Documente Academic
Documente Profesional
Documente Cultură
1
Integrated Risk Management System across all 7 Risk Domains
- based on common principles and processes of ISO 31000
Our Business
Our people
2
RBT in Objective Decision Making
3
Why Risk Based Thinking RBT?
Decision-Making
requires at least informal qualitative RBT
4
Uncertainty & Confidence
Prediction / Forecasting
FAN Chart Example - Bank of England forecast from 09/10
5
Uncertainty & Confidence
Prediction / Forecasting
FAN Chart Example - Bank of England forecast from 09/10
6
Audience Participation a
Imagine that you are the Quality Manager of a
company that produces very expensive cars.
Imagine you have discovered that there is a very
serious, complex quality problem in the
production line so that there is a risk that
600 very expensive cars will have to be
rejected / destroyed if nothing is done about
the problem.
Alternative risk control programs to combat
the quality problem have been proposed to you.
Assume that the exact scientific estimates of the
consequences of the options are as follows:- 7
Audience Participation b
8
New Different Company !
BUT same Problem
If program X [ a sure thing ] is adopted,
a certain 100% probability that 400 cars will
definitely be rejected & destroyed.
If program Y [ a gamble ] is adopted,
a 33% probability that none of the 600 cars will
be rejected & destroyed
and
a 67% probability that all of the 600 cars will
be rejected & destroyed
Which risk control option should you choose ?
Program X [ a sure thing ]
or Program Y [ a gamble ]
9
Takeout from that exercise ?
In ISO 31000:2009—
“Risk Management—Principles and Guidelines
on Implementation,”
“possible” “probable”
“Black Swans = No prior experience”
12
Risk Language
Extract from APPENDIX to Paper
Better Terminology for Risk Based Conversations
• 3 pages of recommended risk terminology
•Give me your business card and I will send you a copy
13
Uncertainty & Variance
Or
reducing uncertainty regardless of consequences?
personally
16
Risk Communication
& Risk Based Language
Lack of Clarity, Confusion and Argument
during Discussions and Decision-Making
is mostly due to Inconsistent Use of Language
Belief 1:
50% of the communication problems
in the world result from people
- using the same words with different meanings.
Belief 2:
the other 50% comes from people
- using different words with the same meaning.
17
Examples of Different
Connotations of Quality Risks
Different Risk
Connotations Quality Risks
It is too risky to distribute that batch of under-spec
Danger product and then incur a recall cost as well as
damage to our brand.
21
RBT Requirements in ISO 9001:2015
[ Indicative Record ONLY -refer to paper & training for detailed coverage ]
Introduction The concept of risk-based thinking is generally explained.
4.4 Quality The organisation is required to determine the processes of its Quality Management System
Management (QMS) and to address both its risks and opportunities.
Top management is required to promote awareness of, and competence in risk-based
5.1.1 Org. thinking. Also to provide strong leadership in determining and addressing risks and
Leadership opportunities that can affect product and service conformity.
5.1.2 Serving Risks and opportunities must become the core of serving an organisation's customer
Customers base, including not only maintaining quality, but to improve customer perceptions as well.
The organisation is required to identify risks and opportunities related to QMS
6.1.2 performance. Determining appropriate actions to address them needs to be the central
Risk-Driven planning focus. ISO 31000:2009 explains that these actions must be combinations of risk
Planning treatment options for the organisation's advantage, including risk avoidance, managed /
tolerable risk-taking, & sharing risk with interested parties / customers / stakeholders.
The organisation is required to determine and provide necessary resources for
managing risks and opportunities. Risk Management (RM) processes are always
7 Support
implied whenever ‘suitable’ or ‘appropriate’ are mentioned as qualifiers of
requirements for management decisions, planning and actions.
The organisation is required to manage all its operational processes to minimise risks
8 Operation and optimise opportunities. Risk is always implied when judgmental terms ‘suitable’ or
‘appropriate’ are mentioned as qualifiers to management decisions.
The organisation is required to monitor, measure, analyse and evaluate effectiveness
9.1.3 Measuring
of chosen risk treatment options taken to address the risks and opportunities in achieving
Performance
its QMS objectives.
10 The organisation is required to correct, prevent (... manage the risk of…) or reduce
including10.2 undesired effects through an improved QMS which manages its risks and opportunities.
Continual improvement requires iterative ongoing risk management processes involving
Nonconformity
review, recording, monitoring, re-assessing, and treating. If non-conformances are
& Corrective
established, they must be factored back into the planned risk management approach to
Action determine a new risk profile for appropriate management. 22
Basic 8 STEP Version of the RBT Process
1. What is Context & Scope of the process/issue /activity?
7. Record
8. Monitor/Review
23
ISO 31000: 2009 Risk Assessment
ANSI Z690-2:2011 Establish Context & Scope
of the Risk exposures
Identify
Describe the Risk exposures in detail
Communicate
& Consult
Monitor &
Record
Review
Analyse
Estimate/Calculate size R=L*C
Evaluate
Is Risk tolerable ? YES
Is risk reduced
SOFARP ?
