Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

STATE OF OREGON.doc.doc

853 views

Published on

  • Be the first to comment

  • Be the first to like this

STATE OF OREGON.doc.doc

  1. 1. 1 STATE OF OREGON Internal Audit Services RFP # 10200030-03 Quality Plus Engineering Greg Hutchins, PE 4052 NE Couch Portland, OR 97232 503.233.1012 www.ValueAddedAuditing.com
  2. 2. 2 TABLE OF CONTENTS Page State of Oregon cover letter – section 13 representations 3 State of Oregon Mandatory - section 14 representations 5 Performance audits response section 7 Risk management response section 11 IT audits response section 15 Quality Plus Engineering resumes 19 Quality Plus Engineering product reviews and msc. information 32 Greg Hutchins’s publications 39 End Notes 47
  3. 3. 3 To: Timothy Walker State Procurement Analyst From: Greg Hutchins, Quality Plus Engineering Subject: ‘Internal Auditor’ RFP - #10700030-03 – Section 13 Representations Date: October 19, 2003 Quality Plus Engineering (QPE) is pleased to submit this proposal in response to the State of Oregon RFP for ‘Internal Auditor’ services. MANDATORY REQUIREMENTS QPE complies with the following requirements stated in the ‘Internal Auditor’ RFP: 13.2.1 Cover Letter: QPE submits this cover letter in response to the State of Oregon ‘Internal Auditor’ RFP for the following areas: 1. Performance auditing 2. Risk assessments 3. Information technology audit 13.2.2 Biography: QPE has been an Oregon based program management, process management, risk management, and project-engineering firm since 1986. QPE specializes in enterprise, program, process, project, and product based operational assessments using a number of proprietary, off the shelf, and standards-based methodologies. QPE’s clients include standards organizations, publicly-held companies, and government agencies. Standards organizations include the Illinois Society of CPAs, Institute of Electrical and Electronic Engineers, and Society of Manufacturing Engineers. Publicly held companies include Oregon-based Freightliner and Pacific Power and Light. Governmental agencies include Bonneville Power Administration, Federal Aviation Administration, and Port of Seattle. See resume on proposal page 23. QPE has used the following methodologies: Institute of Internal Auditors Standards for the Professional Practice of Internal Auditing, Malcolm Baldrige National Quality Award (business/education), American Institute of Certified Public Accountants, SEC, Red/Yellow Books, ISO 9000-2000, ISO 4052 N.E. Couch gregh@europa.com
  4. 4. 4 Portland, OR 97232 www.ValueAddedAuditing.com FAX 503.233.1410 or Phone 503.233.1012 www.LeanSCM.net 14000, American National Standards Institute, International Organization for Standardization, Military Standards (Mil I, Mil Q, NQA 1), Enterprise Risk Management Standards (COSO ERM, COSO, NZ/AS 4360), IEEE software reliability standards, Project Management Institute Project Management Body of Knowledge (PMI PMBOK), Software Engineering Institute Capability Maturity Model (SEI CMM), COBIT, ANSI accuracy and reliability standards, etc. 13.2.3 Confidentiality: QPE’s audit reports are considered privileged and confidential information and will be provided to the auditing agency, Department of Administrative Services, and Secretary of State Audits Division. GENERAL REQUIREMENTS QPE has made no or will make no attempt to induce any other person or firm to submit or not submit a Proposal. QPE agrees to be bound by all Contract terms and conditions stated in this RFP, including those stated in the sample Contract attached to this RFP, subject to any revisions in addenda issues before the closing date, or permissible negotiated as set forth elsewhere in this RFP. QPE maintain an internal quality control sytem that complies with the IIA Standards for the Professional Practice of Internal Auditing QPE agrees to comply all applicable State of Oregon regulations and will obtain required security clearances. QPE submits this response and pricing, which shall remain valid for a minimum of ninety (90) days after the Proposal due date or until a Contract is executed, whichever comes first. QPE in accordance with Government Auditing Standards shall require its employees and contractors to comply every 2 years with 80 hours of continuing education and training or comparable professional development training to maintain their licenses or certification. Thank you for the opportunity to respond to this RFP. If you have any questions, please contact us at the numbers below. Best, Greg Hutchins, PE Quality Plus Engineering principal engineer
  5. 5. 5 gregh@europa.com 503.233.1012 To: Timothy Walker State Procurement Analyst From: Greg Hutchins Subject: ‘Internal Auditor’ RFP – Section 14 Representations Date: October 19, 2003 Quality Plus Engineering (QPE) is pleased to submit this proposal in response to the State of Oregon RFP for ‘Internal Auditor’ services. GENERAL DESCRIPTION OF QUALITY PLUS ENGINEERING Quality Plus Engineering (QPE) is a management advisory and engineering consulting firm. QPE conducts risk/control, performance, governance, assurance, and compliance assessments at the enterprise, program/project/process, and product/activity levels. QPE’s practice is divided into vertical specialties including governance, education, internal auditing, risk management, homeland/infrastructure security, and IT/software assessments. See resume on proposal page 23. QPE is also the developer of the Value Added Auditing™ methodology – a methodology for planning, conducting, and reporting highly-technical, operational assessments. These assessments often require higher levels of technical (engineering) expertise, knowledge, qualifications, and due professional care. See resume on proposal page 34. VALUE ADDED AUDITING™ VAA™ is mapped and harmonized to the Institute of Internal Auditor’s Standards for the Professional Practice of Internal Auditing and the COSO ERM. VAA has been reviewed and used by government auditing agencies as the following reviews indicate: Value Added Auditing is the first textbook that I have read cover-to-cover. This approach to auditing represents a total paradigm shift. Instead of viewing auditors as policemen and auditing as punitive and after the fact, this new approach stresses collaborative team effort, participatory problem solving, and proactive improvement rather then reactive corrections. I was always taught that ‘you support what you are involved in making happen’ and I fully support the philosophy of Value Added Auditing. David Wallace, Former Director of Audit of Compliance, Office of the Governor of Texas 4052 N.E. Couch gregh@europa.com
  6. 6. 6 Portland, OR 97232 www.ValueAddedAuditing.com FAX 503.233.1410 or Phone 503.233.1012 www.LeanSCM.net I have reviewed all the materials and I think that they are really on-target. I believe that this is the type of material that ‘modern’ auditors must get a handle on, specifically learn new ways of doing things to add value. Pat Keith, CQA, MBA - CIO Texas State Auditor’s Office MANDATORY REQUIREMENTS 14.2.1 See above ‘General Description of Quality Plus Engineering’. 14.2.2 QPE’s banking reference is West Coast Bank, P. O. Box 827, Salem, Oregon 97308. The name on the account is Lean SCM, a wholly owned company of QPE. Account number is 390001444. 14.2.3 QPE has no judgments, pending or expecting litigation that may materially affect the vitality of the firm. 14.2.4 Does not apply. 14.2.5 QPE has NOT been terminated for default during the past five (5) years. 14.2.6 QPE business registry number in Oregon is 16535593. Greg Hutchins, QPE managing principal, is a registered professional engineer in Oregon and his number is 11641 PE. Greg Hutchins tax ID (SS#) is 566.78.0371. 14.2.7 QPE and auditors will conduct assessments as determined by the audit brief and scope of work. If independence is required, QPE and its contractors shall remain independent – specifically shall be free from personal, external, and organizational impairments to independence and shall maintain required independence as defined in the IIA Standards for the Professional Practice of Internal Auditing Due to engagement breadth, QPE may hire independent contractors to conduct risk/control, assurance, and performance assessments. QPE maintains oversight of employees and contractors by assuring they follow an approved planning, conducting, and reporting methodology; professional IIA standards are followed; complete work papers are generated; oversight reviews are conducted; tests are reviewed; calculation checks and assumptions are assessed; work papers are reviewed; engagement is quality controlled; and engagement is supervised. If QPE engages contractors, then QPE will supply the information requirements 2.1 through 2.5 listed in pages 10 and 11 of the RFP requirements. Thank you for the opportunity to respond to this RFP. If you have any questions, please contact us at the numbers below. Best,
