Excellence with ERM - RIMS · · 2016-10-12Excellence with ERM Wesley Morgan Andrew Bent....
Transcript of Excellence with ERM - RIMS · · 2016-10-12Excellence with ERM Wesley Morgan Andrew Bent....
Presenters
Wesley Morgan
• Case Team Leader,
Wilson, Perumal and Company
Andrew Bent
• Regional Risk Manager (North America),
Sage Software Inc.
Presentation Objectives
• Describe the fundamentals of management
systems
• Identify how management systems can be
used to implement and strengthen ERM
• Discuss the practicalities of implementing a
risk-based management system
Problem Statement
Problem:
• When we use different approaches to managing
risk throughout our organization, we add
unnecessary complexity and decreases overall
effectiveness
Solution:
• Adopt a single, integrated approach to address
risk management across the organization
Establishing the Risk Lens
Our first step is establish the lens through
which we are going to look at our risks:
• Internal: things we can directly control– E.g. Maintenance strategy, management of change,
culture
• External: things we can’t control directly– E.g. Evolving markets, currency fluctuations, natural
disasters
Every company is made of 3
fundamental components:
1
They have processes… That are carried out by
people and technology
Processes 2 People 3 Equipment &
Technology
There are two kinds of processes:
Value Chain Processes are the core
activities a company performs to deliver
value to their customers• These vary greatly between companies
Management Processes are the activities
necessary to support Value Chain
Processes• These are very similar between companies
Example Value Chain Processes
Acquire raw
material
Convert to
finished goods
Store finished
goods
Distribute
finished goods
Collect
Payment
Each part of the overall value chain
process requires its own process,
people and equipment
How do you ensure that the processes, people and
equipment perform as expected?
Value Chain Processes
Each management system process is designed to address how
processes, people or equipment can fail in your value chain
Management System Processes
Role
s a
nd
Re
sp
on
sib
ilities
Cle
ar
Prio
ritie
s
Ide
ntify
Ho
w
PP
&E
may F
ail
Cle
ar
Co
mm
un
ica
tion
Co
ntr
ols
to
Mitig
ate
Fa
ilure
Ma
na
ge
Ch
an
ge
s to
Syste
m
Co
ntin
uo
usly
Imp
rove
Example Value Chain Processes
Acquire raw
material
Convert to
finished goods
Store finished
goods
Distribute
finished goods
Collect
Payment
Value Chain/Management
Processes Interaction
What is a Management System?
Management System:
The set of management processes a
company uses to manage its people, value
chain processes, and assets to achieve a
particular outcome, or set of outcomes.
Whether formal or informal, every
company has a Management System
• Informal – the company’s management
processes are not explicitly defined,
documented, or purposefully managed
• Formal – the company’s management
processes are defined, documented, and
deliberately managed
Four reasons companies formally
document management systems
Communicate
expectations
Ensure
consistency
Enable
accountability
Continuously
improve
Implementing a single, integrated management
system reduces overlap and improves performance
People
Process
Equipment
Change
Key
ControlsSafety
People
Process
Equipment
Change
Key
Controls
Environ-mental
People
Process
Equipment
Change
Key
ControlsQuality
People
Process
Equipment
Change
Key
ControlsReliability
People
Process
Equipment
Change
Key
ControlsCost
Common Management
System Approach
Operational Excellence
Management System
People
Process
Equipment
Change
Increased performance
Accelerated learning
Reduced cost and overhead
Safety
Quality
Environmental
Reliability
Compliance
Cost
Key
Controls
The foundations of an Operational
Excellence Management System
Key Value Drivers
OE is defined by
measurable
business
performance
across specific
value drivers
Safety
Environment
Compliance
Quality
Productivity
Yield
Cost
The Four Sources of Risk
Example Value Chain Processes
Acquire raw
material
Convert to
finished goods
Store finished
goods
Distribute
finished goods
Collect
Payment
Any failure of the operation to produce a good or service that meets the
customers requirements is a result of 1 of 4 sources:
