edits were made to the CMMS database. The first two levels of audit trail are quite popular offerings amongst CMMS vendors; however, the third is usually obtained through third-party software.
Another key feature of most CMMS packages that facilitates traceability is automated control. For example, work is initiated through a computer-based work request on the CMMS, then approved and scheduled through an automated work order. Maintainer time and parts used are entered against the work order number, and with some CMMS packages, any dollar overages must be approved electronically before the expenditure. Similarly, there’s an easily traceable process for issuing and completing preventive maintenance work orders, and managing spare parts inventory.
Accuracy and integrity of source data: Auditors also look for assurance that source data is accurate, otherwise it’s “garbage in, garbage out.” From a process perspective, this requires entering data once as close to source as possible and preferably without human intervention. This avoids possible duplication or error.
For example, CMMS mobile solutions can provide a date and time stamp automatically when technicians enter the next work order number, signifying the end of one job and the start of the next. The CMMS then calculates time spent on a job, and if desired, compares it to an estimate provided previously by the maintenance planner or supervisor. The supervisor can then approve time records online. This causes far fewer errors than a manual system where, say, a supervisor is given a virtually unreadable, handwritten time card the next day for approval and data is entered by an assistant. As well, the time entry on the mobile device can be used for payroll purposes to avoid duplication.
Another key feature of many CMMS packages is error-checking capability, which checks source data for format (e.g., allowing only entry of three numeric followed by two alpha characters for a given part number), range (e.g., disallowing entry of a meter reading that is impossibly out of range) and logic (e.g., rejecting entry of the wrong engine number for a given vehicle).
Transparency: The CMMS provides excellent visibility into what is happening at any given time. CMMS vendors have developed wonderful tools for accurately documenting everything from your asset management strategy, budget, policies and procedures at the highest level, to a complete asset and component history at a detailed level. Business intelligence provides dashboards, report writers and graphics generators to slice and dice data, change the frequency of refresh and provide drill-down capability for determining root cause for a variance or anomalous situation.
Separation of duties: One of the key controls in a process is to ensure those requesting a given transaction are different than those approving (e.g., capital expenditures). Even simple CMMS packages have features such as notifications and approvals that ensure separation of duties appropriate for a given type of transaction, dollar amount involved and position of the requestor.
Adequate controls: One of the most effective ways to mitigate risk in managing your assets is to use automated and highly transparent control systems. CMMS vendors have improved functionality in this area over the past few years, offering such advanced features as condition monitoring, reliability-centered maintenance, key performance indicators, automated workflow and alarming. These features identify situations that indicate a process is trending out of control and either alarm the appropriate person or make adjustments automatically to bring the process back under control.
Data security: A simple way to reduce risk is to limit user access to data. Modern CMMS packages have extensive features to secure data, such as requiring passwords or digital signatures before allowing a certain type of transaction. As well, advanced CMMS packages can limit access for user groups or individuals to see or edit most modules, menu items, screens, fields and even specific data.
E-mail Contributing Editor David Berger, P.Eng., partner, Western Management Consultants, at email@example.com.
(Editor’s note: The Plant Services CMMS/EAM Software Review, at www.PlantServices.com/cmms_review, provides a side-by-side comparison of more than a dozen popular software packages.)