A couple of blog posts ago I wrote about a warning I had once received to carefully distinguish between fads and fashion versus legitimate innovations and quality tools that stand the test of time. Risk Assessment is certainly not new but it seems to currently be the popular kid in the class. The idea of risk analysis as part of Design and Process FMEAs have been the standard within the Auto Industry for many years. Likewise, Risk Assessment is and has been an important element of Environmental Risk Management.
Increasingly today we see risk and hazard analysis being required or at least strongly suggested for other business processes including Fiduciary, Safety and within Supply Chain Management. Do these represent a prudent wider vision of where risk can be identified and contained or is this this another marketing opportunity embraced by the compliance machine?
After some serious consideration and conversation with respected colleagues, I have decided it is a useful and potent tool. It can be used to quantify exposure, the impact positive, negative or neutral for applied controls and can avoid knee jerk reactions to problems when they occur.
One area in particular where I see considerable potential is in Supplier selection and assessment.
Historically, companies have chosen to invest their energy and money into verification of qualification criteria. This includes supplier assessment and performance monitoring through scorecard metrics that pretty much just tell you how good or off the mark your original qualification judgment proved to be over time.
Traditional supplier qualification criteria followed by initial and ongoing site assessments are traditionally binary. The attribute criteria is either acceptable, unacceptable or requires improvement. Adding some simple Hazard and Risk Analysis to summary assessment results permits a much more empirical foundation for decisions involving the supplier. More importantly you are able to make these decisions supported by prudent controls in a preventive effort. This will put you in a much better position than reacting to a poor performance trend on a scorecard after the damage is done.
Examples of simple risk assessment and hazard considerations can be broad ranging and include:
- Risk associated with the supplier’s ability to meet basic expectations.
- Presence in the desired industry space. Are they a known and trusted source for these goods and/or services?
- Are they publically or privately owned and are they financially stable?
- Does their location(s) support your delivery and inventory demand versus transportation costs?
- Does their staff represent the technical and output capability to support your requirements?
- Risk and hazards inherent in what they produce and how and where they produce it
- Are there hazardous materials and processes involved in what they produce?
- If yes, are there acceptable controls that extend to their impact on: community, worker health and safety, environmental impact including storage and transportation, remediation and disposal?
- What is their history of EH&S performance? Frequency and severity of incidents?
- Conditions that could impact the supplier’s status and ability to meet expectations.
- Pending legal or labor issues.
- Acquisitions or planned divestitures.
- Plant closures or relocations.
- Major business and clients recently won or lost.
These elements are every bit as important as traditional quality metrics and processes.
There is a huge difference between the line items on a Bill of Material indicating chrome plating and actually understanding how what they use and how they dispose of the plating waste may end up impacting your business and reputation. This is particularly true for offshore suppliers. Regulations like REACH and RoHS have made it virtually impossible to distance yourself and disclaim responsibility.
It is critical that risk and hazards be quantified for at minimum severity, likelihood and the ability to control the potential impact on the health and viability of your business. Pricing and the risk associated with single and sole source decisions tend to be viewed very differently when balanced against a prudent fact based risk analysis.
Your Quality Toolbox likely already contains risk assessment tools. It is up to you to expand your uses beyond APQP to Supply Chain Management, corrective and preventive actions and EH&S.
With very little additional effort you can leverage your existing Risk Assessment tools to provide a more preemptive approach to supplier qualifications. This allows you to direct your focus to other issues impacting your business and bottom line.
Bio:
Mary McAtee – VP Compliance & Product Management at IBS America, Inc. Mary is a mechanical engineer and longtime quality and business process professional who enjoys watching people and organizations succeed. She began her career as a reliability engineer in the defense industry more than 25 years ago. After spending several years as a contributing member of the Joint Electronic Defense Engineering Council, she became interested in ISO compliance standards. Ms. McAtee has been a lead assessor since 1991 and was one of the first TickIT assessors in the United States. She has assisted several organizations in their quest for registration and is currently the VP of Compliance at IBS America, Inc., A Siemens Business.
Risk Management Blogs by Mary: