2
It seems everyone is talking about risk management, whether it’s about financial investments, political strategies, or quality management. Like other quality initiatives, it may be regarded as simply another “quality program du jour”, but a well-managed risk management program helps focus improvement effort on the truly important issues, resulting in more effective and efficient means of maintaining and improving quality.
Each industry seems to promote different methods for risk management; FMEA in the automotive industry, HACCP in food and pharmaceuticals, HAZOP in chemicals, and ISO 14971 in medical devices, but each method contains similar methods for analyzing risk. Regardless of the method, potential hazards or risks are identified and evaluated to determine a cause or failure mode, and each hazard or risk is assigned a measure of criticality and a measure of the frequency of occurrence (some methods add a third measurement of failure detection). After considering the combined risk for an uncontrolled or failure state, controls methods are devised to mitigate risk, and the combined risk is re-evaluated. Risks that are above a specified threshold are subjected to further analysis to determine methods to reduce risk to an acceptable level.
Unfortunately, some organizations do not actually practice effective risk management. Instead, they go through an exercise of analyzing risk with and without controls, making impressive risk charts, wiping the sweat off their brows following the work, and simply pulling out the file whenever an auditor asks for it.
But an effective risk management program should be a living process. In programs I have managed, I’ve made it a policy to have each risk management file reviewed on at least an annual basis. Changes to risk analysis should be made using data collected from sources such as customer complaints, audit findings, industry white papers and articles, public reports, and other data sources (perhaps even an idea from a blog!). New control strategies are then developed to address previously unidentified or significantly changed hazards and risks.
Finally, managing risk is not necessarily easy, but it is rewarding. Perhaps the best comment I ever heard following some intensive sessions was from an individual who said, “I thought this would just be another exercise in bureaucracy, but I have to admit I know more about our product and processes than I ever knew before.”
What about you? Have you used risk management and has your experience been favorable? Share your thoughts with us.
Back to top