Risk Management Article

Multiple Authors
By: Paula Oddy, Jeffrey Eves

In the years since ISO 9001 and ISO 14001 were first published, many organizations have followed the models of these standards in designing their own management systems. However, many of those systems haven’t been utilized to effectively manage risk. Many have been minimally developed to meet customer requirements or legal regulations.

The draft revisions to ISO 9001 and ISO 14001 will provide a way for companies to look at their processes in a new light and to take a more active approach to risk management. For example, if a company wishes to pursue ISO 14001 certification, its prevention of pollution policy will have to be revamped to focus on protection of the environment. As the company moves in that direction it will truly become more competitive on a global basis.

Although we’ve seen this trend coming, the upcoming revisions to ISO 9001 and ISO 14001 are proof that quality management and risk management can no longer be considered separate issues for your organization. The revisions call for greater flexibility and recognize the need for businesses to integrate their quality or environmental management processes into the overall business strategy.

James Lamprecht’s picture

By: James Lamprecht

Anyone who has done an online search using the terms “risk analysis,” “managing risk,” “risk management,” or any other variation will have discovered that the subject has been around for a long time and been covered by numerous authors. Still, the daunting challenge remains: How can one conduct process risk analysis without the help of a Ph.D. in statistics? 

FMEA fundamentals

A popular technique often invoked by various experts is failure mode and effects analysis (FMEA), developed several decades ago. This simple and controversial technique relies on the assignment of subjective ordinal numbers (usually using a 1–10 Likert-type scale) to estimate probabilities for three events:
• The difficulty (D) of detecting a failure
• The severity (S) of the failure
• The likelihood of occurrence (O) of the failure

These three subjectively estimated ordinal numbers are multiplied to “compute” risk priority numbers (RPNs) for various process steps. The RPNs are then ranked from highest to lowest, and the process steps with the highest RPNs are then analyzed to see how process improvements can be designed to help reduce the RPN—ideally to zero.

Quality Digest’s picture

By: Quality Digest


Some of the [ISO 9001: 2015] requirements are relatively clear; others are more “euphemisms,” and you don’t know how to react…
—James Lamprecht, author of ISO 9000: Preparing for Certification (CRC Press, 1992) and former member of ISO/TC 176

During an Aug, 16, 2013, interview on Quality Digest’s weekly webcast Quality Digest Live! James Lamprecht, currently a management consultant, provided insight into the latest revision of the ISO 9001 standard.

Tim Lozier’s picture

By: Tim Lozier

Editor’s note: Tim Lozier will be a guest on Quality Digest Live this Friday, Oct. 18, 2013, at 11 a.m. Pacific

During the past few years, risk management continues to be a topic of interest. There are plenty of benchmarking trends that point to risk. We see it in enterprise strategic initiatives. We see it being incorporated into standards and regulations. And yet, I think that for many, the concept of risk remains an enigmatic and elusive concept.

In many companies leaders are so concerned with day-to-day operational issues, that conducting risk assessment and management, although strategically significant, is perceived to be something that will be done way off in the future. This is far from the reality—in fact many companies are already addressing risk in one way or another, but don’t know it.

Ed Perkins’s picture

By: Ed Perkins

Much has been written and discussed about “risk” being the future of “quality.” But what does this really mean, and how does it work?

Definitions of quality

Let’s us look at common working definitions of quality: zero defects, customer satisfaction, control of process variance, reliability, security, and fit for purpose. These are all objectives a quality program is aimed at satisfying. ISO 9000:2005—“Fundamentals and vocabulary for quality management systems” defines quality as the “degree to which a set of inherent characteristics fulfills requirements.”

BusinessDictionary.com states this definition of quality: “In manufacturing, a measure of excellence or a state of being free from defects, deficiencies, and significant variations, brought about by the strict and consistent adherence to measurable and verifiable standards to achieve uniformity of output that satisfies specific customer or user requirements.”

Jim Colton’s picture

By: Jim Colton

Story update 12/13/2011: Additional information was added to the first paragraph pointing out the connection between FDA requirements and statistical tools.

According to a September 2010 interview of Rick Friedman, director of the manufacturing and product quality division at the Food and Drug Administration's (FDA) Center for Drug Evaluation and Research, "There has been an uptick in the number of warning letters for [good manufacturing practices (GMP)] violations sent out over the last year." The FDA provides guidance that is supposed to help companies meet requirements, but the increase in warning letters suggests that companies are still struggling to create and document good process validation procedures. Without extensive statistical knowledge, the requirements for GMP can be mysterious and intimidating

Fortunately, many of the requirements that the FDA has relate to common statistical tools. In this article, I’ll introduce some of the common statistical tools you can use to meet FDA requirements:
• Measurement Systems Analysis
• Control Charting
• Capability
• Acceptance Sampling
• Stability Analysis

Stephen J. Marshall’s picture

By: Stephen J. Marshall

Printed circuite board (PCB) manufacturing is moving rapidly up the technology ladder. Keeping internal processes current (and compliant) with new requirements, without disrupting existing customer demands, presents ongoing risks. To minimize potential failures, it is necessary to identify and manage these risks. The new version of the aerospace quality management system standard AS9100:2009 (Revision C) requires companies to assess and manage the risks involved with providing their product or service. Risk is defined in the standard as “an undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.”

Risk identification

Risk management consists of identifying those potentially undesirable situations, assessing their probability of occurring, understanding what the impact may be should the event happen, and determining what to do if the risk level is too high. Situations can be defined as failures and defect rates can be used to identify risk potential. The situations with the greatest defects are audited using a failure mode effects analysis (FMEA) rating system shown in figure 1. The results rate the level of risk, the likelihood of occurrence, and the consequence.

Stewart Anderson’s picture

By: Stewart Anderson

The 5 Whys is a well-known root cause analysis technique that originated at Toyota and has been adopted by many other organizations that have implemented lean manufacturing principles. Unlike more sophisticated problem-solving techniques, the 5 Whys doesn’t involve data segmentation, hypothesis testing, regression, or other advanced statistical tools; and in many cases can be completed without a data collection plan. By repeatedly asking the question “Why?” at least five times, you can successively peel away the layers of symptoms, which can lead to identifying the root cause of a problem.

Syndicate content