Operations Excellence Audit

1.1 From every customer a process description is available and visible on a document management system (e.g. SharePoint, Master Control)

1.2 Work instructions from the core activities are available

1.3 Every work instruction has a process flow, version number and file location and classification of confidentiality (internal, external) (check random 5 work instructions)

1.4 Check random 5 work instructions and check if there is a revision date noted and the current date is not older than revision date

1.5 Work instructions (the latest version) are available where the activity takes place

1.6 Work instructions are all in the same standard format for your site incl. headers and footers

1.7 Work instructions covering process time

1.8 People with access to the document management system (e.g. SharePoint, Master Control) can show the place where the digital file of the work instruction is stored (check random 3 arvato employees connected to the core processes)

1.9 Are documents classified? (e.g. internal, confidential, public) check random 5 documents

1.10 Are changes described and the revision history in place? (e.g. date, short description, and version name, paragraph that was changed)

1.11 Are the hard copies managed correctly? Are the hard copies the same as the one on the document management system? Check 3 random hard copies in different areas in the warehouse.

1.12 Do all leaders (above operator level) understand why document management is important? Check 3 random leaders if they can explain why.

2.1 Is visual management in place? (e.g. standardized: floor markings, cone colors, signings, waste bins, shadow boards). <br>

2.2 If visual managent is in place, are the floor markings and signings (department signing, labels) matching your internal standards?<br>

2.3 Are other visuals (e.g. shadow boards, packing table organization) in place, visible and in your internal standard?<br>

2.4 Is at least one 5S board in place showing visuals, tasks and improvement action lists with due dates and owners, covering your defined 5S departments in the warehouse? <br>

2.5 The 5s board(s) is up to date<br>

2.6 Regurlarly a 5S audit is excecuted

2.7 The overall scoreof the 5S audit of the last 4 months is higher than 85%

2.8 The action points out of the 5S audits are not out-dated<br>

2.9 Check 3 persons and ask them if they do understand the concept of 5S

3.1 Work instructions shows the Personal Protective Equipment if needed (e.g. safety glasses or gloves)<br>

3.2 All employees have received an health and safety training and their trainings are registered in the trainings matrix. Check random 5 employees (100% score)<br>

3.3 Clear procedure is in place to report incidents and dangerous situations. All leaders are aware and can show it. Check random 3 leaders.<br>

3.4 Health and safety scores are presented to the employees on a regular basis and shows continuous improvement (e.g. SQDIP score on boards and screens)<br>

3.5 Emergency response team is trained and per shift are enough members available<br>

3.6 Emergency drills are executed on a yearly basis<br>

3.7 Risk assessment for job safety is executed on annual basis (Risk and inventory evaluation)<br>

3.8 Are manuals/WIs available for machines? Check 3 machines/devices

3.9 Are health and safety audits executed on a regular basis and actions defined and updated on a regular basis?

3.10 Bins are clearly marked to separate waste<br>

3.11 Employees know how to separate waste (check 5 waste bins if waste is separated correctly + check randomly 5 employees)<br>

3.12 For resources consumption (gas, electricity, water) clear KPI's are in place and consumption is monitored?<br>

4.1 Is data security managed? Check 5 waste bins for confidential information<br>

4.2 Is clear desk / clear screen in place (e.g. no customer data is to be left on a desk or on a screen when leaving a workspace? (take 5 samples)<br>

4.3 Are (physical / data) security awareness training given? (take 5 samples)<br>

4.4 Are security work instructions in place and are security officers trained? <br>

4.5 Is there a security policy in place?<br>

4.6 Are you complying with the security standards for your site and your clients (e.g. buidling fenced for TAPA A, CCTV)?<br>

4.7 Is access control in place and zones defined?<br>

4.8 Is key/ physical management in place?<br>

4.9 Is there CCTV in place and part of a scheduled maintanance plan(e.g. check if all CCTVs are working?<br>

4.10 Are KPI's defined on security?<br>

4.11 Are alarms / motion detection in place?<br>

4.12 Is continuous improvement on security implemented?<br>

4.13 A password manager must be used to store accounts and passwords (e.g. recommended is Keepass) (check random 3 white collar arvato employees)<br>

4.14 An initial or reset password is changed upon first log-on<br>

4.15 System protection is in place (e.g. virus control) and documented for each computer in the warehouse<br>

5.1 The site has KPI's

5.2 The customer has KPI's (inbound, outbound, inventory acurracy, transport, storage, productivity, Health, safety and Environment, OTD)