  7. 7. 7 Greg Hutchins, PE Quality Plus Engineering Principal Engineer, gregh@europa.com PERFORMANCE AUDITS 16. Performance Audit – Experience, Qualification, and References REFERENCES: Client name: Department of Energy (Bonneville Power Administration) Audit objectives: Ongoing contract (4-8 years) to conduct process, project, and product, performance audits Audit start/end dates: 4/2003 Approximate hours: Contract face value $500,000; assessments range from 2 days to a week Additional information: Audits and assessments are conducted through work orders Contact name: Mark Fontaine Westhart Contact phone: # 360.619.6836 Contact email address: mfontaine-westhart@bpa.gov Client name: Port of Seattle Audit objectives: Conducted number operaitonal performance assessments over 2 year period covering engineering design, quality, process management, project gtmanagment, contract management, construction management, etc. Audit start/end dates: 2/2000 to 3/2001 Approximate hours: Assessments ranged from 2 days to a week Additional information: Contact name: David Torseth Contact phone #: 206.431.4999 Contact email address: torseth.dave@portseattle.org Ancillary Products and Training Quality Plus Engineering (QPE) has produced a number of best selling auditing, supply management, project management, and process management products. Sample book reviews of Greg Hutchins’s books are on pages 34-36 of this proposal. Greg has also produced a series of best selling videotapes called ‘Leaning of the Supply Chain.’ Greg Hutchins, QPE principal engineer, authored the following:  Value Added Auditing, (QPE, 2003).  Quality Auditing, (Prentice Hall, 1992).  Supply Management Strategies (QPE, 2001)  Strategies for Purchasing Quality, (Dow Jones Irwin, 1991).  ISO 9000, (John Wiley, 1993, translated into 8 languages).  ISO 9000: Registration in 10 Easy Steps, (John Wiley, 1994) PROGRAM EFFECTIVENESS AND RESULTS AUDITS Effectiveness is the ability to obtain or to achieve desired business results or objectives.
  8. 8. 8 Effectiveness and adding value are key concepts in the IIA’s new definition for internal auditing: “Internal auditing is an independent, objective assurance and consulting activity that adds value to and improves an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”i QPE has been conducting value adding and effectiveness audits for more than 20 years in governmental agencies and for publicly held companies to meet the threshold of ‘reasonable assurance’. Quality Plus Engineering has experience conducting the following types of assessments: governance, compliance, operational, process, system risk/control, program, project, process, product, survey, surveillance, functional, and regulatory assessments. QPE has experience with the following standards: IIA (Red/Yellow book), COSO ERM, GAO, IEEE, ASME, ASCE, ANSI, Mil-Std, ISO, ISACA (COBIT), etc. Value Added Auditing™ Characteristics QPE developed the Value Added Auditing methodology as an effective means to  Move internal auditing from documentation compliance reviews to program, project and process effectiveness assessments  Move internal auditing from punishment to collaboration  Move internal auditing from detection to prevention  Move internal auditing from monitoring to continual improvement problem solving Value Added Auditing  Analytical Auditing Value Added Auditing (VAA) is harmonized to COSO ERM and IIA standards. VAA goes beyond compliance to fundamentally understand processes and projects through analyzing project risk management, process control, process capability, and organizational effectiveness. These value added audits require more information to be collected and analyzed to evaluate value, risk, waste, effectiveness, and efficiency. As an organization moves toward value added auditing, the auditor or audit team will conduct in-depth analyses and obtain sufficient evidence in order to determine ‘reasonable assurance’ conclusions. See VAA book and methodology reviews in page 34 of this proposal appendix. As well, see VAA articles by Greg Hutchins on proposal pages 40-45 Value added auditing for effectiveness, risk and efficiency requires more analysis. This may mean:  Flowcharting critical projects/processes.  Identifying critical project/process variables.  Deciphering critical project/process variation.  Uncovering unexpected gaps between business objectives and project/process metrics.
  9. 9. 9  Discovering gaps or white spaces that can result in higher risks.  Discovering potential risks and errors.  Determining control effectiveness at the agency, enterprise, process, project, and activity levels.  Uncovering the absence or differences from what is expected.  Identifying chronic or systemic issues.  Uncovering fraud or illegal acts. ECONOMY AND EFFICIENCY AUDITS QPE can conduct objective or independent/objective audits, depending on audit customer requirements. QPE evaluates compliance as well as improvement, risk/controls, efficiency, effectiveness, economy, existence, occurrence, completeness, accuracy, disclosure, allocation, reasonableness, sufficiency, simplification, timing, validity, ownership, or classification objectives. In an economy and efficiency audit, QPE focuses on operational:  Efficiency. Efficiency is the process of minimizing losses, efforts, and waste. Or expressed another way, efficient performance accomplishes business objectives and goals in an accurate, timely, and economical fashion.” ii  Economy. Total costs, including maintenance, operations, product life cycle, front-end, and development costs, are optimized. The operative word is ‘optimized’ because lowest front-end price may entail sacrificing another element that may induce higher future costs or higher risks. Or expressed another way, economical performance accomplishes business objectives and goals with minimal use of resources (i.e., cost) commensurate with the risk exposure. iii INTERNAL CONTROL REVIEW QPE uses the Value Added Auditing methodology to assess risk and controls. The VAA methodology is based on the COSO Enterprise Risk Management methodology and maps to the IIA Standards for the Professional Practice of Internal Auditing. QPE investigates hard and soft controls in a vertically integrated fashion from an enterprise, program/process/project, to a product/transition/activity level. QPE goes beyond verifying and validating control compliance with enterprise policies, project procedures, and activity transactions. QPE pursues ensures the following controls are in place and working effectively:  Detective controls: Detect and correct the undesirable event which has occurred.  Preventive controls: Deter undesirable events from occurring.  Directive controls: Cause or encourage desirable to occur.  Preemptive controls: Cause the undesirable event from not occurring.  Predictive controls: Anticipate undesirable event before it occurs.
