Featured Product
This Week in Quality Digest Live
Risk Management Features
Oliver Binz
Better internal information systems help managers tell consumer demand from inflationary pressure
Steven I. Azizi
Take these steps to protect your employees and your company
Oliver Laasch
There’s unlikely to be a point of general stability anytime soon
Gleb Tsipursky
You shouldn’t trust your gut as a decision-maker: Here’s why.
NIST examines disinfection methods that could be critical in the future if PPE supply is low

More Features

Risk Management News
ISO 21434 automotive cybersecurity and implementing design and process FMEAs
Implementing a SIOP process can smooth supply spikes while improving cash flow and increasing profitability
Does your business’ security match up with competitors?
Prior to vote, IAF seeks industry feedback to understand the level of demand from businesses and regulators.
The acquisition targets the rapidly widening gap between quality data creation and leverage
Winter 2022 release of Reliance QMS focuses on usability, mobility, and actionable insights
Designed to offer a comprehensive safety solution for fleet vehicles and workforce personnel
A cybersecurity expert lays out crucial HR practices to amplify attack readiness for modern businesses
NordLocker study discloses industries at a heightened risk of ransomware attacks, with manufacturers taking a troubling second place

More News

William A. Levinson

Risk Management

Change and Risk-Based Thinking

In product design as well as manufacturing, any form of change invites risk

Published: Wednesday, May 20, 2015 - 17:06

Management of change is a safety-related phrase from the chemical process industry that is adaptable to risk-based thinking. The basic premise is that anything new, different, or nonroutine (such as repairs or replacement of equipment, and process startups) creates a safety risk.

This principle was recognized more than 80 years ago at the Ford Motor Co. “The point is that a condition is temporarily presented which departs from the routine,” notes Edwin Norwood in Ford Men and Methods (Doubleday, Doran, 1931). “That is the thing that must be continually guarded against—accidents which may occur in the face of the unusual.” This is why, for example, work permits are often required for activities like welding, confined-space entry, and equipment maintenance. In the latter case, lockout-tagout excludes all forms of mechanical, thermal, and electrical energy from the system while workers are in contact with it.

The concept extends, however, to quality. Any change in any of the familiar cause-and-effect diagram categories—e.g., manpower, methods, materials, machines, measurements, or environment—is an opportunity for trouble. ISO 9001:2008 already addresses some of these issues, as shown in table 1:


Change (example)

ISO 9001:2008 Countermeasure


New/inexperienced employee

Provision 6.2.2—Competence, Awareness, and Training. How do you make sure the new employee knows how to do the job?


Change in work instruction

Provision 4.2.3 for control of documents. How do the responsible persons review the change to make sure there are no undesirable consequences?


Change in purchased materials

Provision 7.4 for control of purchased materials. Do the controls cover changes in the materials?


New equipment, or changes (including replacement of worn out parts or tolls) to existing equipment

Provision 6.3—Infrastructure


New gauges, or repairs to existing gauges

Provision 7.6 for control of monitoring and measuring devices


Changes in temperature, humidity, or other environmental conditions

Provision 6.4—Work Environment

Table 1: Change and risk

The fact that ISO 9001:2008 requires attention to the indicated categories does not, however, ensure coverage of all possible contingencies. In “Recognize Hazards to Recognize Change,” (Chemical Engineering Progress, April 2015), the authors cite as an example a change in the supplier of a caustic solution such as sodium or potassium hydroxide. Controls on this purchased material doubtlessly include a specified concentration range, but do they address trace impurities such as chlorine from a municipal water system? This is something we ordinarily ignore or take for granted; after all, chlorinated water is safe enough to drink.

Whether it is safe for stainless-steel process equipment is another matter entirely. In “Chloride Stress Corrosion Cracking in Austenitic Stainless Steel,” the authors note that “chloride stress corrosion cracking (CLSCC) is one the most common reasons why austenitic stainless-steel pipework and vessels deteriorate in the chemical processing and petrochemical industries.” The presence of trace amounts of chlorine that will not even affect the quality of the product, but could jeopardize the equipment, is an example of the kind of seemingly minor change that can cause real trouble. I recall, meanwhile, a story about how a similarly “insignificant” change in a photosensitive polymer caused trouble for one customer but for nobody else.

A Google search on “changed ingredients” yields examples of consumer complaints about restaurants, ice cream, and dog food. In some cases, the consumers complained that the labels were not updated to reflect the changes. The takeaway is that it is necessary to pay close attention to any change in a purchased or internally supplied material, regardless of how trivial that change might appear to be.

The problem with a new person on a job, meanwhile, might involve the job rather than the new person. Suppose, for example, that the new person is qualified for the job, but his predecessor knew how to compensate for deficient machines or methods. This kind of situation can be avoided if an employee who finds herself catching and correcting system-related problems initiates closed-loop corrective action to remove the root causes.

Change is also a driver for failure mode and effects analysis (FMEA), according to the Potential Failure Mode and Effects Analysis (FMEA) Reference Manual (AIAG, fourth edition, 2008). FMEA is required for new parts, changed parts, and existing parts that are carried over into new applications. In World Class Manufacturing (Free Press, 2008), Richard Schonberger adds, “...standard parts are proven parts. In the past, Xerox typically put 80 percent newly designed components into a new model of copier. The results: a long design cycle followed by a long debugging cycle and tardy entry into the marketplace.” In product design as well as manufacturing, any form of change invites risk.

Change is a necessary condition of continual improvement, but as shown by these examples, supervision is necessary to prevent unintended consequences. This is an important element of risk-based thinking.


About The Author

William A. Levinson’s picture

William A. Levinson

William A. Levinson, P.E., FASQ, CQE, CMQOE, is the principal of Levinson Productivity Systems P.C. and the author of the book The Expanded and Annotated My Life and Work: Henry Ford’s Universal Code for World-Class Success (Productivity Press, 2013).


Assessing Risk of Change

Nicely done!  The assessment of changes has been one of the weakest part of supplier, design and process control.  Too often, seemingly 'minor' changes have negative or even catastrophic results form unintended or unknown changes or unkown effects.  The baffling thing is the persistent and virulent resisitance by the 'changers' to assess and propely verify & validate their changes.  ISO does have a  section that addresses this situation directly and explicitly (7.3.7, control of design and development changes) and many customers mandate that suppliers notify them of any change to the supplied product, yet 'changers' still resist.  In almost every organization that I've been in, I've met with this resistance.  It persists even in the face of overwhelming evidence of the damage done by un-tested changes.  Certainly not every change ceates a negative result and this can lull the changer into a false sense of superiority over physics.  When presented with evidence that the cost of the 1 change that resulted in a negative consequence far outweighs the savings of the 9 un-assessed and untested changes, too many changers maintain a firm belief that it won't happen to them.  (Of course the fact that the negative consequence doesn't happen to them escapes them; it happens to the organization and the customers.)