Sripathy Ramachandran is an MBA (Systems), PMP certified, and a Provisional Assessor for Automotive SPICE (by inTacs). Sripathy has over 20 years of experience in the IT industry with roles spanning across the entire software lifecycle. He has extensive experience with various process models and standards including CMMI, Automotive SPICE, ISO 26262, and DO-178B standards.
Sripathy is a Practice Lead and Principal Consultant (Automotive SPICE and Functional Safety) and set up the Compliance and Risk Management Office (CRMO). He has leveraged experience and best practices from other organizations and operationalized the same with a continuous improvement framework.
Track: Advancing Your Organizational Capability
Presentation Title: Setting up a Compliance and Risk Management Office (CRMO)
Presentation Summary: The Automotive industry in today’s world is racing towards having innumerable features that are useful to the driver. The situation today is that there has been an almost exponential increase in embedded Electronic/Electrical (E/E) systems, together with some astonishing complexity in the associated hardware and software. Car manufacturers and their supply chain develop products by using state-of-the-art technology to enhance quality, safety and security. In order to ensure desired quality levels are consistently maintained, both the manufacturers and the suppliers align their product development methodologies to industry standards and models such as CMMI, Automotive SPICE, ISO 15288 (systems engineering), ISO 26262 (functional safety), security standards and more.
Managers are eager to see results of the best practice adoption; however they often have the following questions:
Are all the projects complying with internal development standards, industry standards and models?
Are adequate risk assessments performed to determine the business and operational risks?
Are proactive measures adopted to ensure remedial actions are taken?
- Should the compliance and risk assessments be performed by the respective project teams, or should there be independence?
This paper focuses on the approach adopted to establish a “Compliance and Risk Management Office” at a car manufacturer, wherein appropriate controls are defined, the effectiveness of these controls are assessed, appropriate remedial action is taken, and scorecards can be presented to the appropriate level of management. The benefits of setting up an independent “Compliance and Risk Management Office” include:
Independence brings a consistent and committed focus to compliance and risk assessments across the business
A knowledge management system can be built, and results subsequently analyzed to determine common remedial actions
Health indicators and risk/compliance scorecards are provided by independent management reporting
It can help reinforce a common framework between manufacturers and their suppliers, maximizing the chances of success in such symbiotic relationships.
Project managers can have increased confidence that their projects will meet their overall goals and objectives, secure in knowledge that risks and non-compliances are being identified as soon as is practical.
Senior management can be reassured that their organization is operating to best practice.