  10. 10. 10 Corrective Action – Preventive Action – Preemption - Prediction QPE focuses on the needs of the agency in terms of assuring the business/agency outcomes are met. To do so, QPE may identify opportunities for improvement, suggest corrective actions, suggest preventive actions, and even recommend interventions. If QPE notices negligence, gross negligence, or fraud, then QPE will ‘report up’ as required and recommend intervention, and if necessary preemption to control chronic or systemic problems. QPE will report on fraudulent certification, edited documentation, lack of full disclosure, unaccounted for variances, incorrect financial reporting; covered up deficiencies; fake tests; over billing; unreasonable response to self assessments; rewriting/predating reports; or failure to record information. In addition, QPE retains subject matter engineering and technology professionals who can use mathematical algorithms to monitor patterns and even anticipate operational deficiencies. REVIEW AND VALIDATION OF CONTRACT PERFORMANCE Greg Hutchins, managing principal of QPE is the author of Supply Management Strategies (2002) and Strategies for Purchasing Quality (Dow Jones Irwin, 1991). Supply Chain Strategies is the core reference to the APICS supply management certification. Society of Manufacturing Engineer and QPE also co-produced last year the video series called ‘Leaning of the Supply Chain.’ See appendix for reviews of Supply Management Strategies on proposal pages 35-36. QPE is the founder and manager of the co-branded supply management portal – www.LeanSCM.net. The portal is presently co-branded by the Institute of Supply Management, Society of Manufacturing Engineers, and Cal State Hayward. Institute of Electrical and Electronic Engineers (IEEE) and the American Association of Engineering Societies (AAES includes more than 1.2 million engineers) will be portal partners in Q1 of 2003. QPE has many years experience conducting customer-supplier audits, including systems, process, and product assessments. QPE is familiar with Uniform Commercial Code, Federal Acquisitions Requirements and other regulatory procurement systems. At a minimum, QPE can verify and validate contract performance. QPE can also develop a supplier certification process, which improves and validates supplier improvement, using the following methodology:  Identify supply chain improvement project  Define problem risks and constraints  Organize to solve problem  Identify possible and probable causes  Select the best solution  Implement the solution  Audit improvements PROFESSIONAL LICENSURE OR CERTIFICATION QPE professionals have a subject matter background and often an advanced technical degree in the area of specialization. As well, this person will have professional licensure,
  11. 11. 11 such as a PE, AIA, or CPA along with professional certification such as a CQA, CIA, RAB, etc.
  12. 12. 12 RISK ASSESSMENT REFERENCES: Client name: Department of Energy (Bonneville Power Administration) Audit objectives: Ongoing contract (4-8 years) to conduct process, project, and product risk assessment audits Audit start/end dates: 4/2003 Approximate hours: Contract face value $500,000; assessments range from 2 days to a week Additional information: Audits and assessments are conducted through work orders Contact name: Mark Fontaine Westhart Contact phone: # 360.619.6836 Contact email address: mfontaine-westhart@bpa.gov Client name: Port of Seattle Audit objectives: Conducted number operational performance assessments over 2 year period covering engineering design, quality, process management, project management, contract management, construction management, etc. Audit start/end dates: 2/2000 to 3/2001 Approximate hours: Assessments ranged from 3 days to a week Additional information: Contact name: David Torseth Contact phone #: 206.431.4999 Contact email address: torseth.dave@portseattle.org Ancillary Products and Training Quality Plus Engineering has produced a number of best selling auditing, supply management, project management, and process management products. Sample book reviews of Greg Hutchins’s books are the appendix. Greg Hutchins, QPE principal engineer, authored the following:  Value Added Auditing, (QPE, 2003).  Quality Auditing, (Prentice Hall, 1992).  Supply Management Strategies (QPE, 2001).  Strategies for Purchasing Quality, (Dow Jones Irwin, 1991).  ISO 9000, (John Wiley, 1993, translated into 8 languages).  ISO 9000: Registration in 10 Easy Steps, (John Wiley, 1994). RISK ASSESSMENT QPE has been conducting technical and operational risk assessments for more than 20 years, using the following models:  GAO  COSO and the newer COSO ERM  FAA program risk methodology
  13. 13. 13  DOD  ISO 9000 and ISO 14000  FDA Good Manufacturing Practices  Malcolm Baldrige National Quality Award Greg Hutchins, QPE principal engineer, is the author of the best selling ISO 9000 book, which is the most widely adopted operational auditing standard. Greg Hutchins also wrote a number of additional operational auditing books and has developed trademarked and even patent pending auditing methodologies. See www.ValueAddedAuditing.com for information on Value Added Auditing™. See VAA articles in proposal pages 40-45. In terms of COSO audits, QPE at a minimum evaluates risk exposures relating to the organization's governance, operations, and information systems regarding the:  Reliability and integrity of financial and operational information.  Effectiveness and efficiency of operations.  Safeguarding of assets.  Compliance with laws, regulations, and contracts. RISK MANAGEMENT STRATEGIES As discussed, the IIA standards allow the auditor to conduct objective and analytical audits, which permit the auditee to actively participate in developing risk management solutions for the enterprise, program, project, process, and/or activities. In this collaborative assessment, the QPE auditor provides consultative services. If QPE is engaged in an objective audit, then QPE will work with the auditee to develop cost effective risk/control systems at the enterprise, process and activity levels. As well, QPE can develop innovative and cost effective risk management strategies to control and manage risks at the enterprise, program, process, project, and activity levels. QPE will work with agency heads, process owners, and project managers to determine risk appetites, evaluate risks, evaluate risk control effectiveness, assess residual risks and then develop a plan for managing residual risks. For example, QPE’s works with the auditee to determine if one or more of the following risk management strategies are appropriate and then with work with process owners to implement the appropriate risk tactics:  Avoid risk. This requires the root cause of the risk is eliminated. This may mean finding a new contractor or developing new processes.  Mitigate risk. This requires the probability of the event occurring is reduced. Risks can be mitigated through transferring, deflecting or reducing them. Risks may be mitigated through contingency plans, and insurance. Examples of risk mitigation include using redundant suppliers, cross training existing agency personnel, or using backup hardware.  Accept risk. This implies the agency or process owner has identified the risk, its consequences, and can live with them. The process owner or customer accepts the fact that a contractor has a deliverable and acceptable level of quality. If the
  14. 14. 14 quality level needs to be improved then the customer can invest in additional project oversight to get the desired level of assurance.  Share risk. This means the agency and contractor may assume and share the risk. The agency may need improved quality from a contractor’s IT service providers.  Diversify risk. This means the risk is unacceptable and must be spread out. The process owners may have a sole source supplier and the risk of an event such as a strike implies that shipments may be disrupted. The agency diversifies the risk by finding acceptable, alternate contractors.  Control risk. This means the occurrence or recurrence of the risk can be monitored and even prevented. The process owner has sufficient trend data or other information to predict when a shipment may contain nonconforming products, when process output is unacceptable, or when processes have to be monitored.  Increase risk. This means the agency will increase risks because the potential returns outweigh the risks. For example, an agency may choose a new contractor to reduce cycle times or increase product development opportunities. The future potential returns outweigh present perceived risks. TACTICAL RISK SOLUTIONS QPE works with process owners and project managers to ensure that effective risk solutions are implemented. QPE works with agency management and process owners to manage tactical risks by following this trademarked process:  Identify risks for the particular agency business unit and appropriate process level.  Identify mission critical objectives.  Understand what and how the process works.  Identify critical input process variables.  Prioritize input risk variables.  Identify possible and probable risk events for the input process variables.  Understand the probability of exposure or events.  Understand the impact or consequences of an event occurring.  Develop quantitative or qualitative process and risk analysis.  Develop process and project risk profile.  Understand the output process variables.  Identify stakeholder risk tolerances.  Be able to put cost estimates of an event occurring.  Evaluate process outputs for conformance to standards. CRITICAL CONTROL QUESTIONS QPE ensures that the right controls are working to ensure objectives are met in the effective manner. QPE’s assess the internal control structure by addressing the following questions: 1. Do the appropriate controls exist? 2. Are there informal or soft controls? 3. Do controls monitor the major process variables?