1. A person failed to do what they were expected to do.
2. A process failed to perform as expected
3. A piece of equipment failed to perform as expected
4. Un-managed change
The foundations of an Operational
Excellence Management System
Key Value Drivers
Four Sources of
Risk
OE is defined by
measurable
business
performance
across specific
value drivers
There are only four
sources of risk for
failure to perform
against the value
drivers
Safety
Environment
Compliance
Quality
Productivity
Yield
Cost
People
Processes
Equipment
Change
Each source of risk can be analyzed
for the key causes of failure
People
Unaware of expectation
Unable to perform as expected
Chooses not to perform as expected
Expectations don’t exist
Expectations not communicated
Expectations not enforced
Lack of knowledge
Lack of talent
Lack of virtue
Wrong incentive
Each source of risk can be analyzed
for the key causes of failure
Equipment
Inadequate Design
Unplanned Failure
Improper Operations
Inadequate Maintenance Strategy
Inadequate execution of Maintenance Strategy
Personnel not allocated
People
Process
Insufficient tools/materials
People
Each source of risk can be analyzed
for the key causes of failure
Process
Process is not capable
Process not in control
Operating limits not defined
People
Equipment
Change
MOC process not capable
MOC process not followed
People
Change not identified
The foundations of an Operational
Excellence Management System
Key Value Drivers
Four Sources of
Risk
Common Causes of
Failure
OE is defined by
measurable
business
performance
across specific
value drivers
There are only four
sources of risk for
failure to perform
against the value
drivers
The four sources of
risk tend to fail for the
same reasons
regardless of the type
of operation
Examples
Expectations don’t
exist
Lack of knowledge
Wrong incentives
Equipment not
capable
Personnel not
allocated
Process not capable
MOC inadequate
Safety
Environment
Compliance
Quality
Productivity
Yield
Cost
People
Processes
Equipment
Change
If Causes of Failure are consistent,
necessary Key Controls must be too
People
Unaware of expectation
Unable to perform as expected
Chooses not to performas expected
Expectations don’t exist
Expectations not communicated
Expectations not enforced
Lack of knowledge
Lack of talent
Lack of virtue
Wrong incentive
Ops/maintenance procedures/policies/standard work
Shift meetings/turnover/passdown
Audits/assessments, org structure, performance management
Training/certification
Selection process
Culture, selection process
Compensation strategy, performance management
Key Controls
If Causes of Failure are consistent,
necessary Key Controls must be too
• 25
Equipment
Inadequate Design
Unplanned Failure
Improper Operations
Inadequate Maintenance Strategy
Inadequate execution of Maintenance Strategy
Personnel not allocated
People
Equipment
Insufficient tools/materials
People
Criticality Ranking, FMEA, RCM
Engineering Disciplines
Gatekeeping, Scheduling
Planning, Parts Kitting, Parts Strategy
If Causes of Failure are consistent,
necessary Key Controls must be too
• 26
Process
Process is not capable
Process is not in control
Operating limits not defined
People
Process
Change
MOC process not capable
MOC process not followed People
Process Engineering (LEAN Six Sigma Tools)
Process FMEA, Process Control Plan
Management of Change Program
The foundations of an Operational
Excellence Management System
Key Value Drivers
Four Sources of
Risk
Common Causes of
Failure
OE is defined by
measurable
business
performance
across specific
value drivers
There are only four
sources of risk for
failure to perform
against the value
drivers
The four sources of
risk tend to fail for the
same reasons
regardless of the type
of operation
Examples
Expectations don’t
exist
Lack of knowledge
Wrong incentives
Equipment not
capable
Personnel not
allocated
Process not capable
MOC inadequate
Safety
Environment
Compliance
Quality
Productivity
Yield
Cost
People
Processes
Equipment
Change
Specific Key
Controls
The set of Key
Controls necessary to
prevent failures is also
the same
Examples
Vision/Procedures
Training/Certification
Performance Mgmt
Engineering
Disciplines
Planning/Scheduling
MOC Process
Culture
Organization
Structure
Process Control Plan
FMEA
Key Controls can be grouped into
similar Elements to reduce complexity
