Organisational Strategy and Deliverables
Safety and Regulatory Requirements
Quality Objectives
Identification of Risk Levels
Process Organisational Requirement
Relationships
High Risk Process Drill Down
Process FMEA
Organisational Strategy and Deliverables
In order to identify process risk within an organisation the process hierarchy needs to determine what is important to the organisation which is generally defined by
the organisation’s strategy, objectives and deliverables. This can also be reflected in the organisations policies.
The process risk identification process is the method to deliver the process approach and risk approach required in ISO9001:2015.
Sources for organisational strategies and deliverables can include but are not limited to:
- Organisational short and long term plans
- Immediate process improvement campaigns
- 2 Year Plans
- 5 Year Plans
- 10 Year Plans
- Organisational Policy
- Procurement
- Supply Chain Payment
- Resourcing
- Process Cost
- Marketing deliverables
- Quality Objectives
- Safety and Regulatory requirements
- Standards the organisation chooses to be assessed by
- Jurisdictional requirements
- Personnel Well-being programs
- Market Metrics
- Market Metrics
- Consumer confidence levels
- Interest Rates
- Inflation
- Raw Material costs
These when combined with their level of importance and relationship to each process will enable the organisation to gauge the level of relative risk of each process
within it.
For assistance in developing organisational strategies, objectives and deliverables and aligning them with the organisational risk profile please
contact us via our
Contact Page.
Safety and Regulatory Requirements
Safety and regulatory requirements make up a large portion of any organisations risk. Knowing these and the clauses within them contribute to the knowledge of process
risk within the organisation. Each clause within each safety and regulatory requirement needs to be assessed against the organisational processes in order to include
them in the organisational risk profile. The importance of all the safety and regulatory requirements will be at the highest critical end of any scale used to determine
its relevance to the organisation.
Safety and regulatory requirements can include but are not exclusive to:
- ISO45001 and regulatory and jurisdictional equivalences
- Organisational governance requirements by jurisdiction
- Financial reporting
- Industry specific requirements
- Automotive
- Manufacturing
- Financial
- Insurance
- Design and Development
- Medical
- Defence
- FMCG
- Mining
- Education
- Technology
- Environmental requirements
- Product specific requirements
For assistance in identifying organisational safety and regulatory requirements and aligning them with the organisational risk profile please contact us via our
Contact Page.
Quality Objectives
Quality objectives within an organisation can be an evolving and changing priority and are an integral part of maintaining and executing an organisational management
system. Each quality objective should be updated within the risk profile of the organisation as it is added, updated and/or completed.
Typical quality objectives can take the form of any action of continuous improvement within the organisation and can include:
- Goals to reduce defects
- Durability targets of products and machines
- Efficiency and performance targets for processes
- Throughput objectives
- Stability and capability targets of processes
- OEE Targets
- Accuracy and completeness objectives
- Customer service targets
- Safety targets
- KPI Targets
- SMED Objectives
- Planning and target prediction accuracy and precision
As quality objectives can change over time it is imperative for organisational risk profiling that assessment is made against processes each time they are updated.
For assistance in identifying organisational quality objectives and aligning them with the organisational risk profile please contact us via our
Contact Page.
Identification of Risk Levels
In order to identify risk levels of processes the organisational risk profiling needs to develop a scale that all organisational strategies, deliverables, requirements
and objectives can be assessed against. This will allow for the quantitative approach in analysing the relative risk of each process. This can also be aligned to the
maturity of each process to produce key risk gaps within the organisational process hierarchy delivery.
As an example, a scale combining the importance of ISO clauses for ISO9001, ISO14001, ISO45001 may follow the outline below.
Scales should be relevant to the organisation and need to follow a critical, significant, annoying, insignificant methodology consistent across any and all scales used.
Each organisational strategy, deliverable, requirement and objective needs to have an associated level of risk to the organisation should it fail to deliver the
strategy, deliverable, requirement and objective. There may be several assessment scales used and all should be aligned for equivalency based on critical, significant,
annoying, insignificant factors.