  15. 15. 15 4. Are controls the most effective controls? 5. Are controls working properly? 6. Do controls work to improve the process? TESTING CONTROLS QPE accumulates evidence and information to support audit decisions. QPE may trace a process or test controls by following these steps: 1. Identify standards, metrics, or objectives. 2. Determine level of assurance and required controls. 3. Identify testing resources. 4. Define the population. 5. Select the sample. 6. Inspect, test, and/or assess sample items. 7. Test control effectiveness. 8. Decide on the strength or weakness of the internal controls. PROFESSIONAL LICENSURE OR CERTIFICATION The QPE lead assessor will have a technical background and often an advanced technical degree in the area of specialization. As well, this person will have professional licensure, such as a PE, AIA, or CPA along with professional certification such as a CQA, CIA, RAB, etc.
  16. 16. 16 INFORMATION TECHNOLOGY AUDIT Client Name: LCTI for Alcatel, USA Audit Objective (s): The objective of this audit was to review the 1680 Optical Gateway Manager (OGX), Release 2 of the product for compliance with ISO 9001, TL9000 Quality System Requirements during the development phase of the new product introduction process. Audit Start/End Dates: July 18 – July 21, 2000 Approximate Hours: 32 Additional Information: Scope: The scope of the audit included all processes/procedures used in defining, developing, integrating and verifying hardware and software portions of the product for delivery to customer. The 1680OGM Release 2 was used as the base for the audit and Release 1.0 was used where Release 2 information was not available. The following functional organizations or areas participated during this internal audit: Project Management Systems Engineering Training New Product Introduction System Integration Test Problem Tracking Software Design & Development System Verification Test Hardware Engineering Mechanical Engineering ASIC Engineering Document Control Product Application Engineering Software Configuration Management & Load-build Contact Name: Ann Sullivan Contact Phone: 972-985-7890 Contact Email Address: annsullivan1@earthlink.net Client Name: Alcatel, USA Audit Objectives: To conduct a Post Release Assessment (PRA) of the 1320 NM – Release 7.2, network management software. This PRA consisted of:  Auditing the software development process used in the realization of the product for conformance to documented procedures and standards.  Evaluating and assessing the performance of the project to predefined goals and objectives including requirements stability, milestone schedule adherence, review effectiveness, resource management, risk assessment and mitigation, and test coverage/problem detection and resolution.  Assessing “what went right and what went wrong?” on the project. The identification of the critical factors associated with both the positive and negative aspects of the project.  Conducting a survey of employees and key internal stakeholders of the project in order to obtain “The Voice of the Employee” perspective of the project. The survey consisted of a combination of both closed and opened ended questions. The overall results of the survey were complied as portion of the final report.  Preparing a comprehensive Final Report and providing a presentation to the management team of the product release.
  17. 17. 17 Audit Start/End Dates: March 5 – March 16, 2001 Approximate Hours: 80 Additional Information: A Post Release Assessment is an independent, expert evaluation of projects used as a part of a more comprehensive lessons learned process. It consisted of both an objective audit, and a quantitative and qualitative assessment of key drives and critical factors of both positive and negative aspects of the project. Contact Name: Ebony Martin Contact Phone: 972-223-2633 Contact Email Address: ebony.martin@comcast.net OVERALL APPROACH TO IT AUDITS State RFQ states COBIT requirements for conducting IT assessments and governmental experience. At the prebid meeting, QPE asked if alternate methodologies to COBIT can be proposed for conducting IT assessments. State encouraged QPE to propose engineering and technology alternatives. QPE follows a commercial methodology that is harmonized to COBIT that seeks assurance of control effectiveness in three levels (see figure on next page):  Enterprise: COSO ERM is the preferred model for enterprise and/or agency assurance of control effectiveness. COBIT is harmonized to the older COSO model, that we extended to the new COSO ERM.  Process/Project: Software Engineering Institute Capability Maturity Model, ISACA COBIT, Project Management Institute Body of Knowledge and IEEE software reliability standards provide assurance of project and process control effectiveness.  Software/Product/Activity: IEEE standards are detailed and prescriptive requirements for software verification and validation. IT AND SOFTWARE ASSESSMENT APPROACHES QPE conducts software and information technology assessments using Institute of Electrical and Electronic Engineers (IEEE), Software Engineering Institute Capability Maturity Model (SEI CMM) and other engineering standards. Examples of IT and software assessments include the following: Enterprise Risk Management  Designed and deployed division-wide risk management framework in a high technology environment of over fifteen hundred employees; special focus upon software development and release process, project management, product and process risks.  Conduct division-wide risk management training for all levels of the organization.
  18. 18. 18 Agency/Enterprise Controls (COSO ERM) Process/Project Controls (COBIT/CMM) Software/Product/Activity Controls (IEEE) COBIT  Initiated COBIT initiative to align information technology (IT) function with strategic direction and objectives. Employed as the best practice approach to provide an IT evolutionary capability roadmap and justify IT investments.  Provided executive level and IT wide training to justify the value proposition to the organization. Operational Excellence  Achieved operational effectiveness and efficiencies associated with over $2 billion in new product introductions via implementing internal controls into the product life-cycle process, new product introduction framework and the product development (hardware, software and services) processes.  Achieved breakthrough quality and process improvements across the entire product life cycle ranging from requirements, R&D (hardware and software), system verification tests, manufacturing, product deployment, and in-service. Facilitated the executive team that increased operational efficiencies by improving on-time deliveries 45% and on-time installation completions from 18% to 72%. Increased the number of new products achieving regulatory compliance by general availability from 33% to 85%; reduced the overall software product qualification test interval by 67%.  Led a corporate-wide TQM initiative including strategies, infrastructure, curriculum design, training tools, and implementation from top down. Organized
  19. 19. 19 and led the Quality Research Center with key focus on researching and benchmarking “best in class” quality technologies.  Managed all aspects of quality program management for product software and hardware development and service/support processes. Implemented process and quality engineering concepts, tools, techniques, and methodologies to non- manufacturing areas.  Responsible for the integration of the financial and operational controls into a coherent business management system framework for a fast-growing (2x per year) business. I am tasked with achieving total operational assurance of key business objectives by aligning Sabanes-Oxley, COSO-ERM, CoBIT and ISO 9000:2000 requirements into an effective, result-oriented business framework with totally integrated, internal controls in order to achieve extraordinary, breakthrough results. Audits/Assurance Assessments  Conducted numerous of enterprise-wide system and process audits and assessments and orchestrated preemptive, predictive corrective and preventive actions resulting in 10’s of millions of dollars in operational savings.  Led the design and deployment of business-unit quality management system, obtaining the initial ISO/TL 9000 registration without any nonconformance.  Spearheaded division-wide software improvement initiative using the Capability Maturity Model (CMM) across 5 major software development projects and associated support areas. Software Development/Improvement  Installed a software assurance process emphasizing inspections, reviews and other defect preventions strategies, along with measurement and metrics and risk assessments achieving 3X improvement in quality and a 50% reduction in time- to-market.  Re-engineered and streamlined the software product development process by 50% utilizing leading edge quality technologies. PROFESSIONAL LICENSURE OR CERTIFICATION The QPE lead assessor will have a technical background and often an advanced technical degree in the area of specialization. As well, this person will have professional licensure, such as a PE, AIA, or CPA along with professional certification such as a CQA, CIA, RAB, etc.
