Quality Progress - January 2016 - 52
BACK TO BASICS
BY PETER J. SHERMAN
Balancing the cost of risk and uncertainty
AFTER READING Jeffrey A. Robinson's
As the figure illustrates, organizations have
ability of occurrence also may mitigate
insightful QP article, "Keep Moving,"1 I
four basic responses for any identified risk:
risk by implementing the preventive
thought of other ways decision makers can
1. Risk acceptance (bottom-left quad-
measures outlined in No. 3.
Before deciding on a response to the
effectively manage risk and uncertainty.
rant). Accepting risk often is the best
Risk and uncertainty is what management
strategy for organizations facing issues
identified risk, an organization must bal-
is all about. If there were no risks, there
characterized by low magnitude of loss
ance the cost of the risk response against
would be no need for managers. In other
and low probability of occurrence. For
the risk level. The resources expended to
words, if everything were certain and
example, an organization seeking to
mitigate risk should be less than the conse-
predictable, there would be nothing to
grow its market share by distributing its
quence of inaction.
software online generally accepts the in-
Risk is something you can put a price
herent risks of piracy by protecting itself
on; uncertainty is risk that's difficult to
through secure access, limited licenses
measure. Organizations tend to either be
risk-tolerant or risk-averse. An organiza-
2. Risk transfer or avoidance (top-right
Risk level is commonly described using
the following cost justification formula:
Risk level = probability of occurrence x
magnitude of loss.
tion's tolerance of risk plays a role in how
quadrant). Organizations can avoid risk
For example, a 5-year-old piece of equip-
it responds to it.
entirely. For example, some pharmaceuti-
ment valued at $100,000 has a 10% probabil-
cal organizations choose not to develop
ity of breaking down in the next 12 months.
benefits of accepting risks that outweigh
vaccines to avoid lawsuits spurred by
The risk level can be quantified at $10,000
potential harm (that is, commodity products
claims of harmful side effects. Alterna-
($100,000 x 0.10). The response should cost
or services). Organizations willing to accept
tively, organizations can transfer risk to a
no more than $10,000.
higher risks may have a higher potential for
third-party insurance provider or supplier.
return on investments. Risk-averse organiza-
This requires purchasing insurance or
when presenting plans and budgets for ap-
tions (such as pharmaceutical organizations)
contractually transferring risk to an out-
proval. Keep in mind that cost justifications
are not always as simple as doing math.
Risk-tolerant organizations see the
are more cautious about accepting risks
because risk events can cause lawsuits,
3. Risk mitigation (bottom-right
Quality professionals can use this formula
Understanding the context is critical. For
quadrant). Organizations facing cir-
example, product liability insurance often
The combination of risk (magnitude
cumstances of high magnitude of loss
costs more than the expected value, but the
of loss) with uncertainty (probability of
and low probability of occurrence can
insurance is justified because the potential
occurrence) creates four basic categories
mitigate the probability and severity of
loss is so great. The bottom line is that man-
of risk levels that are shown in Figure 1.
identified risks by applying preventive
agers who understand risk and uncertainty
measures. These include: properly de-
will better manage the organization. QP
negative publicity and even death.
(probability of occurrence)
/ FIGURE 1
signed products, facilities and processes;
employee training; compliance management; preventive maintenance; busiredundant systems. Organizations also
the monetary, physical or reputation
damage from risk events.
4. Risk mitigation (top-left quadrant).
Organizations facing circumstances with
52 QP * www.qualityprogress.com
1. Jeffrey A. Robinson, "Keep Moving," Quality Progress,
November 2012, p. 71.
ness diversification; and the creation of
may use contingency plans to minimize
Risk (magnitude of loss)
low magnitude of loss and high prob-
PETER J. SHERMAN is the director of
Process Excellence with Cbeyond
Communications in Atlanta. He
earned a master's degree in civil
engineering from the Massachusetts
Institute of Technology in Cambridge
and an MBA from Georgia State University in Atlanta. A senior member
of ASQ, Sherman is a certified Lean Six Sigma Master Black
Belt, an ASQ-certified quality engineer and an Association for
Operations Management-certified supply chain professional.
Table of Contents for the Digital Edition of Quality Progress - January 2016
According to Plan
Use Your Head
Stakeholder Management 101
All About Data
Eight Simple Steps
Which Six Sigma Metric Should I Use?
Turning ‘Who’ Into ‘How’
In the Beginning
Outputs and Outcomes
That’s So Random—Or Is It?
Improving a System
Putting It All on the Table
Know the Drill
It’s Fun To Work With an F-M-E-A
Solve Problems With Open Communication
Tell Me About It
Separate the Vital Few From the Trivial Many
To DMAIC or Not to DMAIC?
Breaking It Down
1 + 1 = Zero Defects
Curve Your Enthusiasm
Make a Choice
What Is a Fault Tree Analysis?
Successful Relationship Diagrams
The Benefits of PDCA
Return on Investment
The Art of Root Cause Analysis
Why Ask Why?
Get to the Root of It
Checks and Balances
Clearing SPC Hurdles
Supplier Selection and Maintenance
Building a Quality Team
Plan Experiments to Prevent Problems
Quality Progress - January 2016