Does Your QMS Speak Risk

7/30/2019 Does Your QMS Speak Risk

1/5

4/28/13 Does Your QMS Speak Risk?

www.qualitydigest.com/print/23297 1/5

Published on Quality Digest(http://www.qualitydigest.com)

Home > Does Your QMS Speak Risk?

Does Your QMS Speak Risk?Risk management can help streamline compliance in an objective

and systematic way

Morgan Palmer

Published: 04/22/2013

Editors note: Quality Digest will host Morgan Palmers webinar, Defining and Building a Risk

Management Strategy for Quality and Compliance Management Systems on Tuesday, April 30, at 2

p.m. Eastern/11 a.m. Pacific. Palmer will also be a guest on Quality Digest Live on Friday, April 26,

2013, at 11 a.m. Pacific.

When we look at the dynamics of commerce, from any industry, we see an increasing rate of change.

Changes in products, processes, and regulations are all driving companies forward. One process affects thenext, and with a growing emphasis on compliance regulations and standards in a global marketplace,

complexity is the new cost of doing business.

[ad:23315]

Weve also begun to see disparate trends in quality and compliance. As businesses become more complex,

quality cultures change, sometimes from a regional perspective, but also companywide. Growth and

expansion also give rise to more industry regulations and requirements, which companies also must address.

As they expand in complexity, businesses struggle to organize their regulatory compliance efforts to their

quality management system (QMS) initiatives.

All these factors weigh heavily on organizations. How are they able to keep up?

Technology is one way to streamline complexity. It can help align business processes with compliance

initiatives and drive better process automation. Companies are tying more areas of their business together to

improve communication and create greater visibility into operations. At the same time, organizations try to

keep a consistent and singular workflow for processes that adhere to compliance initiatives.
https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661http://www.qualitydigest.com/https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661http://www.qualitydigest.com/http://www.qualitydigest.com/


2/5



This all comes at a cost, of course. Systems are an investment, as are the time and resources required to

maintain compliance. Theres also the cost of compliance reporting; we must invest in these reporting

methods to demonstrate compliance. As quality management regulations change, we may be faced with

additional costs. We may need to change equipment to adhere to a new quality standard. We may even need

to adjust an entire work area for quality initiatives or new products.

We know that compliance is necessary, and it can be a significant investment for an organization. How can

we find ways to streamline the compliance process while mitigating costs? Risk management can help

streamline compliance in an objective and systematic way.

When we talk about risk management, were not just talking about one area in the business. Risk

management is an umbrella that spans the enterprise. It includes everything from quality to environmental

health and safety (EHS) to finances and the supply chain. That is why it is so powerful as a concept; we can

use risk as a universal methodology for benchmarking compliance within the organization.

Overcoming risk management misconceptions

Often when people think about risk management, theyre really thinking about the risk-assessment tools. The

tools are important, but they are only one piece of the whole. Its really the content behind them that is the

most critical aspect. Having a tool in place is good, but it is not going to capture everything. We use tools

such as risk assessment to identify known hazards, but how do we know what our unknown or unidentified

hazards are? Tools are not going to help find the unknowns; you need a risk management process for that.

Similarly, how can you adjust your risk levels and associated guidance as your business evolves? The tool is a

fixed point that assesses the risk, but you need to look at the content and context of your operations to adjustthe risk levels and make changes to guidance as you encounter new hazards and potential risks.

We need to realize that the tools are just tools, and understand their limitations. People are not inherently

good at assessing risk. Here are some reasons why:

We are not as perceptive as we think we are. We are not adept at expecting things that we cant

imagine or have never experienced; in other words, we cant anticipate unexpected events.

We are not good at recording information. When we do encounter hazardous events, our ability to

record the event is flawed. We are not recording machines; we take the events and attempt to reconstruct

them as we see them. We project our point of view onto situations.

We see patterns where none exist. We tend to see patterns in random events; we look for order, and

when we cant find it, we create a subjective pattern.

We think we understand more than we do. We also think we have a deep knowledge of all processes,

when in fact we have only a basic understanding; we often insert our own understanding into a process and


3/5



come to a subjective conclusion.

We will inherently follow a group mentality. Finally, we tend to group-thinki.e., if everyone on a

quality team follows a similar consensus to an issue, then it must be the right decision.

The point is that without a true risk structure and process, using tools alone can lead to subjective errors in

risk recording. Its also important to realize that prediction is hard. Even experts dont always get it right. We

must ensure that we understand the limitations of the situations and circumstances in which we work, knowing

what we can predict vs. what is hard evidence.

Then there is the issue of cumulative risk. We may weather a lot of little events with minor impacts. These fly

under the radar because they are minor, but if all these minor events happen at the same time, they can have a

critical effect. For example, a factory could be at maximum production, which is tolerable. There might be

some routine equipment maintenance, which is normal. A new production line might be starting, which is not

uncommon. And, a suppliers materials might be late due to a snowstorm. All these things on their own

represent a minimal risk level, but if they all happen on the same day, the risk of an adverse event increases

significantly. Risk management requires that we become attuned to this way of thinking.

