When an operational risk management framework is embedded into quality management systems, the two begin to feed each other information that mutually improves both of these functions internally and in the supply chain.
Like many things in life, enterprise quality management approaches are not static. Certainly there are timeless elements of quality management strategies that have been applied for decades and will continue to be applied. But advances in computers and Web-based systems have brought specific quality management tactics to the next level. We are now witnessing an unprecedented level of access and visibility into quality management metrics and performance, in real time in some cases.
This is part of a natural progression most organizations experience when it comes to quality management. Strategies and technologies that once worked – and, indeed, continue to function as a bare minimum – need to be updated or sometimes overhauled or replaced in order to improve performance and accelerate competitiveness. This is particularly true when it comes to risk management, which, as global manufacturing leaders know, needs to be embedded into quality management approaches.
IMPLICIT VERSUS EXPLICIT RISK MANAGEMENT
Another factor that plays into this whole equation is that we tend to have two different but ultimately overlapping risk management approaches, which could be described as implicit and explicit.
- Implicit Risk Management: This approach might involve evaluating existing quality processes, for example, prioritizing corrective and preventive actions (CAPAs) based on how they will impact an organization’s risk profile, or auditing suppliers and facilities on a case-by-case basis based on risk factors. It can be thought of as more of a tactical approach, and differs from a more strategic one.
- Explicit Risk Management: With this approach, an organization assesses all areas of the enterprise proactively and builds a clear, bottoms-up risk framework replete with a comprehensive risk register that accounts for the robustness, or lack thereof, in quality processes. The company then proceeds to apply it strategically across the entire organization.
Although lots of companies evaluate risk solely along the lines of processes, it helps to marry tactical (implicit) risk management approaches to strategic (explicit) approaches to fully round out the operational risk management (ORM) framework.
With that, there is, increasingly, a closely knit relationship between quality and risk and how it can manifest itself in three key functional areas.
CORRECTIVE AND PREVENTIVE ACTIONS (CAPA)
CAPAs are a fundamental component of quality management processes. The identification stage of CAPA processes, of course, precedes the investigation stage, but should also connect to how we assess operational risk, as well as to control mechanisms that feed into the CAPA identification process, from a good manufacturing practices (GMP) perspective.
When operational risk management is linked with or embedded into enterprise quality management systems (EQMS), the risk assessment approach benefits from accumulated information generated through the identification of hazards and adverse events, which, in turn, improves capabilities when it comes to quantifying, prioritizing, and migrating risk.
When EQMS and ORM systems intertwine, we can eventually begin to prioritize our workflow based on CAPAs. For example, risk matrices can be informed by the number of open CAPAs, which point to areas of business activity that become riskier by virtue of the fact that they are associated with open CAPAs. As these two elements — EQMS and ORM — begin to “speak” to one another, we ultimately make risk management and quality management more effective.
AUDIT MANAGEMENT
Just as risk assessment ought to be linked to identification of events and hazards from CAPA processes, there’s a two- way feedback loop that ought to be established between risk assessment and the initial phases of audit management. As we establish audit criteria, we can leverage data acquired in historical and ongoing risk assessments. And risk assessments, likewise, are also informed by the criteria we have established to conduct audits.
And as discussed with CAPAs, we see how a risk matrix can be informed by metrics associated with audit performance, audits complete/incomplete, as well as audit frequency, just as risk factors can feed back into audit management, inviting us to, perhaps, audit certain performance factors on a higher-frequency, more-intensive basis based on risk and others on a lower-frequency, less-rigorous basis.
SUPPLIER QUALITY MANAGEMENT
It’s one thing to roll out risk management across the enterprise. It is quite another to apply the quality, risk, and, indeed, sustainability management requirements that have been established internally to across the supply chain and vendor base.
Nowadays, quality, risk, and sustainability need to be more tightly integrated across the enterprise and its entire supply chain. Functionally, this asks manufacturing leaders to boost their ability to evaluate and monitor suppliers on an ongoing basis according to quality, supply chain, and operational risk factors.
Organizations need the ability to rank both supplier quality management and supplier relationship management according to – above and beyond quality – risk-based metrics that can actually be accumulated through the right analytical tools. However, this means linking these interrelated tools across the enterprise.
There’s really no rocket science behind the factors discussed above, and the fundamental message is that when we embed risk management into quality processes, quality performance can improve courtesy of being linked to risk information. Closing the continuous feedback loop, quality process data can be fed back into risk management processes to improve our capacity to analyze risk.
Quality management data is too valuable to be left in silos, especially in the manufacturing environment, and, in turn, risk management data is too valuable to be isolated from quality management frameworks. Only the right processes and technology – supported by an organizational culture that views quality and risk as pervasive corporate matters – will enable an organization to manage quality effectively from a risk-based perspective.
Bio:
Paul Leavoy is a research analyst for LNS Research, which provides unbiased benchmark research, data, and analysis to improve business performance. Based in Cambridge, Mass., LNS Research focuses on providing insights into the metrics, leadership, business processes, and technology capabilities needed for achieving operational excellence. Download the research report Driving Financial Performance with Operational Risk Management to read more about the connection between performance and risk management. The report provides benchmark data around operational challenges and objectives, as well as details on constructing an operational risk management framework to drive financial and operational benefits.
Brought to you by Thomasnet.com
News provided by ThomasNet News® (TNN). TNN is a comprehensive source of new and timely product information in the industrial marketplace. TNN supplies new product information to the web sites, e- marketplaces and print publications that serve the industrial marketplace.
Copyright © 2014 Thomas Publishing Company
This article was originally published on ThomasNet News and is republished here with permission. For more stories like this, please visit ThomasNet News.