No further Actions
required ?
NO
25
Putting the “R” in QRM
Risks Opportunities
Objectives
Double Negative Focus Double Positive Focus
zero defects achieve full conformity
{ this process & the next } reduce risk of { this process & the next }
OR defects OR
Six Sigma achieve Six Sigma
customer reduce risk of guarantee
satisfaction customer dissatisfaction customer satisfaction
control of reduce risk of gain
process variance uncontrolled process control of process
variance variance
reduce risk of assure
reliability
unreliability reliability
reduce risk of ensure
security
breach of security security
reduce risk of warrant
fit for purpose
lack of fitness for purpose fit for purpose
26
Transition from Preventive Action to
Quality RM or RBT
27
Is RBT the same as
Preventative Action ?
Appear to be the same or similar proactive
approaches, an important difference is that :-
Preventive Action
usually refers to preventing future problems,
whereas RBT is about both :-
maximising opportunities for positive outcomes &
minimising risks of negative consequences
of all business activities.
Quality Risk Management QRM or QRBT
is about maximising chances of gain by
exploitation of opportunities as well as minimising
chances of loss caused by intentional or
unintentional exposure to quality hazards or
quality risk factors. 28
Preventive Action
& False Confidence
The term preventive action often gives
false confidence.
It implies the absolute view that a remedial action
can be devised that will permanently reduce risks to
absolute zero 0% or exploit opportunities to 100%
forever.
No risk control or mitigation measure can ever
prevent, stop, eliminate risk completely, forever!
30
RBT & MOC
Management of Change
An important early stage of assessing quality risks
- risk identification - is to ask the questions :-
and
to retain documented information,
refers to Records.
33
“Documented Information” & RBT
Qualitative
[ traffic light
approach ]
36
Quantitative Risk Analysis
[ Indicative Record ONLY -refer to training for detail ]
Semi-
Quantitative
Estimate the
composite
Likelihood of the
whole scenario
Full
Quantitative
QRA
Estimate and
compound the
Likelihood of each
and every risk
factor in the
scenario 37
Quality Risk Consequence Severity Scale
The C in the expression R = L * C
{ scales to be decided by Board within scope, context, and policy }
[ Indicative Record ONLY -refer to training for detail ]
38
Establish the Context
Risk of the risk exposures
Evaluation
Identify
Specify / Describe the
Risk exposures in detail
Record
Analyze Monitor
Estimate / Calculate the size of risk & Review
R =L*C -
Evaluate YES
the risk level
Is it tolerable?
SOFARP ?
NO
Treat
the Risk
( control / avoid / share ) 39
Risk Treatment Options
Inherent
Decrease Severity Risk
Likelihood
Residual
Risk
[A]
Decrease both L and C Decrease Likelihood
Residual
Risk
[B] Residual
Risk
[C]
Consequence Severity
40
Record / Monitor / Review
Example of a Risk / Opportunity Register
[ Indicative Record ONLY -refer to training for detail ]
41
Risk Management Training
[ Indicative Record ONLY -refer to training for detail ]
42
Thanks for your Attention !
Any Questions ?
jim@soteris.com.au 43
Psychology of RBT
[ Indicative Record ONLY -refer to training options for detail ]
Behavioural Decision-Making
Risk Perception
45
Spare Slides
46
Variance
Six Sigma Quality Conformance
Defects /
Nonconformities
0.00034 %
3.4 in 1,000,000
3.4 chances in 1,000,000
Flawless / Correct /
Conforming
99.99966 %
999,997 in 1,000,000
999,997 chances in 1,000,000
47
ERM System ? Integrated MSs ?
[ Indicative Record ONLY -refer to training options for detail ]
54
Concluding Points
60
Audience Participation 1
Make a prediction as to where the graph is headed
by attaching a % Probability to each possibility.
Up 37
Same 46
Down 8
Can’t Say 9
Time
Just to remind you, the probabilities have to add up to 100.
We have removed the rates and time from the axes of the graphs as they are irrelevant in this game
61
“Downside” & “Upside”
Risk & Opportunity
[ Indicative Record ONLY -refer to training for detail ]
62
Uncertainty & Variance
[ Indicative Record ONLY -refer to paper for detailed coverage ]
Label
Severity Verbal Description of Non-Conformance
Level
• Any nonconformity which involves health & safety risks to anyone
using, maintaining, depending upon, affected by, interacting with, the
Critical
3 product or service.
• Ditto – significant risks eg, Financial / Environment / PR.
• Any nonconformity involving a risk to a vital operational activity.
• Any regulatory non-conformity.
• Any unplanned extra work, retrofitting, rework, repeat service calls,
repairs
• Any non-conforming goods or materials from suppliers.
Major
65
Sample Consequence C Selection Guidance
[ Indicative Record ONLY -refer to paper & training for detailed coverage]
66
Sample Likelihood L Estimation Guidance
[ Indicative Record ONLY -refer to paper & training for detailed coverage]
67
Factors influencing personal Risk perceptions
[ Indicative Record ONLY -refer to paper & training for detailed coverage]
68