5.3 KPI's are communicated and presented (internally + not outdated) to the operations (e.g. on Dashboard)

5.4 KPI's are communicated (externally with customers, e.g. MBRs, QBRs + not outdated)<br>

5.5 KPI's are understood by the employees. Check random 3 arvato employees <br>

5.6 KPI's are SMART (Specific, Measurable, Achievable, Reasonable and Time Bound)<br>

6.1 A clear overview of a continuous improvement list is available (e.g. Safety/Quality/Productivity improvements)<br>

6.2 KPIs show continuous improvement (e.g quality score is higher/ better in comparison to last year)?<br>

6.3 Are there inbound and outbound quality checks in place(e.g. visual checks at inbound for quality and quantity as well as transport damage; for outbound a QC check of a % on outbound level against qty, right SKU, right VAS, or other customer requirements?<br>

6.4 Continuous improvement actions/solutions are communicated and shared internally<br>

6.5 Do continuous improvement actions have an owner and a deadline?<br>

6.6 Continuous improvement actions are not overdue<br>

6.7 These smaller projects /continuous improvements actions are documented in a correct way showing at least the current state (KPI), actions and a clearly defined future state (KPI). Check 3 improvements<br>

6.8 LEAN assessment audit actions from previous year are completed. Check 5 action points<br>

7.1 Is there a communication matrix in place (external)<br>

7.2 Is there a communication matrix in place (internal)<br>

7.3 Regular communication moments defined (internal, e.g. weekly team calls, meetings)<br>

7.4 Regular communication moments defined (external, e.g. weekly customer calls, meetings)<br>

7.5 Team kick-off briefings start every shift (e.g. sunrise meeting, handover meeting)<br>

7.6 Performance board for each operations (department) is in place (e.g. SQDIP)<br>

7.7 Organization wide same signature set-up (check 3 employees)<br>

7.8 Minutes/actions of the regular meetings are documented and available for all relevant people?<br>

8.1 Is a trainings matrix in place (e.g. SharePoint, Excel, Master Control)?<br>

8.2 Percentage of trained employees is above 80% per audit scope (per auditing scale: e.g. customer, module, warehouse) <br>

8.3 Percentage of trained employees is above 90% per audit scope (per auditing scale: e.g. customer, module, warehouse) <br>

8.4 Percentage of trained employees is above 95% per audit scope (per auditing scale: e.g. customer, module, warehouse)<br>

8.5 Current employees (incl. Team Leads, Supervisor, Assistent Supervisors) are all trained on the latest major (major = process change, minor = wording change) version of the WI's applicable to their role (check 5 employees)<br>

8.6 Employees could show you the folder (digitally) with WIs (ask 2 random employees)<br>

8.7 Team Leads, Supervisors, Assistent Supervisors are aware of the trainingsmatrix and can check the training status of their department. Check random 3 Team leads, Supervisors or Ass. Supervisors and let them check 3 employees<br>

8.8 Are your employees trained on the local standard that are needed for your warehouse and do you have the corresponding support system in place? (e.g. reguldated agent + sticker on badge or red vest; Dangerous goods training) <br>

9.1 Regularly an employee satisfaction survey is executed<br>

9.2 Participation rate of the employee satisfactions survey is above 70%<br>

9.3 Participation rate of the employee satisfactions survey is above 90%<br>

9.4 Teams do know their absentism/sick leave score (%). Check random 2 departments<br>

9.5 Managers are trained or generally know how to improve the absentism/ sick leave score (%)<br>

9.6 Carreer path options are known by all employees. Check 2 random employees.<br>

9.7 >30% of staff is present at the company events (e.g. Summerparty, Christmas party, Annual Dinner)<br>

10.1 Is an organizational chart available with all positions in it (main functions) <br>

10.2 Are the job descriptions available from all different kinds of positions, target >85%<br>

10.3 Are the key positions defined and filled<br>

10.4 Is a succession planning/ back-up plan available for all defined key positions (excl. names) (e.g. for sick-leaves or people resigning)<br>

10.5 Risk assessment is in place and at least yearly updated (also depends on customer specific questions)<br>

10.6 Do you have two independent sources of power/electritiy for your warehouse? <br>

10.7 Do you have more than one connection to the internet for your warehouse (at least two cables, in case one is defective, there is a back-up)?<br>

10.8 Business Continuity Management / Risk mitigation is in place and yearly updated (e.g. fire, water, power outage) <br>

10.9 Business Continuity Management / Risk mitigation has a direct link with the risk assessment<br>

11.1 Quality Mangement Policy available in warehouse (e.g. zero defects, customer satisfaction) <br>

11.2 The Quality Policy should be connected to and measurable with Quality targets (e.g. increase of customer satisfaction of 3%)<br>

