Our PROMISE: Our ads will never cover up content.
Our children thank you.
Greg Hutchins
Published: Tuesday, May 14, 2013 - 10:22 In Against the Gods: The Remarkable Story of Risk (Wiley, 1998), Peter Bernstein says the mastery of risk is the foundation of modern life and is what divides modern from ancient times. By consciously or unconsciously calculating probabilities, quality professionals make intelligent decisions about business processes.
First let’s look at a few definitions of risk from various sources: There are a several critical points to remember regarding these risk definitions: As you read the above elements of most definitions of risk, you’ll start seeing parallels with conformance and value-based definitions of quality. In other words, the essence of risk is variation, variance, or variability away from an objective, target, specification, or standard. Let’s look at some risk and quality parallels. Quality professionals understand variation. Variation is a state of nature in business and in economic behavior. Variation as a business objective, specification target, or process objective is the general condition of all systems. Variation outside of specification, business, or process control limits represents a risk event waiting to occur. In fact, variations outside of control limits or specification limits are risks or nonconformances already occurring. This is illustrated in figure 1. Figure 1: Higher risk—on target with more variation Statistical process control (SPC) is an example of risk and how it can be detected, measured, and controlled. Risk can be defined as a variance or distance from a business objective, metric, or standard, all of which indicate risk waiting to occur or already occurring. For example, quality that can be specified in terms of a dimensional tolerance or a surface finish are variables that can be controlled and ensured. If a target product dimension can be kept in the middle of the specification spread and the variation of measurements are distributed inside the specification limits and process control limits, then the risk of a hazardous event or a nonconforming product can be controlled. Reliability has always been considered a critical product quality attribute. Look at reliability metrics, such as mean time between failures and mean time to first failure. These are essentially probabilistic risk concepts. Also, one method for reducing defects that has become a key factor in successful Six Sigma projects—define, measure, analyze, improve, and control (DMAIC)—is fundamentally a risk management methodology. Like quality, risk can be managed. Let’s look at a few definitions of risk management: As risk decision-making has increased, people are realizing that activity-, process-, or project-based risk mitigation does not work. It’s similar to when you correct only the symptom of a quality problem, but recurring problems aren’t addressed. Many managers realize that the root-cause solution to a chronic or systemic quality problem is through enterprise risk management (ERM), which in many ways is analogous to total quality management (TQM). ERM and TQM share some similarities. The differences between the two are also compelling. As you can see, the similarities between ERM and TQM are more pronounced than the differences. The trend for good corporate governance is to focus on enterprise risk management. Internal controls and documentation will have to support the ERM system. The rationale for ERM is straightforward, which is to provide value for all stakeholders. The question then becomes how much risk can or should an organization assume? The underlying premise of enterprise risk management is that every entity, whether for profit, not for profit, or a governmental body, exists to provide value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty the entity is prepared to accept as it strives to grow stakeholder value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management provides a framework for management to effectively deal with uncertainty, associated risk, and opportunity, and thereby enhance the capacity to build value. Benefits of ERM include: Quality has fundamentally changed. Therefore, quality professionals must take a hard look at their roles in this new business environment, assess their current skill set, determine what they need to learn to be relevant contributors of value, and make a decision about where they will be in the near future. Here are but a few suggestions of what we need to do: We all need to be career-resilient and, most important, know how to add value. Quality has been very adaptable over the years. The body of knowledge has grown, and the quality discipline has evolved from basic inspection to Six Sigma. Applications have expanded far beyond the manufacturing floor to providing quality in healthcare, education, and now homeland security. The contemporary business environment has morphed into one of greater expectations in the quality of corporate governance along with senior management’s personal accountability. Risk and risk management are the next evolution in quality. Used with permission of the CERM Academy. Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Greg Hutchins is an engineer, certified enterprise risk manager, and the founder of the Certified Enterprise Risk Management Academy, Made in the U.S.A., WorkingIt.com, and Quality + Engineering. Must-Know Risk Facts for Quality Professionals
Intelligent business decisions result when you calculate probabilities
• The possibility that an event will occur and adversely affect the achievement of objectives —Committee of Sponsoring Organizations (COSO)
• A situation or circumstance, which creates uncertainties about achieving program objectives —Federal Aviation Administration (FAA)
• Uncertainty of outcome, whether a positive opportunity or negative threat, of actions and events. It is the combination of likelihood and impact, including perceived importance of a positive and negative event, which may involve a hazard, improvement, or new opportunity. —United Kingdom’s HM Treasury
• Effect of uncertainty of (meeting) objectives —ISO 31000
• Risk represents an upside of capitalizing on an opportunity and a downside of an unwanted event.
• Risk has two critical elements: magnitude and likelihood.
• Risk is all about uncertainty, chaos, instability, being out of control, and the unusual (beyond the norm).
• Risk is tied to not meeting business objectives.Risk and quality
Quality and risk parallels
What is risk management?
• An organized, systematic, decision-support process that identifies risk, assesses or analyses risks, and effectively mitigates or eliminates risks to achieving the program objectives
• All the processes involved in identifying, assessing, and judging risks; assigning ownership; taking actions to mitigate or anticipate them; and monitoring and reviewing progress
• Coordinated activities to direct and control an organization with regard to risk —ISO 31000ERM and TQM similarities
• Both grew to prominence as a result of policy circumstances: quality as a result of Japanese competitiveness, and risk as a result of financial excesses in corporate America and the need for homeland security.
• Both share common concepts and techniques but use different words for them.
• Both have similar methodologies.
• Both follow a similar deployment mechanism.
• Both follow a capability maturity model curve.
• Both rely on the board of directors and senior management to set the example and lead the initiatives.
• Both focus on variance from targets or objectives.
• Both emphasize that ultimate responsibility for quality and risk rest with process owners.
• Both are companywide initiatives.
• Both focus on achieving business objectives.
• Both are process-based.
• Both have a hard, technical side and a soft, people side.ERM and TQM differences
• Risk management is relatively in its infancy, while quality is a mature technology.
• Quality, including Six Sigma, has a tactical focus, largely emphasizing execution and metrics.
• Risk management is a board-level, CEO, and CFO concern.
• Risk management is largely driven by financial-regulatory and statutory-compliance concerns.Level of risk and assurance
What do quality professionals need to do and know?
• Develops integrated and aligned internal control structure
• Provides a rational template for determining which opportunities should be seized
• Aligns risk sensitivity with enterprise strategy
• Controls processes and projects
• Results in fewer surprises and less uncertainty
• Become career-resilient and learn enterprise risk management
• Understand the Sarbanes/Oxley Act, which incorporates new accounting and reporting requirements
• Understand ERM methodologies
• Understand how to conduct risk assessments or audits
• Lean how to establish a risk-control structure or system
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Greg Hutchins
© 2021 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
Nice charting
Hi Greg, well said. However, some Mr. Taguchi developed a quality function loss theory, that seems more exhaustive to me when interpreting quality risks. As a quality professional myself, I'm well aware that quality professionals' vision is warped by conformity, instead of focusing on risk - though, as living creatures, we are much more concerned with risk than with quality. I do really wish the up-coming ISO 9001 will put aside the sin-tasting concept of conformity and be more practical on risk factors. Thank you.