  20. 20. 20 QUALITY PLUS ENGINEERING RESUMES Quality Plus Engineering retains engineers and other highly qualified staff to conduct operational assessments. Agency Quality Plus Governance Engineering (Rick Steinberg) (Greg Hutchins) Internal Auditing/ Homeland Risk Management Educational ISO 9000/SCM Value Added IT/Software Security/ Lead Assessor Assessor Lead Assessor Auditing (Tom Bradley) Infrastructure (Greg Hutchins) (Hank Lindborg) (Dick Gould) (Greg Hutchins) (John Kahl) Risk/Controls Rick/Controls Assessor Assessor Rick Steinberg CPA, the former governance partner with PwC, is the author of the 2003 Draft COSO Enterprise Risk Management standard. Rick is the corporate and agency governance expert on the team, who works with the team to address ‘Tone at the Top’, governance, enterprise risk management, and methodological issues. See resume on page 21. Greg Hutchins PE, is the managing principal of Quality Plus Engineer. Greg is the founder of Value Added Auditing, author of more than 12 books, past Oregonian columnist, internally known expert on operational and supply chain assessments. See resume on page 23. Tom Bradley Ph.D. is the QPE director of software and IT assessments. Tom is a nationally known engineering expert of software development, coding, software assurance/control, and software project management. See resume on page 28. John Kahl AIA, is the QPE director of homeland security and infrastructure assessments. John has been a senior executive with a number of firms managing and overseeing facility development, design, security, contract management, and construction management. See resume on page 26. Hank Lindborg Ph.D. is the QPE director of educational assessments. Hank sponsored and helped design the Malcolm Baldrige National Quality Award in Education award. Presently, Hank conducts quality educational assessments for QPE and the North Central
  21. 21. 21 accreditation, which is the national accreditor of educational institutions in the Midwest. See resume on page 30. Dick Gould CQA is the QPE director of ISO 9000 – 2000 assessments. Dick has over 15 years experience conducting all types of ISO assessments, including compliance, effectiveness, process, environmental and compliance.
  22. 22. 22 RICHARD M. STEINBERG Corporate Governance Rick Steinberg is founder and Principal of Steinberg Governance Advisors, Inc. He advises boards of directors and senior managements of Fortune 100 companies, major institutional investors and leading universities, as well as other large and middle market company boards, equity investors and federal governmental bodies. He previously was a senior partner of PricewaterhouseCoopers LLP and its Corporate Governance Leader, responsible for design and development of PwC’s corporate governance program, thought leadership, and serving major company boards of directors and managements on corporate governance issues. Mr. Steinberg was a founder of PricewaterhouseCoopers’ risk management and control consulting practice and served as its global leader, overseeing development of client service capabilities around the world and leading major client engagements. He served as the lead project partner in developing the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control -- Integrated Framework, now recognized as a landmark representing the standard of internal control. He now is leading another major developmental study for COSO, on enterprise risk management, and is advising leading companies on risk management. Mr. Steinberg is a recognized leader in the corporate governance community. He led the major governance study culminating in the highly acclaimed published reports, Corporate Governance and the Board – What Works Best and the companion, Audit Committee Effectiveness – What Works Best, providing leading-edge guidance to boards of directors and audit committees worldwide on best governance practice. Other recent works include the Current Developments for Audit Committees series, and Navigating Fair Disclosure. He is a current or past member of the Conference Board’s Global Corporate Governance Research Center Advisory Board, the Open Compliance Education Guidelines Executive Advisory Panel, Co-Chair of Corporate Board Member’s Academic Council, and co-founder of the PwC-University of Delaware Center for Corporate Governance Directors’ College. He is widely published, authoring books, monographs and articles in leading journals, is frequently quoted in the financial press – including Business Week, Fortune, The Wall Street Journal and the Financial Times -- and is an active and sought-after speaker by business, professional, and academic organizations. Selected Corporate Governance Clients (the majority are among the largest, most well- known organizations):  Aluminum manufacturer  Bank  State pension system  Consumer products company  Cruise line  Electronics company  Federal Reserve
  23. 23. 23  Financial institution Authored Corporate Governance Books, Reports  Directors’ College Conference Highlights, Spring 2003  Current Developments for Audit Committees 2003  Current Developments for Audit Committees 2002, Enron Supplement  Current Developments for Audit Committees 2002  Shareholders Questions 2002 Authored Corporate Governance Articles  G100 Insights, April 2003  Insurance Digest, February 2003  The Corporate Governance Advisor, May/June 2002 Corporate Governance Media Coverage  Corporate Board Member, May/June 2003  Board Alert, April 2003  Business World, April 1, 1003  Corporate Board Member, March/April 2003  Institutional Investor.com, March 28, 2003  Board Alert, March 2003  Reuters, February 14, 2003  Growing Your Business, January/February 2003  Dow Jones & Reuters, January 13, 2003  The Wall Street Journal, December 18, 2002  Business Week, October 16, 2000 Selected Corporate Governance Presentations  IIA International Conference, Las Vegas, June 2003  Conference Board Directors’ Institute, New York, June 2003  Telecom Conference, Palm Beach, June 2003  CalSTERS Board, May 2003  AICPA, San Antonio, May 2003  National Directors Institute, Chicago, April 2003  CPE, Inc., San Diego, March 2003  American Accounting Association, Huntington Beach, CA, January 2003  Connecticut Venture Group—Corporate Governance, Stamford, December 2002  PricewaterhouseCoopers Financial Services Conference, New York City, November 2002  Corporate Governance Summit, Los Angeles, November 2002  Corporate Governance: An Overview for the Times conference, Washington, D.C., November 2002  Directors’ College, Newark Delaware, November 2002  Conference Board Annual Fall Symposium, October 2002
  24. 24. 24 GREGORY B. HUTCHINS, PE 4052 NE Couch Portland, OR 97232 EXPERIENCE: 2003 Founder of Lean SCM – www.leanSCM.net. OEM supply chain management portal cobranded with Society of Manufacturing Engineers, Institute of Supply Management, and others. 2002 Founder of Value Added Auditing – www.ValueAddedAuditing.com. Assessment and assurance services for homeland security, corporate governance, internal auditing, and IT 2001 Principal, Working It, LLC. Work management company integrating organizational change, individual change management, process management, project management, and supply change management using trademarked work methodologies such as: Paradigms, People, Principles, Practices, Products, Processes, Projects®. 1998 –99 Chief Operating Officer. Hayden Properties. Property development, management, and investment company. 1986-2003 Principal, Quality Plus Engineering, Process improvement, project management, supply chain management, and turnaround consulting firm. Partial client list: Coca-Cola, Microsoft, Freightliner, Boeing, First Data Corp., Aptec, Signode, Port of Seattle, Hayden Properties, American Gas Association, American Institute for Certified Public Accountants, and National Association of Purchasing Management. 1986-1987 Founder, Greg's Outrageous Fortune Cookie Company. 1983-1986 Quality Engineering - Established and managed quality program, NNG. Established first oil/gas industry quality standards. 1979-1983 Special Projects - Staff and project engineering. Managed, designed, and constructed high pressure gas pipelines, oil terminals, tank farms, liquified natural gas and other process facilities, NNG. 1976-1978 Principal, Energy Planning Associates. 4052 N.E. Couch 800.COMPETE or 503.233.1012 Portland, OR 97232 FAX 503.233.1410 or gregh@europa.com www.ValueAddedAuditing.com www.LeanSCM.net