11.3 Is claim / issue management process in place for all customers? <br>

11.4 Quality Policy is known by Management. Ask 3 random managers.<br>

11.5 Internal Audits are performed according to audit planning. Check 3 internal audits and internal audit plans.<br>

11.6 Audit checklists/templates/tools are used. Check 3 checklists/templates/tools<br>

11.7 Audit reports stored on shared location and all relevant people have access to it.<br>

11.8 Managment review performed at least once per year and minutes stored on Sharepoint<br>

11.9 Audit frequency based on risk assessment (e.g. if the risk is high, the frequency of audits should be high as well) <br>

11.10 Non-conformities deadlines are met (in case non-conformities are detected)<br>

11.11 Root Cause and Corrective Action document is filled out properly and stored in a central place for all major customer issues? (Problem description, sequence of events, 5 Why analysis, root cause, etc) (Check random 5) <br>

11.12 Corrective/preventive actions are implemented in the processes (Check random 2)

11.13 Corrective/preventive actions were effective (Check random 2 if problem is solved)<br>

12.1 Is there a supplier evaluation program implemented?<br>

12.2 From every Supplier an Audit/ Assessment was performed and is available?<br>

12.3 Are there signed contracts in place for every main supplier?<br>

12.4 Are there supplier KPI's defined? <br>

12.5 Are the KPI's defined and matching with the KPI targets?<br>

12.6 Are suppliers meeting Arvatos guidelines (Code of conduct, Data Proctection Agreement)<br>

13.1 Operational suppliers have a re-order point and a point to trigger their re-order (e.g. Kanban for consumables, can be system driven or by cards, excel, visual markings) <br>

13.2 Triggers like flags, alarmlights or system signals are in place when issues occur, like outages, SAP jobs breaking up, conveyor outages, Scanner outages (Andon = alarm in Japanese)<br>

13.3 Value Stream Map is created to define the flow, with volumes and tact times (current state)<br>

13.4 Future scope of the Value Stream Map is created and actions are defined to optimize the current stream<br>

14.1 For all customers a clear workforce scheduling tool is used, which is based on volumes and productivities (e.g. in Excel or SAP)<br>

14.2 Is there a work instruction or other doucmentation that captures how to use the workforce scheduling tool? <br>

14.3 Expected workload is clearly communicated at the start of every shift with the operators (daily forecast) <br>

14.4 Productivity scores are clear to all operators.<br>

15.1 Customer Satisfaction survey (or at least as scorecard/QBR/MBR) are executed at least on a yearly base <br>

15.2 Customer requirements with regard to security and quality are met if in place?<br>

15.3 Customer satisfaction is translated into KPI's and is measurable.<br>

15.4 Results of score are discussed with customers<br>

15.5 Actions are created with due dates and clear responsibilities to follow up of on the Customer Satisfaction results<br>

16.1 Monthly PnLs per customer are created and discussed on a monthly basis in the "financial meeting". Appropriate actions are defined based on the financial meetings.<br>

16.2 Stock obsolesence/penalties/other risks are reviewed with the Finance Department and provisions are being made if required.<br>

16.3 90% of the billing of the last 6 months have been executed in time (e.g. <=5 working days).<br>

16.4 Outstanding amounts are not exceeding the payment terms of clients. When payment terms are exceeded this is followed-up with the account managers

16.5 Payments to our suppliers are excecuted on time preventing penalties or missing reduction (98%). If workflows are taking too long actions need to be defined to improve.<br>

17.1 Maintenance plan is completed and up to date<br>

17.2 Maintained items are registered including next maintance date<br>

17.3 Maintenance check: take 5 samples if they are maintained within due date<br>

17.4 Routing/ walking ways (visitors / employees) are clearly defined<br>

17.5 Reception or a reception function is in place<br>

17.6 Visitors are registrated upfront (score >80%)<br>

17.7 >80% of purchasing is executed via SAP and booked against a PO<br>

18.1 Is there an up-to-date Network diagram in place incl. IP addresses and WAN connections (Wide area network)? <br>

18.2 Is there a Hardware maintenance overview in place and in accordance to the SLA? <br>

18.3 Asset Management: All IT Hardware (e.g. computers, monitors, RF-scanners) is registered correctly in a cmdb (configuration management database)<br>

18.4 Is mobile device management in place (e.g. remote device swipe if mobile lost)?<br>

18.5 Bring your own device policy in place (e.g. can you access internal data from own devices) <br>

18.6 Report system software: every system is up to date incl. patch management processes documented and arranged (100% target)<br>

18.7 Vulnerability scans/ penetration test is meeting the target?<br>

18.8 Workstation compliance is (anti virus / updates / security settings) up to date, according to ISMS standards of Bertelsmann?<br>