Element 3
Risk Identification
Process Hazard Analysis
Failure Modes Effects
Analysis
Risk Registers
The 7 essential Elements of an
Operational Excellence Mgmt System
Leadership
Employee
accountability
Risk identification
Risk mitigation
Knowledge sharing
Management of
changeContinuous
improvement
Leaders articulate a clear vision of Operational
Excellence and create a culture of Operational
DisciplineProcesses are in place to ensure employee’s are
properly incentivized and know what they are
accountable
Risks are identified , assessed , and prioritized for
processes and equipment
Controls are put in place to mitigate the identified risks
Communication and training systems are in place to
share knowledge about the risks and their controls
Processes are in place to management changes of
people, processes, and equipment
All processes are measured, verified, and
continuously approved
The foundations of an Operational
Excellence Management System
Key Value Drivers
Four Sources of
Risk
Common Causes of
Failure
OE is defined by
measurable
business
performance
across specific
value drivers
There are only four
sources of risk for
failure to perform
against the value
drivers
The four sources of
risk tend to fail for the
same reasons
regardless of the type
of operation
Examples
Expectations don’t
exist
Lack of knowledge
Wrong incentives
Equipment not
capable
Personnel not
allocated
Process not capable
MOC inadequate
Safety
Environment
Compliance
Quality
Productivity
Yield
Cost
People
Processes
Equipment
Change
Specific Key
Controls
The set of Key
Controls necessary to
prevent failures is also
the same
Examples
Vision/Procedures
Training/Certification
Performance Mgmt
Engineering
Disciplines
Planning/Scheduling
MOC Process
Culture
Organization
Structure
Process Control Plan
FMEA
OEMS Elements
Key controls are
organized into
Elements to
facilitate
implementation and
management
Leadership
Employee
Accountability
Risk ID
Risk Mitigation
Knowledge Sharing
Management of
Change
Continuous
Improvement
Thinking back to our overlapping processes
example…
People
Process
Equipment
Change
Key
ControlsSafety
People
Process
Equipment
Change
Key
Controls
Environ-mental
People
Process
Equipment
Change
Key
ControlsQuality
People
Process
Equipment
Change
Key
ControlsReliability
People
Process
Equipment
Change
Key
ControlsCost
Common Management
System Approach
Operational Excellence
Management System
People
Process
Equipment
Change
Increased performance
Accelerated learning
Reduced cost and overhead
Safety
Quality
Environmental
Reliability
Compliance
Cost
Key
Controls
How we prevent overlap, duplication,
confliction, etc.• MECE: Mutually Exclusive, Collectively Exhaustive
• Each process must stay in its own “lane”
• Each process must cover the minimum requirements
necessary to control for the risks associated with that process
Example:
Example Framework with Elements
4.4. Spare Parts Strategy: A formal process shall be in place for identifying, managing, and storing
critical spare parts and materials
4.4.1. The process shall identify the criticality of the spare parts
4.4.2. Spare parts shall be inventoried and managed to ensure availability
4.4.3. The cost of the spare parts shall be tracked and managed
4.5. Procedures and Standard Work: A formal process shall be in place for developing, documenting,
communicating and storing written instructions for administrative controls as well as critical and
routine processes
4.5.1. Procedures and Standard Work shall exist for high-risk routine tasks, taking into account
abnormal conditions and emergency situations
4.5.2. Procedures shall be managed by a document control policy
4.5.3. Procedures shall be easily accessible
4.5.4. Procedures and standard work shall clearly define or reference the specified operating limits
for all equipment operation in accordance with 3.4: Operating Limits, as required
4.5.5. Procedures and standard work shall clearly define or reference the specified operating limits
for all equipment operation in accordance with 3.4: Operating Limits, as required
4.6. Capital Project Management: A formal process shall be in place for selecting, approving, planning,
executing, and evaluating capital projects and installing design controls with the objective of
ensuring safe, high quality projects are delivered on time and on budget