  25. 25. 25 CORE COMPETENCIES:  Supply Chain Management: ◊ Founder and chair of www.supplymanagement.biz, online supply management community of universities (CSU – Chico, etc.), professional associations (SME, etc.) ◊ Author of NAPM’s (National Association for Purchasing Management) and APICS endorsed Purchasing Strategies for Improved Performance ◊ Author of SME, APICS, ASQ endorsed Supply Management Strategies ◊ Trained 1000’s of NAPM professionals in SPC, customer-supplier partnering, ISO 9000, quality auditing, etc. ◊ Developed SCM methodologies and products used for national certifications ◊ Chair, SME (Society of Manufacturing Engineers) Oversight Quality Committee ◊ Developer/presenter of SME’s ‘Leaning of the Supply Chain’ video series  Project/Program Management: ◊ 20 years pm background in engineering, construction, product development, software, and general operations from $7B to $1M ◊ Write Project Management Institute (PMI) column PM@Work ◊ Developed and deliver PMI workshops: Satisfying Stakeholders Through Superior Quality Management and Life After Closeout: Managing Your Work and Career ◊ Microsoft strategic partner with Team Manager, Visio, and Project  Process Management: ◊ Developer of trademarked 7P work methodology: Paradigms - People - Principles – Practices - Products - Processes - Projects® ◊ Designed, managed, and deployed over 100 improvement initiatives ◊ Trained 1000’s of people in various elements of quality, including process mapping, SPC, assessments, improvement methodologies, etc. ◊ Write American Society for Quality’s (ASQ) column on quality, careers, and work ◊ Author of best selling (translated into 7 languages) ISO 9000 ◊ Developed ISO training and deployment for first North American ISO 9000 registrar ◊ Author of definitive process auditing book, Standard Manual of Quality Auditing, (Prentice Hall, 1992 and ASQ blessed) ◊ Author of first process auditing handbook  Change Management: ◊ Developed and deliver organizational and individual change management courses through Project Management Institute, Oregon Health Sciences University, National Society for Professional Engineers, etc.
  26. 26. 26 ◊ Columnist on work/careers/jobs for The Oregonian, Institute of Industrial Engineers, American Society for Quality, Institute of Electrical and Electronic Engineers, and Project Management Institute ◊ Author of Working It based on trademarked work methodology: Paradigms – People – Principles – Practices – Products – Processes - Projects  Communications Management: ◊ Authored hundreds of project, process, and change management columns and 11 books ◊ Authored best selling ISO 9000 books ⇒ ISO 9000 Registration in 10 Easy Steps, (John Wiley/Oliver Wight, 1994) ⇒ Taking Care of Business, (John Wiley/Oliver Wight, 1994). ⇒ ISO 9000, (John Wiley, 1997). PUBLICATIONS:  Project management columnist, PMNet, Project Management Institute (circulation 85K).  Web work columnist, Institute of Electrical and Electronic Engineers, (348K)  Work and career columnist, Quality Progress, American Society for Quality (circulation 250K).  Work and career columnist, IIE Solutions, Institute of Industrial Engineers (circulation 25K).  Supply chain columnist, "Supplyline", Auto Industry trade publication (circulation 80K).  Business columnist, "On Jobs," The Oregonian (circulation 400K).  General columnist, "Technical Fix" Daily Journal of Commerce. (circulation 30K).  Supply Management Strategies (QPE, 2001)  Do. I.T. (QPE, 2001)  Working It: The Rules Have Changed, (QPE, 1998)  The Quality Book, (QPE, 1996).  ISO 9000: Registration in 10 Easy Steps, (John Wiley, 1994)  Taking Care of Business, (John Wiley, 1994).  ISO 9000, (John Wiley, 1993).  Quality Auditing, (Prentice Hall, 1992).  Strategies for Purchasing Quality, (Dow Jones Irwin, 1991).  Introduction to Quality: Management, Assurance, and Control, (Macmillan, 1990). EDUCATION:  Graduate work in finance and accounting.  BS, Applied Science and Engineering, Portland State University, 1978.  Working fluency in Russian and French
  27. 27. 27 JOHN KAYLE, AIA 503.233.1012 EMPLOYMENT HISTORY QPE Project Manager 2002 - 2003 QPE. Process management, project management, and supply management assessments for clients. Provide oversight and assurance of BPA suppliers for quality, delivery, and cost. Director Construction Management and Facilities 2000-2001 Kana Software, Inc. Redwood City, California Recruited to enhance all employee work place activities from initial reception & hospitality, food services, to planning sophisticated customer sales spaces. Led 40 person staff on east / west coasts to accelerate development and delivery of leased space acquisitions, rapid contracting of IT and furnishings for 2000 employees, followed by fast dispositions. $85 million capital deployment, $7 million annual operations. Senior Project Manager 1998-2000 The Marchese Company San Francisco, California. TMC is an Owner’s Representative and Project Management firm. My work for a specific client, The Roman Catholic Archdiocese of San Francisco, was in senior PM support for selected major projects, located in downtown San Francisco:--garage, housing tower, Chinese school; reconstruction and furnishings for offices -- $45 million in capital development Principal 1997 Independent Consulting, San Francisco, California. Owner’s project representative for real estate activities, leasing, development, and feasibility. AUDIT/ASSURANCE EXPERIENCE
  28. 28. 28 Process Performance Audits: Review of business processes against performance metrics for project planning, design, construction, and commissioning of infrastructure projects. Design Performance Audits: Review of technical designs for high tech, commercial buildings, industrial facilities, roads, bridges, and other types of infrastructure from $10 to $40 million. Construction Project Audits: Planning, conducting and reporting assessment of construction projects from highly technical factories, chemical laboratories, clean rooms, electronic component/assembly rooms, field sales offices, and serviced facilities in the US and internationally, including review of FYIs, change orders, claims, etc. from design definition to commissioning Infrastructure Audits: Oversight and review of Xerox/Versatec projects from design to commissioning of green field to fully occupied facilities. PROFESSIONAL AWARDS Project of the Year, Region III (One of three projects recognized world-wide). Awarded in 1996 by Project Management Institute (PMI) for outstanding project management leadership—Raychem’s $7 million, 80,000 SF high tech factory project in Mexico. EDUCATION Phillips Exeter Academy—Secondary School Stanford University—School of Humanities, A.B. Pre-Architecture Stanford University—School of Engineering, B. Architecture Pepperdine University— MBA II Studies CERTIFICATIONS / MEMBERSHIPS PMP—Certified Project Management Professional, Project Management Institute, member. NCARB—National certificate holder, National Council of Architectural Registration Boards. AIA—American Institute of Architects, past Officer, Board Member, San Francisco Chapter. Registered Architect, State of California, State of Arizona
  29. 29. 29 Thomas J. Bradley, Ph.D. 503.233.1012 EXECUTIVE SUMMARY Recognized as one of our nation’s leading African-American technology and engineering executive and an expert in risk management, COSO ERM and quality assurance, Has a consistent track record in improving business performance, software development, operational efficiencies, and accelerating new product time to market through management system design and deployment. Generated multimillion dollar cost savings for Fortune 500 telecommunication and software companies. Exceptional leader with strong skills in integrating cross-functional initiatives into standard, streamlining lean practices necessary to improve performance, manage risks, maximize profitability and assure customer satisfaction. Uniquely qualified to analyze and design all business processes from R&D to new product introduction, to software development and customer program management. Effective communicator at all levels of the organization. Capability strengths: • Risk Management • Operational Controls • Benchmarking • ISO 9000:2000 • Program Management • CoBIT • Auditing & Assessments • Training / Mentoring • Capability Maturity Model • Measurement & Metrics • Strategic Planning • Network Config. Mgt. PROFESSIONAL HIGHLIGHTS  Implemented operational internal controls and associated enterprise risk management frameworks in business units associated with over $2 billion in new product introductions.  Orchestrated millions of dollars in savings via preemptive, predictive corrective & preventive actions associated with enterprise-wide business system and process audits and assessments.  Recognized for outstanding contribution during a $500 million account acquisition for orchestrating a 55% time to steady-state field performance reduction while increasing quality of the product by 3X.  Reduced the Cost-of-Poor Quality charges by $35 million within eight months; led the executive team, monitored progress, and established another $100 million targeted operational savings.