Although you cant have risk management without risk assessment, the structure is in risk management. Itsthe process in which we systematically come to the right conclusions, using risk assessment to analyze the

overall process. We need a risk management process to help eliminate our subjectivity, and to maximize the

effectiveness of the tools within the process.

Finally, risk management requires collecting a lot of data. One operational area usually is not often enough;

single data points are going to give you something, but not the whole picture. Roll out risk management

throughout the enterprise, and record all types of data, not just the more critical. Look at the near-miss data

as well as the critical data to get a complete picture of the companys risks.

Risk assessment tools for quality management compliance

Risk assessment is an important tool to measure levels of risk. It gives us the means to evaluate risk in its

operational context. Risk assessment allows us to apply event data using a risk-based approach.


4/5



What makes risk assessment powerful is that it is repeatable and objective; we can replace the otherwise

subjective gut feelings with a more guided, decision-making approach. Furthermore, risk assessment is easy

to understand for people who arent directly involved with the process.

Risk assessment helps to drive change, in both short-term and long-term contexts. What were doing is

building alerts for critical events and wrapping guidelines and decisions around risk assessment to develop

solutions for risk levels that are unacceptable. We can implement solutions for high risks in a more automatic

and consistent manner.

However, its important to reiterate that risk assessment is a tool, not the solution. Like any tool, we must be

careful of falling into a false sense of security by relying on it alone. In some cases, someone on the shop floor

may see something as a critical risk and escalate the level of risk, whereas when its considered from the top

floor, the risk may not be as bad in the larger context of operations. Risk must be universal in this sense and

not a matter of opinion. We must continuously test our risk assessment with content as well as historical data,

and then tweak the risk tools based on these data. We need to have a team in place to vet our risk tools and

make sure were achieving the right results. As our operations change, or as more data fill the system, we

may find that the risk levels need to be adjusted.

In a quality management context, risk is found throughout business operations. When we look at the QMS

process, we find areas where risk assessment makes sense as a useful tool:

Product and process design. As companies build out new products or processes, they can build risk

assessment in an operational context around several areas. Planning functions such as production part

approval processes (PPAP) can benefit from using this tool. Production and product planning are key

components for starting the product life cycle, and by building risk into these areas, we can foster risk-based

compliance at the start.

Manufacturing and delivery. In manufacturing, adverse events will happen. Risk assessment can help

analyze the severity and criticality of those events, which will lead to better, more informed decisions. As werecord nonconformances or deviations, having a risk methodology in place to filter a critical event can ensure

that we are paying attention to the events that pose the greatest risk to the organization.

Post-production: Most risk-based events will happen during the post-production part of operations. These

usually come as complaints, audits, or supplier performance. Risk assessment is a powerful method for

prioritizing adverse events and ensuring that they responded to effectively. Building risk into corrective and

preventive action processes provides an important function when conducting effectiveness checks. How can

we correct systemic issues to within acceptable risk levels? Risk assessment serves as an important check

on the effectiveness of corrective actions taken.

Risk management starts now

Risk management, if not already started in your organization, should start now. What this means is that

compliance is moving toward a risk management focus, and building risk technologies and tools is a great way

to benchmark and measure compliance.

However, the technology behind risk management is not automatic. It is a collection of processes and tools to

support decision making and does not replace people. Risk tools will take a level of subjectivity out of the

equation, but the ultimate decision-making still relies on people. Many organizations assemble a risk team to

ensure that decisions are made properly, and they use historical data to help fine-tune their risk assessment toensure accurate results.

Risk is a common element at all levels of compliance. Its applicable to many operational areas. It provides an


5/5



objective and systematic way to filter and prioritize adverse events, and in this complex business environment,

we need to improve the speed and quality of our decision-making capabilities. Risk terminology offers a

common language for complex operational issues, and it can easily be interpreted at all levels of the

organization.

If your QMS operation can speak risk, you can vastly improve your ability to affect compliance within your

business.

About The Author

Morgan Palmer

Morgan Palmer, chief technology officer atEtQ Inc., has more than 20 years experience delivering

software solutions. Palmer joined EtQ to create the companys first software application and is now

responsible for Reliance, EtQs flagship product for quality, environmental, and safety management.

2013 Quality Digest Magazine. Copyright on content held by Quality Digest or by individual authors.

Contact Quality Digest for reprint information.

Source URL (retrieved on 04/28/2013):http://www.qualitydigest.com/inside/quality-insider-article/does-

your-qms-speak-risk.html

Links:

[1] https://qualitydigest.webex.com/qualitydigest/onstage/g.php?t=a&d=669605661
http://www.qualitydigest.com/inside/quality-insider-article/does-your-qms-speak-risk.htmlhttp://www.etq.com/company/

Documents

Does Your QMS Speak Risk