In this article I’m not addressing the risk of skateboarding or skiing. Rather when I say rolling risk down hill, I’m referring to allocating risk and the associated identification and management of risk to suppliers.
For example, anyone in the medical device industry will be familiar with IEC 60601 Medical equipment/medical electrical equipment – Part 1: General requirements for basic safety and essential performance. The 3rd edition has been around since 2005 with planned implementation for 2013, won’t even go into the reasons for the long adoption, rather want to discuss how this impacts risk management.
This revision now requires suppliers to provide a risk management plan/results as part of their delivery. The challenge for many suppliers of component level hardware (e.g. circuit boards) will likely not have anyone on staff with experience to perform a risk analysis. There might be push back on doing this work, previously this would have been done at the integrator level.
If you’re not in the medical business would you still want to do this? Answer is yes, even with the issues associated with asking a supplier to perform risk management for their component, just having another set of eyes and ears (we hope people are listening and not just talking) considering risk as part of the design process at a lower level adds value to the overall project. Just think, you’ve now pushed risk consideration down below the top level system and identified early on possible problems and solutions. It does become another issue for project management to track, but better to do this from the beginning than try and address at the end, or consider the lost time spent trying to recover from a design issue.
So how do we start with the rolling (allocating) risk to suppliers? We start with the SoW, this is where we spell out what has to be done, and keeping with the medical example, where we’d invoke the 3rd edition of 60601 for a medical device. You then may need to provide a guideline document on how to perform and report the results of the risk analysis. Likely you’ll need to provide a staff contact to support the supplier in this effort. The results would be a standalone report and also be used in the project level risk analysis.
The first time out will be painful, but a supplier that gets through this first project will be better prepared for future projects and considering risk at the supplier level can only lead to improved project performance and product quality.