  30. 30. 30  Facilitated the executive team that increased operational efficiencies by improving on-time deliveries 45% and on-time installation completions from 18% to 72%.  Increased the number of new products achieving regulatory compliance by general availability from 33% to 85%; reduced the overall software product qualification test interval by 67%.  Retained major multimillion dollar accounts through exceptional service and achieving a 2X reduction in response time to critical and major customer trouble reports and a 98% industry compliance rate.  Developed and implemented a new product introduction framework embracing contemporary concurrent engineering and operating principles resulting in an aggregate time-to-market reduction of 50%.  Streamlined the software product development process by 50% utilizing leading edge quality technologies. EDUCATION Doctor of Philosophy in Electrical Engineering Specialization in Statistical Communications and Controls Howard University, Washington, D.C. Master of Science in Electrical Engineering and Computer Science Stanford University, Palo Alto, California Bachelor of Science in Electrical Engineering Howard University, Washington, D.C.
  31. 31. 31 HENRY J. LINDBORG, PH.D. 503.233.1012 EXPERIENCE  1999- 2002: Networking Coordinator, Academic Quality Improvement Project (AQIP) of the Higher Learning Commission, North Central Association, Chicago, IL  1993: Executive Director (C.E.O.), National Institute for Quality Improvement, Consultants on Assessment and Organizational Development.  ASQ: The American Society for Quality : Training and Education Board (1995- ), Chair of Education Division (1996-99), Winnebago (WI) Section Board (1995-99), Chair, E. L. Grant Award, 2003  1993- present. Graduate Professor, Marian College of Fond du Lac, Wisconsin. Teach graduate courses in leadership and quality in Business and Educational Studies Divisions.  1991-1993 Senior Vice President, Executive Director of the International Values Institute, Marian College.  1973 - 1991 Professor, Division Chair, Vice President for Academic Affairs and Dean of the College, Marian College.  1981 - 1984 College of Charleston (South Carolina), Visiting Professor.  1972 - 1979 Moraine Park Technical College, Lecturer in Communications.  1969 - 1972 University of Wisconsin-Oshkosh, Instructor.  Additional graduate teaching. Serve on degree advisory committees of graduate students at Marian College, The Union Institute Graduate Program (Ohio), Fielding Institute.  Trustee, Wayland Academy (High School), 1988-2000. ASSESSMENTS  Quality-based audits of the Detroit Public School System, Norfolk Public School System, Georgia State Office of Public Instruction.  Higher Learning Commission of the North Central Association: Facilitated development of Academic Quality Improvement (AQIP) Criteria. Assisted in design of Systems Portfolio system and related training. Assisted in design of AQIP survey instruments and strategic forums for senior administrators. Serve as Portfolio reviewer.  Provide consultation to colleges and universities, K-12 education, corporations and not-for-profits in developing and assessing quality systems.  Lead Auditor Certification, ISO 9000  Assist corporations in assessing risk in strategic planning and implementation of quality systems.
  32. 32. 32  Developed and taught graduate course in Organizational Analysis, employing Baldrige, ISO and systems-based thinking to identify enterprise risk and opportunities. EDUCATION  1980 Ph.D. University of Wisconsin-Madison  1967 MA University of Wisconsin-Madison  1966 BA Fordham University PUBLICATIONS  Articles and Reviews (approximately 125), including presentations for ASQ and other proceedings. Basics of Cross-Functional Teams (Productivity Press, 1997). In progress: Transformation and Revelation in the American Tradition, Systems and Spirit: Ralph Waldo Emerson as Systems Thinker, The Labyrinth and the Spiral: Metaphors of Discovery, and a new book on cross-functional teams. Career columnist for ASQ's Quality Progress. Columist on team development for website created by engineering societies.  Reviewer of manuscripts for publishers, including Prentice Hall and Quality Resources Press. PRESENTATIONS  Conference presentations for AAHE, AIRUM, CIC, MLA, NCA, WCTE, The Wisconsin Academy, IAFA, Winchester Academy, Milwaukee First in Quality, Total Quality Forum, ASQ, National Association for Community Leadership, Society of Manufacturing Engineers, Kellogg Consortium, Project Management Institute, and others.  Keynote speaker for colleges and universities, community organizations and corporations, including 3M. Regularly conduct seminars and workshops and have organized national conferences on organizational mission and quality audit issues.  Forthcoming presentations: “Tone at the Top: Audit and Values” and “Audit Practice in Higher Education: The AQIP Model” for the Quality Audit Division Conference, ASQ, 2004.