4.6.1. The process shall be a staged process that will require periodic reviews to verify that the
project can be executed safely, will meet quality expectations, and will be delivered on time
and on budget
A management system is more
than a Framework
Framework
Governance
Standards
Metrics
Audits
Management Review
Gap ID/Closure
The underlying processes and documents supporting the framework are equally
important in the ultimate effectiveness of the MS
A management system provides a structured
approach to managing the business
Roles &
Responsibilities
Common ERM Attributes
RIMS RMM ATTRIBUTE ISO 31000 OCEGRED BOOK
BS 31100 COSO FERMA SOLVENCY II
ERM-based approach X X X X X X
ERM Process Management X X X X X X
Risk Appetite Management X X X X X X
Root Cause Discipline X X X
Uncovering Risks X X X X X X
Performance Management X X X X X
Business Resiliency & Sustainability
X X X
ERM Attributes – MS Alignment
ERM Based Approach:
• Provides standard expectations for leaders
• Defines accountability and responsibility
• Helps to shape organizational culture
ERM Process Management
• Provides a single RM process approach (i.e.
ISO31000, COSO etc)
• Defines how local leaders should approach
risks, but doesn’t bind them
ERM Attributes – MS Alignment
Risk Appetite Management:
• Requires organizational to set risk appetite and
tolerance boundaries
• Provides a common risk go/no-go bar for all of
the organization’s operational entities
• Provides a construct for discussing opportunity
exploitation
ERM Attributes – MS Alignment
Root Cause Discipline:
• Good root cause analysis is a fundamental
requirement in identifying the right controls
• Risk disciplines (including H&S, Process Safety)
often have the experience to lead this for the
organization
• Increase efficiency by layering the same control
in multiple places where the failure can occur
ERM Attributes – MS Alignment
Uncovering Risks:
• Build risk ID, assessment, treatment and
monitoring into multiple standards
• Management review process provides the
process for systematic risk management
Performance Management
• Leverage management system performance
monitoring and reporting to integrate KRIs
ERM Attributes – MS Alignment
Business Resiliency & Sustainability:
• MS provides key information for EM and BC
planning (i.e. process criticality)
• Standards-based approach is flexible enough to
apply to multiple scenarios
• MS also provides details and direction on
leadership accountability, communication, legal
and regulatory management
Experience - Timeline
• Don’t rush the process:
– It has taken at least twice as long as originally planned
in both organizations
– Proper design, develop, and deploy should be ~1 year
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan
Initial set of processes
Second set of processes
Third set of processes
Subsequent Development & Implementation
Phase 1 - Design
Phase 2 - Develop
Phase 3 - Deploy
Experience - Timeline
• Don’t rush the process:
– It has taken at least twice as long as originally planned
in both organizations
– Proper design, develop, and deploy should be ~1 year
• Time spent in element definition, standard
development saves a lot of angst later
– Making it simple takes a lot of hard work up front
• Majority of the time comes from stakeholder
collaboration, review, feedback
– Everyone wants a say…
Experience – Writing Standards
• Translating existing standards:
– Either internal or external will need to be translated to
meet the broader purpose
• Be cautious of unintended consequences
– As early as possible figure out what you will break,
and decide what is positive, what is negative, and if
the risk of change is acceptable
• Majority of the time comes from stakeholder
collaboration, review, feedback
– Everyone wants a say…but not everyone is an expert
– This is the importance of establishing solid
governance early on
Experience - Leadership
• Must be visible, constant during development:
– Regular senior leadership displays of support show
this is not “flavor of the month”
• Must be involved in prioritization
– Development and implementation priorities should be
aligned with strategic priorities
• Must be prepared to enforce conformance
– No point in having a system if the boss is the worst
offender for not following it