Quality Risk Management
Quality doesn’t exist in a silo. It impacts every part of an organization – its departments and its people. Our role as quality professionals may appear to be focussed on just one element of quality within a department or the organization but to effectively manage risk, we must move out of our comfort zone and consider how we can help our department and the organization identify and assess risks.
Assessing risk can save an organization significant embarrassment as well as time and money. Let me show you how the quality tools and processes we use are easily adapted to the risk management process.
What is Quality Risk Management?
Quality Risk Management is a collaborative approach to identify, analyze and respond to product, service, operational, supplier, supply chain, security, compliance & operational risks. It provides a rational basis for decision-making and can impact quality, customers, employees & organization.
The Role of the Quality Professional in Risk Management
Quality professionals can be generalists or specialists. They carry titles such as quality manager, quality engineer, quality director or assurance manager. Some are concerned with the delivery of products and services, while others are part of the leadership team. Some are internal and others are external.
A Quality professional’s focus is on the delivery of quality products/services. They are dedicated to protecting & strengthening their organizations by ensuring stakeholder needs & expectations met & exceeded.
Quality professionals can lead the risk process. If a risk management department exists, work with them to ensure all quality-related areas are considered. VPs and Directors of Risk are relatively new positions. They have been more prevalent in the past couple of years than before. They can sit in quality or be more centralized in the organization.
The trick to risk management is in the facilitation and the process itself. Quality leaders are most comfortable with these skills.
The ISO 31000: 2018 – Risk Management Principles & Guidelines on Implementation
The ISO 31000 Principles & Guidelines for 2018 states that risk is the effect of uncertainty on objectives. It adds that:
- Organizations operate in an uncertain world.
- There is always a chance that events won’t go according to plan.
- There is always a chance that events won’t realize their expectations.
- Every step in managing a new product or service involves uncertainty.
- Every step has an element of risk.
- We can reduce uncertainty and manage risk by using a systematic approach to risk management.
It is certain that if you don’t actively attack your risks, they will actively attack you!!!
Understand the Difference between Crisis Management versus Risk Management
Crisis management is when a risk occurs and
- It’s not included in the risk manage ment plan.
- There are no contingencies to manage it.
Risk management is when a risk occurs, and
- It is included in your risk management plan.
- There are contingencies to manage it.
The current thinking around risk management is that it implies we can control possible future events. It is proactive versus reactive. Risk management will always reduce the likelihood of an event occurring and also the magnitude of the impact.
Creating a Risk Management Culture
1. Start by creating a steering committee
Include a mix of management and staff from different departments and locations to form a steering committee. This committee will be responsible to map out a risk management strategy, process and plan.
2. Create your definition for “quality risk management”
There are many definitions for risk management including those in the ISO 31000. The steering committee will define what risk management means in their context; for their department and/or location and/or organization. This will help to frame the strategies and process required to assess and manage risks.What risks affect products, services, technology, structure, processes, market, etc.?
3. Develop the strategies, process and plan
What strategies are required to close the gap between how risks are currently assessed and how they should be assessed to meet your definition of quality risk management? Once decided, the committee must create a risk management process that everyone will follow to achieve the goal.
The committee will then create the plan to launch the risk management process. It will include where to start and who should be included. For example, will it start in one department or location? If so, will it then expand to eventually include the entire organization? The plan will clarify the steps required to get the end goal.
4. Identify training requirements
Training can be combined with doing the risk assessment. This is done by engaging everyone in the risk management process to learn and directly apply this knowledge to doing the risk assessment.
5. Start a continuous risk management process
Start the journey. Follow your plan and ensure the plan identifies the frequency i.e.; every 6 months, yearly, etc.
Follow a Risk Management Process
A risk management process is intended to reduce management by crisis. There are always some things that can’t be avoided. However, most, through risk management, can be managed, rather than reacted to.
When identifying risks is critical that the team doesn’t dismiss a risk because they can’t do anything about it. It doesn’t change a risk into a non-risk. Nor does it move a risk from known to the unknown. All risks have an effect. All risks have causes & impacts and can be assessed.
Risk Management Process Step 1: Identify Risks
Brainstorm the challenges, missed opportunities and/or other unforeseen events for the business area, department, customer, suppliers, quality, etc. These risks are then categorized into groups of similar related risks.
It is important through this process to engage all employees. Employees only support what they create. They can be engaged through focus groups where they’re given an opportunity to identify what they see as potential threats or missed opportunities. Leaders will own the outcomes only when engaged so engage them in the entire process of risk identification, prioritization, assessment and responses.
Risk Management Process Step 2: Evaluate & Prioritize Risks
Evaluate the impact of the threat or opportunity of the risks in each category. Estimate the probability of the risks in each category. Calculate the risk level by multiplying the impact times the probability and this will determine the priority rank.
Risk Management Process Step 3: Assess Risks
Identify what will cause each risk in the high priority risk categories and what the possible effect or impact of each risk will be.
Risk Management Process Step 4: Develop Risk Responses
Create the mitigation plans. These are the actions to reduce risk likelihood. Create the contingency plans. These are the actions to manage risks. Create the opportunity plans. These are the actions to ensure the opportunities are realized.
6 Important Actions That Will Help Quality Professionals Sleep Better
- Understand the difference between risk management and crisis management and commit to managing risk.
- Define quality risk management for your context and situation.
- Create a cultural shift within your department or organization to include risk management.
- Develop a risk management process.
- Engage employees and leadership in the establishment of the risk process.
- Create a continuous improvement cycle for your risk journey.
If you learn how to manage risk and follow the six important actions I have outlined, the outcome will be positive; you will reduce sleepless nights trying to put out unanticipated fires and feel more in control of your work life.