  33. 33. 33 QUALITY PLUS ENGINEERING PRODUCT REVIEWS & MISCELLANEOUS INFO. Product reviews are attached for the following:  Exhibit #1: Port of Seattle review  Exhibit #2: Value Added Auditing™ book product review  Exhibit #3: Supply Management Strategies book product review  Exhibit #4: Advertisement for Value Added Auditing™ workshop.  Exhibit #5: Value Added Auditing™ methodology
  34. 34. 34
  35. 35. 35 VALUE ADDED AUDITING™ BOOK REVIEWS Value Added Auditing is the first textbook that I have read cover-to-cover. This approach to auditing represents a total paradigm shift. Instead of viewing auditors as policemen and auditing as punitive and after the fact, this new approach stresses collaborative team effort, participatory problem solving, and proactive improvement rather then reactive corrections. I was always taught that ‘you support what you are involved in making happen’ and I fully support the philosophy of Value Added Auditing. David Wallace, Former Director of Audit of Compliance, Office of the Governor of Texas I have reviewed all the materials and I think that they are really on-target. I believe that this is the type of material that ‘modern’ auditors must get a handle on, specifically learn new ways of doing things to add value. Pat Keith, CQA, MBA, CIO – Texas State Auditor’s Office The world of auditing is growing by leaps and bounds. Many 'quality' auditors are going to be left behind. To avoid becoming obsolete, reading this book is essential. Value Added Auditing contains the latest information in an easy- to-understand style. Must reading! Don Dewar, President QCI & Quality Digest, author, consultant Value Added Auditing is auditing for increased profitability and improved customer satisfaction. You can't afford not to do it. Jim Lamprecht, ISO 9000 ‘best selling’ author, consultant, educator Value Added Auditing is auditing on steroids. Managing risk determines whether the business lives another day. Phil Schwaab, QMS-A, ISO 9000 auditor Regain public trust. To CEO's of Enron, WorldCom, and Qwest: You should have read Valued Added Auditing. It brings trust back into business. It’s a powerful manual for today's business environment. Karl Schultz, President – Schultz Associates Value Added Auditing is the right way to uncover risks in the today's organization. VAA delivers the in-depth diagnoses needed for proactive risk analysis and improvement.
  36. 36. 36 Edward J. Metzler, President - aCCredo Corporation SUPPLY MANAGEMENT STRATEGIES BOOK REVIEWS Greg's Supply Management Strategies is right on. Your company's competitiveness and your career success will be determined by how well you execute supply management strategies and tactics. This book tells you why and how. Paul Novak - CEO - Institute of Supply Management – formerly the National Association of Purchasing Management - 'The World's Preeminent Supply Management Organization’™ I found this book to be a great resource and very relevant to the issues we face in government today. As our role in public purchasing evolves more toward supply chain management, we are challenged with finding new and better ways to do our jobs. Greg's book offers a ton of information, insight, and fresh ideas; all of which would be valuable to the public procurement professional. Darin Matthews, CPPO, C.P.M. Contracts & Procurement Manager Multnomah County Facilities Division 2002 Board of Directors, National Institute of Governmental Purchasing A bulls-eye! Hutchins' presentation of the subject matter is immediately relevant, clear and comprehensive. This book is a must-read for all organizations concerned with their ability to compete and provide value to their customers. Jeff Israel, Chief Satisfaction Officer, SatisFaction Strategies LLC. Now, there is a purchasing revolution taking place. To be competitive today, you must read Greg Hutchins' book carefully, learn the new supply management concepts, develop your new corporate sourcing strategies and then apply Greg's suggestions immediately. Your future success depends on it. This is the best supply chain investment you can make. . Norman Bodek, 'Father of Lean Manufacturing' author of The Idea Generator, former CEO, Productivity Inc. Supply Chain Management is a topic about which much is being written. Rarely, however, is an author as well qualified to explain this subject as Greg Hutchins. Even
  37. 37. 37 more unusual is his perception that Supply Chain Management is all about managing processes. Project management and risk assessment and management are also integral to successful SCM, but seldom recognized. Not only is the information in this book presented in an integrated way, it is both practical and realistic. This book will be useful to all levels of supply professionals. It is the essential tool to direct us to successfully manage this strategic activity. Lee Buddress, C.P.M., Ph.D. Professor of Supply and Logistics Management Portland State University Finally, the travel guide for those in the supply chain management trenches. Greg Hutchins delivers bottom line advice that would cost you thousands of dollars in consultant fees. Additionally, this book examines numerous best-practice examples from world-class organizations providing you with seldom seen view inside these successful firms. Attention supply chain stakeholders: buy and read this book cover-to-cover to experience the success and corporate recognition you deserve. Dr. Charles J. Teplitz Professor Of Operations Management University of San Diego Other books I’ve read on Supply Management or Supplier Quality have focused on one aspect of the Customer Supplier relationship. This book and it’s approach leads the reader through what the supply chain is, the value the supply chain has and how to improve the effectiveness of the supply chain. I especially like the emphasis placed on how to improve the supply chain, all it’s elements and to use it as a competitive weapon. Focus on the big picture and examine ways of streamlining the supply chain to add value to the organization and position the organization for growth. Linking the traditional supply management approaches with Lean, Six Sigma and Baldrige award approaches reminds the reader of the work and attention that must be provided to be competitive in the market place. I would not only recommend this book to my supply chain staff but to my quality, engineering and manufacturing associates too. Patricia C. La Londe Director Supply Chain Management Vice Chair, ASQ Customer Supplier Division Hutchins carefully delineates a succession of strategies that provide competitive advantages in the supply chain environment. The book guides readers through competitive drivers and the need for companies to focus on core process competencies - specifically the strategic supply chain. Success is more than a balanced scorecard. It’s the execution of strategies aligned to form a competitive advantage. Hutchins describes the competitive drivers facing current businesses and the need to focus on core competencies. His book shows how your supply chain has become a major component in competitiveness and outlines strategies based on supplier and supply chain development.
  38. 38. 38 Douglas J. Geniesse, PE Senior Operations Manager Kansas Fulfillment Center, Amazon.com VALUE ADDED AUDITING WORKSHOP AD Advertisement for Value Added Auditing™ workshop at the University of Texas at Austin
  39. 39. 39 VALUE ADDED AUDITING METHODOLOGY Part I: Planning Value Added Auditing Step 1: Understand Audit and Business Objectives Step 2: Notify/Visit Auditee Step 3: Understand Auditee’s System, Process and Product Documentation Step 4: Develop Audit Plan Step 5: Develop Audit Survey Part II: Conducting the Value Added Audits Step 1: Assess Organizational Maturity Step 2: Assess Process Capabilities Step 3: Assess System/Process Risks Step 4: Evaluate Control Effectiveness Step 5: Assess Evidence Step 6: Issue Opinion Step 7: Conduct Exit Meeting Part III: Reporting Value Added Audit Results Step 1: Communicate Audit Results Step 2: Decide Audit Report Format Step 3: Correct – Prevent – Predict – Preempt
  40. 40. 40 GREG HUTCHINS’S PUBLICATIONS The following articles from Quality Plus Engineering on COSO ERM based assessments appeared in the following magazines:  Exhibit #1: Value Added Auditing: Your Best Assessment Tool, October 2002, Quality Digest.  Exhibit #2: Under Scrutiny, December 2002, Project Management Institute PMNET.  Exhibit #3: Going to the Source, Action Industry Action Group, September, 1996.  Exhibit #4: It’s the System, Project Management Institute PMNET, November 1999.
  41. 41. 41
  42. 42. 42
  43. 43. 43
  44. 44. 44
  45. 45. 45
  46. 46. 46
  47. 47. 47
  48. 48. 48 ENDNOTES
  49. 49. i IIA, “What is Internal Auditing,” IIA Web Site, 2000. ii IIA, Redbook 300.02.06. iii IIA, Redbook 300.02.06.

×