18.9 IT Service desk work instructions trained and up to date (check random 3 work instructions) <br>

18.10 Is secure disposal of physical and digital information guaranteed?<br>

18.11 Are you aware of the IT/ Security/ cloud assessment procedure? <br>

18.12 Do you have role based Access Management in place (e.g. SharePoint, roles in SAP)? Review 3 random employees<br>

18.13 Are you aware of the ISO 27001 certificate? <br>

18.14 Do you know who is the responsible ISO person for your business/ warehouse and do you know the purpose of the ISO?<br>

18.15 Service desk SLA score met (e.g. SCS IT, NetIT, check you local IT Service Desk)<br>

19.1 Each project has a project manager that is responsible for the end to end project (time, budget, quality)<br>

19.2 Each project manager that is engaging in projects should be trained in the basics of Project Management.<br>

19.3 Project org charts are in place with clear responsibilities per work stream (e.g. transport, ops, IT, LE, trade, training; UAT).<br>

19.4 Each project has a SharePoint page where all data and all logs are stored (e.g. Risk log, decision log, action log, meeting minutes, workshop presentations, etc.)<br>

19.5 Each project has a control board/ steering commitee in place<br>

19.6 Check if regular internal (project team) and external meetings (with client) take place where an action log is followed and actions are discussed<br>

19.7 Each project has an IT Test matrix with clearly defined test cases, including result to test for, signed off internally and with the customer. Test cases are processed and outcome is documented. <br>

19.8 Each project has a project plan with clear responsibilities.<br>

19.9 The project plan is updated regularly and actions are not past due date.<br>

19.10 Each project/client has a statement of works/ business process document in place. The scope of the project needs to be clearly defined with all processes mapped out.<br>

19.11 Projects are delivered on time as per planning. Timeline should not be exceeded (exceptions possible, e.g. if client postpones go live)<br>

19.12 Project budgets are agreed in the beginning of a project and are not exceeded.<br>

19.13 Trainings are executed pre Go-live for all new processes and WI are in place.<br>

19.14 Each project manager manages change requests, which are captured and signed off by clients before implementation and are invoiced after implementation.<br>

19.15 Handover for past go live is in place from project management team to relevant departments<br>

19.16 Each Project ends with a lessons learned session. <br>

20.1 Compliance and information security incidents are registered in a central place (such as Top Desk) and follow up in defined<br>

20.2 All registered compliance incidents are closed within 30 days, if action is needed<br>

20.3 All Arvato SCS employees have been trained in the code of conduct (check random 5 employees in Trainingmatrix)<br>

20.4 All Arvato SCS employees have been trained in the anti corruption training (check random 5 employees in Trainingmatrix)<br>

20.5 All Arvato SCS employees have been trained in the data protection (check random 5 employees in Trainingmatrix)<br>

20.6 Are the following topics covered by employees in your warehouse: Data protection , Information security, Business continuity? <br>

20.7 All suppliers have a Data Processing Agreement (DPA) in the contract (data protection agreement)<br>

20.8 All customers have a Data Processing Agreement (DPA) in the contract (data protection agreement)<br>

20.9 Are you aware of the latest laws and regulations that your site is required to comply to? <br>

20.10 At least 33% of these Data Processing Agreements (DPA)are signed and finished for suppliers<br>

20.11 At least 33% of these Data Processing Agreements (DPA)are signed and finished for customers<br>

21.1 Is inventory control executed regularly (e.g. cycle count, W2W, location check, empty bin checks)<br>

21.2 Is warehouse inventory management in place and excuted (e.g. A/B/C, heat map) to reduce overstock<br>

21.3 Are sunset clauses or measures in place to reduce aging stock (possibly discussion in QBRs)<br>

21.4 Are Article/Material master controls in place or managed in a good manner (incl. correct geo data, COO, DG + MSDS sheets up to date)? Check 3 random materials.<br>

21.5 MSDS sheets in place (if dangerous goods are in the warehouse) and up to date? <br>

21.6 Economic order quantities or reorder points defined for consumables?<br>

22.1 Are you aware of the SCS IT KPIs & SLAs? <br>

22.2 Are the SCS IT SLAs met for your clients? <br>

22.3 Do you have trained SAP key users? <br>

22.4 IT Change backlog management in place and up to date for all IT changes?<br>

22.5 Are you working Agile? <br>

22.6 Are Change requests defined in Jira? <br>

22.7 Are the estimated timelines for the Change requests from IT met? <br>

22.8 Is the quality of the change requests as requested? <br>

22.9 Are changes tested before deployment by key users? <br>

22.10 Do you work with an IT test matrix or script? <br>

22.11 For every project there is a handover from project IT team to the SAP support team?<br>