Quality Progress - November 2015 - (Page 63)
ONE GOOD IDEA
BY KIM NILES
Don't Risk It
A four-step method for proper risk management
RISK MANAGEMENT remains a challenge for organizations despite the avail-
be periodically updated.
3. People-oriented barriers: There is
should consider using a project-based
approach called realize, instigate, substan-
ability of high-level International Organiza-
almost always some form of political or
tiate and know (RISK):
tion for Standardization (ISO) standards,
change management-oriented barrier in
* Realize: Management formally starts the
such as ISO 14971 and 31000, and other
place when assessing risk. While the use
project with everything needed to suc-
guidance documents.1, 2 Many reputable
of assumptions, different tools and meth-
ceed. All reasonable risks and assump-
organizations still are not getting it right,
ods can help facilitate these situations,
tions are realized along with proposed
and because they are included in industry
dangerous shortcuts are often created.
mitigation activities, which are agreed to
benchmarking efforts, large sections of en-
For example, instead of prioritizing tools
tire industries also are not getting it right.
and resources around reasonable risks, an
When risk management weaknesses
individual might do all the work using one
as related metrics are established.
form that has no hope of promoting the
Results and plans for the next phase are
are found through audits or other means,
hundreds of man-hours are often required to
repair the issues. Common risk-assessment
types of decisions that should be made.
4. Variation in scope: Scope varies in
at a formal phase-gate meeting.
* Instigate: Mitigation activities as well
agreed on during a phase-gate meeting.
* Substantiate: Data are collected over
failures can be put into five major categories:
what tools and methods are used, and
time, and risks are reviewed and ad-
1. Incorrect assessment criteria: This
what's included in the assessment. Don't
justed as applicable.
occurs when criteria used to rate a risk
focus on one tool, such as failure mode
were not correctly correlated or scaled
and effects analysis (FMEA). Mitigation
identify risk-based knowledge gained
to fit what was being assessed. It can be
action levels should be formally adopted.
after completion of a product or service.
a result of forms that were copied from
Some organizations separate risks
This might include lessons learned, criti-
another organization or product, as-
into customer and business risks. For
cal success factors, costs and benefits.
sumptions, or context not captured and
example: Is it a business risk if a vendor
Considerations will include transferring
considered in the assessment.
goes out of business, or is it a customer
knowledge to similar products, informa-
risk when a patient could be harmed
tion storage and communicating success
ment tools are typically formed by using
due to a late delivery of your product
teams, their results are all speculation.
as the result of that vendor going out of
Decisions are best made using real infor-
2. Not life cycle-based: While assess-
* Know: A formal report is created to
The benefits of conducting proper risk
management easily justify why organiza-
mation gathered and analyzed over time.
5. Variation in focus: Each type of FMEA
Risks also can change over the product's
should have a different focus. A process
efforts. By using the RISK model, it should
life. Risk assessments, therefore, must
FMEA should not be focused on the
become an ongoing project. QP
tions must ramp up their assessment
customer at the process level. If
an assessment team in the medical
device industry is expected to
guess how a machine might harm
a customer without guidance from
1. ISO 14971 offers specifications for a manufacturer's
process to identify potential hazards related to medical devices, and determine and control associated risks. For more
information, visit http://tinyurl.com/iso14971info.
2. ISO 31000 provides guidelines on risk management.
a doctor, the end result can be
Finding a solution
As standards include tighter and
more complex risk managementbased requirements, organizations
KIM NILES is an independent quality
and risk management consultant, and
a quality program adjunct instructor
at San Diego State University and California State University in Dominguez
Hills (CSUDH). He has a master's degree in quality science from CSUDH.
Niles is an ASQ fellow, as well as an
ASQ-certified quality engineer, Six Sigma Black Belt, and a
UCSD-certified Master Black Belt.
November 2015 * QP 63
Table of Contents for the Digital Edition of Quality Progress - November 2015
Mr Pareto Head
On the Horizon
To Measure is to Know
Measure for Measure
Quality in the First Person
One Good Idea
Back to Basics
Quality Progress - November 2015