How Do You Mitigate Risk?
The latest revision of ISO 9001:2015 calls for a more formalized process around lowering business risk. As a senior business leader this is one area that can keep you up at night – what surprises are lurking in the background, waiting to pounce when we are most vulnerable?
A little history
In the 1980's problem solving and corrective action were key. We focused on determining the root causes that led to quality concerns. We used measurement methods to isolate problems and used corrective action to fine-tune processes in the hope of avoiding future problems. Measurement consisted of using x̅ and R charts, inspections while production was in process, as well as final inspections, and, of course, customer product rejections. The premise was that if we continued to address the root causes within our processes that we would continually approach perfection. We believed that having a full understanding of our process would yield predictability of the process’s output. In the 1980's we had the cart before the horse.
I suppose that approach would have been the last word on quality management if:
- We had sufficient funding to absorb the cost of all the failures and rejections while we fine-tuned our processes using problem solving and corrective action techniques,
- We had sufficient time to solve the quality problems before we lost our customers,
- The production processes weren’t constantly changing.
I guess we all believed that life would not be changing quite so quickly.
How about today?
Here we are thirty-five years later. Today we have smart phones, internet access, wireless networks, tablet computers, and the manufacturing base is shifting to third world countries and many high-end processes are performed by robots. Paradoxically, we still struggle with quality.
What we have learned since the 1980s is that processes evolve as they adapt to meet the customer’s challenges with new technology whether in their products or in their manufacturing equipment.
The approach we take today is to attack the production line proactively at its inception rather than measuring instances of failure and working backwards searching for causes. So today we finally have the horse where it belongs. We call this new approach Risk Analysis. In keeping with the new approach, we changed the term “quality control” to “quality management”. One consequence of this evolution is that, rather than having a small quality control department, we now have many more organizational tools with which to manage the overall performance of the organization which yields better results in the end-quality of our products and services.
To measure risk and to mitigate it, we need to understand our processes, identify each of the risk factors, and assign meaningful metrics to them so that we can assess them, and make more informed process decisions that reliably yield the quality we seek.
In other words, we need a system, like homeland security, in which processes are assessed as green, orange or red, where green is good, red is bad, and orange is work in progress. To achieve such metrics, we can use mathematical formulas consistently based on an in-depth analysis of each process.
The key is to design effective controls based on appropriate metrics, and to apply those controls consistently throughout all processes. Whether we chose to measure miles per gallon or liters per 100 kilometers doesn’t matter, we just need to pick one approach and use it consistently if the objective is to measure the fuel efficiency of a vehicle.
Access, identity and analysis are the keys to good risk management. Once risks are identified and the right metrics are applied we can use existing corrective actions and root cause analysis techniques to reduce in a meaningful and measurable way the potential failures that we identified in applying the Risk Analysis method.