Does Your QMS Speak Risk
-
Upload
mayank-kakkar -
Category
Documents
-
view
216 -
download
0
Transcript of Does Your QMS Speak Risk
-
7/30/2019 Does Your QMS Speak Risk
1/5
4/28/13 Does Your QMS Speak Risk?
www.qualitydigest.com/print/23297 1/5
Published on Quality Digest(http://www.qualitydigest.com)
Home > Does Your QMS Speak Risk?
Does Your QMS Speak Risk?Risk management can help streamline compliance in an objective
and systematic way
Morgan Palmer
Published: 04/22/2013
Editors note: Quality Digest will host Morgan Palmers webinar, Defining and Building a Risk
Management Strategy for Quality and Compliance Management Systems on Tuesday, April 30, at 2
p.m. Eastern/11 a.m. Pacific. Palmer will also be a guest on Quality Digest Live on Friday, April 26,
2013, at 11 a.m. Pacific.
When we look at the dynamics of commerce, from any industry, we see an increasing rate of change.
Changes in products, processes, and regulations are all driving companies forward. One process affects thenext, and with a growing emphasis on compliance regulations and standards in a global marketplace,
complexity is the new cost of doing business.
[ad:23315]
Weve also begun to see disparate trends in quality and compliance. As businesses become more complex,
quality cultures change, sometimes from a regional perspective, but also companywide. Growth and
expansion also give rise to more industry regulations and requirements, which companies also must address.
As they expand in complexity, businesses struggle to organize their regulatory compliance efforts to their
quality management system (QMS) initiatives.
All these factors weigh heavily on organizations. How are they able to keep up?
Technology is one way to streamline complexity. It can help align business processes with compliance
initiatives and drive better process automation. Companies are tying more areas of their business together to
improve communication and create greater visibility into operations. At the same time, organizations try to
keep a consistent and singular workflow for processes that adhere to compliance initiatives.
https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661http://www.qualitydigest.com/https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661http://www.qualitydigest.com/http://www.qualitydigest.com/ -
7/30/2019 Does Your QMS Speak Risk
2/5
4/28/13 Does Your QMS Speak Risk?
www.qualitydigest.com/print/23297 2/5
This all comes at a cost, of course. Systems are an investment, as are the time and resources required to
maintain compliance. Theres also the cost of compliance reporting; we must invest in these reporting
methods to demonstrate compliance. As quality management regulations change, we may be faced with
additional costs. We may need to change equipment to adhere to a new quality standard. We may even need
to adjust an entire work area for quality initiatives or new products.
We know that compliance is necessary, and it can be a significant investment for an organization. How can
we find ways to streamline the compliance process while mitigating costs? Risk management can help
streamline compliance in an objective and systematic way.
When we talk about risk management, were not just talking about one area in the business. Risk
management is an umbrella that spans the enterprise. It includes everything from quality to environmental
health and safety (EHS) to finances and the supply chain. That is why it is so powerful as a concept; we can
use risk as a universal methodology for benchmarking compliance within the organization.
Overcoming risk management misconceptions
Often when people think about risk management, theyre really thinking about the risk-assessment tools. The
tools are important, but they are only one piece of the whole. Its really the content behind them that is the
most critical aspect. Having a tool in place is good, but it is not going to capture everything. We use tools
such as risk assessment to identify known hazards, but how do we know what our unknown or unidentified
hazards are? Tools are not going to help find the unknowns; you need a risk management process for that.
Similarly, how can you adjust your risk levels and associated guidance as your business evolves? The tool is a
fixed point that assesses the risk, but you need to look at the content and context of your operations to adjustthe risk levels and make changes to guidance as you encounter new hazards and potential risks.
We need to realize that the tools are just tools, and understand their limitations. People are not inherently
good at assessing risk. Here are some reasons why:
We are not as perceptive as we think we are. We are not adept at expecting things that we cant
imagine or have never experienced; in other words, we cant anticipate unexpected events.
We are not good at recording information. When we do encounter hazardous events, our ability to
record the event is flawed. We are not recording machines; we take the events and attempt to reconstruct
them as we see them. We project our point of view onto situations.
We see patterns where none exist. We tend to see patterns in random events; we look for order, and
when we cant find it, we create a subjective pattern.
We think we understand more than we do. We also think we have a deep knowledge of all processes,
when in fact we have only a basic understanding; we often insert our own understanding into a process and
-
7/30/2019 Does Your QMS Speak Risk
3/5
4/28/13 Does Your QMS Speak Risk?
www.qualitydigest.com/print/23297 3/5
come to a subjective conclusion.
We will inherently follow a group mentality. Finally, we tend to group-thinki.e., if everyone on a
quality team follows a similar consensus to an issue, then it must be the right decision.
The point is that without a true risk structure and process, using tools alone can lead to subjective errors in
risk recording. Its also important to realize that prediction is hard. Even experts dont always get it right. We
must ensure that we understand the limitations of the situations and circumstances in which we work, knowing
what we can predict vs. what is hard evidence.