For assistance in identification of risk levels for organisational strategies, deliverables, requirements and objectives and aligning them with the organisational risk profile
please contact us via our
Contact Page.
Process Organisational Requirement
The process organisational requirements can be represented by the process hierarchy. The process hierarchy for an organisation follows these distinct levels
- Level 1
- Organisational Level – organisation details, overall strategy and industry sectors defined
- Level 2
- Strategic – business departments/units that deliver the organisational strategy and key areas of business development
- Level 3
- Operational – processes within business departments that deliver the department/units requirements and objectives
- Level 4
- Instructional – micro view of process within the business department unit. Some processes at this level maybe in multiple business departments.
A
relationship
between organisational strategies, deliverables, requirements and objectives and the organisational process hierarchy is established an assessment of the level of risk
in each process.
For assistance in identification of the process hierarchy of the organisation and aligning them with the organisational risk profile please contact us via our
Contact Page.
Relationships
The level of detail in the process risk facilitation will be in direct relationship with the level or levels of relationship development undertaken in the organisational
risk profile which will drive the placement and efficiency of any required process controls within the organisational processes.
In order to build the relationships each process needs to be questioned against each organisational strategy, deliverable, requirement and objective. This is achieved using
relationship identification as follows:
High – If the process fails or does not meet KPI or metric requirements there will be a major non-conformance/non-deliverable against the organisational strategy, deliverable,
requirement or objective
Medium – If the process fails or does not meet KPI or metric requirements there will be a minor non-conformance/non-deliverable against the organisational strategy, deliverable,
requirement or objective
Low – If the process fails or does not meet KPI or metric requirements there will be annoyance in other processes and metrics against the organisational strategy, deliverable,
requirement or objective
None – Blank – there is no known relationship between the process and the organisational strategy, deliverable, requirement or objective
For assistance in developing relationships between process hierarchy of the organisation and organisational strategies, deliverables, requirements and objectives within an
organisational risk profile please contact us via our
Contact Page.
High Risk Process Drill Down
From the Organisation Risk Profile the organisation can ascertain which processes at either level in the hierarchy a most prone to risk failure against all the
requirements of the organisation. Other factors can be added such as frequency of process, resource levels required for process, owners and executors of processes,
procedures, forms and work instructions related to each process, process interaction data, process metrics and so on.
This allows the organisation to focus on the processes that have a higher relative risk to the organisational requirements over those processes that do not. Further
drill down can be conducted on the processes with the higher risk profile. This can be achieved by:
- Conducting PFMEA on the higher risk processes
- Using an audit plan approach to audit higher risk processes more frequently
- Instigating contingency measures in process and personnel to ensure available resource and asset are at the required levels
- Real time alert on higher risk processes
For assistance in developing further analysis on identified higher risk processes within an organisational risk profile please contact us via our
Contact Page.
Process FMEA
Process FMEA (PFMEA) discovers failure that impacts product quality, reduced reliability of the process, customer dissatisfaction, and safety or
environmental hazards derived from:
- Human Factors
- Methods followed while processing
- Materials used
- Machines utilized
- Measurement systems impact on acceptance
- Environment Factors on process performance
A process FMEA will be able to pinpoint areas, sections, actions or decisions in a process that could lead to organisational strategies, deliverables,
requirements and objectives not being met. The organisational will be able to hypothesize, test and control the potential causes of failure at the particular
hierarchical process level that the failure analysis is being conducted.
The process FMEA should be conducted on processes with high levels of relative risk within the organisation. Areas that require action or addressing based on the
PFMEA analysis need to follow the critical, significant and annoying framework which should be aligned to the level of importance in the organisational risk profile
framed from the organisational strategies, deliverables, requirements and objectives.
For assistance in conducting and developing PFMEA from the output of organisational risk profiles profile please contact us via our
Contact Page.