Then there is the issue of cumulative risk. We may weather a lot of little events with minor impacts. These fly
under the radar because they are minor, but if all these minor events happen at the same time, they can have a
critical effect. For example, a factory could be at maximum production, which is tolerable. There might be
some routine equipment maintenance, which is normal. A new production line might be starting, which is not
uncommon. And, a suppliers materials might be late due to a snowstorm. All these things on their own
represent a minimal risk level, but if they all happen on the same day, the risk of an adverse event increases
significantly. Risk management requires that we become attuned to this way of thinking.
Although you cant have risk management without risk assessment, the structure is in risk management. Itsthe process in which we systematically come to the right conclusions, using risk assessment to analyze the
overall process. We need a risk management process to help eliminate our subjectivity, and to maximize the
effectiveness of the tools within the process.
Finally, risk management requires collecting a lot of data. One operational area usually is not often enough;
single data points are going to give you something, but not the whole picture. Roll out risk management
throughout the enterprise, and record all types of data, not just the more critical. Look at the near-miss data
as well as the critical data to get a complete picture of the companys risks.
Risk assessment tools for quality management compliance
Risk assessment is an important tool to measure levels of risk. It gives us the means to evaluate risk in its
operational context. Risk assessment allows us to apply event data using a risk-based approach.
-
7/30/2019 Does Your QMS Speak Risk
4/5
4/28/13 Does Your QMS Speak Risk?
www.qualitydigest.com/print/23297 4/5
What makes risk assessment powerful is that it is repeatable and objective; we can replace the otherwise
subjective gut feelings with a more guided, decision-making approach. Furthermore, risk assessment is easy
to understand for people who arent directly involved with the process.
Risk assessment helps to drive change, in both short-term and long-term contexts. What were doing is
building alerts for critical events and wrapping guidelines and decisions around risk assessment to develop
solutions for risk levels that are unacceptable. We can implement solutions for high risks in a more automatic
and consistent manner.
However, its important to reiterate that risk assessment is a tool, not the solution. Like any tool, we must be
careful of falling into a false sense of security by relying on it alone. In some cases, someone on the shop floor
may see something as a critical risk and escalate the level of risk, whereas when its considered from the top
floor, the risk may not be as bad in the larger context of operations. Risk must be universal in this sense and
not a matter of opinion. We must continuously test our risk assessment with content as well as historical data,
and then tweak the risk tools based on these data. We need to have a team in place to vet our risk tools and
make sure were achieving the right results. As our operations change, or as more data fill the system, we
may find that the risk levels need to be adjusted.
In a quality management context, risk is found throughout business operations. When we look at the QMS
process, we find areas where risk assessment makes sense as a useful tool:
Product and process design. As companies build out new products or processes, they can build risk
assessment in an operational context around several areas. Planning functions such as production part
approval processes (PPAP) can benefit from using this tool. Production and product planning are key
components for starting the product life cycle, and by building risk into these areas, we can foster risk-based
compliance at the start.
Manufacturing and delivery. In manufacturing, adverse events will happen. Risk assessment can help
analyze the severity and criticality of those events, which will lead to better, more informed decisions. As werecord nonconformances or deviations, having a risk methodology in place to filter a critical event can ensure
that we are paying attention to the events that pose the greatest risk to the organization.
Post-production: Most risk-based events will happen during the post-production part of operations. These
usually come as complaints, audits, or supplier performance. Risk assessment is a powerful method for
prioritizing adverse events and ensuring that they responded to effectively. Building risk into corrective and
preventive action processes provides an important function when conducting effectiveness checks. How can
we correct systemic issues to within acceptable risk levels? Risk assessment serves as an important check
on the effectiveness of corrective actions taken.
Risk management starts now
Risk management, if not already started in your organization, should start now. What this means is that
compliance is moving toward a risk management focus, and building risk technologies and tools is a great way
to benchmark and measure compliance.
However, the technology behind risk management is not automatic. It is a collection of processes and tools to
support decision making and does not replace people. Risk tools will take a level of subjectivity out of the
equation, but the ultimate decision-making still relies on people. Many organizations assemble a risk team to
ensure that decisions are made properly, and they use historical data to help fine-tune their risk assessment toensure accurate results.
Risk is a common element at all levels of compliance. Its applicable to many operational areas. It provides an
-
7/30/2019 Does Your QMS Speak Risk
5/5
4/28/13 Does Your QMS Speak Risk?
www.qualitydigest.com/print/23297 5/5
objective and systematic way to filter and prioritize adverse events, and in this complex business environment,
we need to improve the speed and quality of our decision-making capabilities. Risk terminology offers a
common language for complex operational issues, and it can easily be interpreted at all levels of the
organization.
If your QMS operation can speak risk, you can vastly improve your ability to affect compliance within your
business.
About The Author
Morgan Palmer
Morgan Palmer, chief technology officer atEtQ Inc., has more than 20 years experience delivering
software solutions. Palmer joined EtQ to create the companys first software application and is now
responsible for Reliance, EtQs flagship product for quality, environmental, and safety management.
2013 Quality Digest Magazine. Copyright on content held by Quality Digest or by individual authors.
Contact Quality Digest for reprint information.
Source URL (retrieved on 04/28/2013):http://www.qualitydigest.com/inside/quality-insider-article/does-
your-qms-speak-risk.html
Links:
[1] https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661
http://www.qualitydigest.com/inside/quality-insider-article/does-your-qms-speak-risk.htmlhttp://www.etq.com/company/