Thursday 05 December 2024

Quality One Australia

Risk Management Programs

 

Risk Management Programs

Organisational Requirements Characteristics and Deliverables Organisational Requirements, Characteristics and Deliverables
Organisational Entities and Processes Organisational Entities and Processes
Characteristics Process Relationships Characteristics Process Relationships
Key Organisational Risk Points Key Organisational Risk Points
Current Control Levels Current Control Levels
Gap Analysis Gap Analysis and Action Requirements based on Criticality, Significance and Annoyance
Risk Change Management Risk Change Management
Succession Planning Succession Planning
Legacy Development Legacy Development
Organisational Expansion and Contraction Organisational Expansion and Contraction

Risk Management Programs Home Organisational Requirements, Characteristics and Deliverables

In order to identify process risk within an organisation in a risk management program the process hierarchy needs to determine what is important to the organisation which is generally defined by the organisation’s requirements, characteristics and deliverables. This can also be reflected in the organisations policies.

The process risk identification process is the method to deliver the process approach and risk approach required in ISO9001:2015.

Sources for organisational requirements, characteristics and deliverables can include but are not limited to:

  • Organisational strategies and objectives
  • Organisational short and long term plans
    • Immediate process improvement campaigns
    • 2 Year Plans
    • 5 Year Plans
    • 10 Year Plans
  • Organisational Policy
    • Procurement
    • Supply Chain Payment
    • Resourcing
    • Process Cost
  • Marketing deliverables
    • Market Share goals
  • Quality Objectives
  • Safety and Regulatory requirements
  • Standards the organisation chooses to be assessed by
  • Jurisdictional requirements
  • Personnel Well-being programs
  • Market Metrics
    • Exchange Rates
    • Consumer confidence levels
    • Interest Rates
    • Inflation
    • Raw Material costs

    These when combined with their level of importance and relationship to each process will enable the organisation to gauge the level of relative risk of each process within it.

    For assistance in developing organisational requirements, characteristics and deliverables and aligning them with the organisational risk management program please contact us via our Contact Page.

Risk Management Programs Home Organisational Entities and Processes

In order to obtain process risk and relative process risk for the organisation the makeup and structure of the organisation needs to be known. The organisational process and entities can be represented by the process hierarchy with each process related to one or many organisational entities which are represented by departments, groups or teams within the organisation and its reporting chain. The process hierarchy for an organisation follows these distinct levels

  • Level 1
    • Organisational Level – organisation details, overall strategy and industry sectors defined
  • Level 2
    • Strategic – business departments/units that deliver the organisational strategy and key areas of business development
  • Level 3
    • Operational – processes within business departments that deliver the department/units requirements and objectives
  • Level 4
    • Instructional – micro view of process within the business department unit. Some processes at this level maybe in multiple business departments.

Each process within a level needs to be associated with at least one entity. Within that entity a role should exist that owns the process or co owns the process with an equivalent role in another entity. Roles that execute processes could potentially come from multiple entities within the organisation.

A relationships between organisational requirements, characteristics and deliverables and the organisational process hierarchy is established so that an assessment of the level of risk in each process can be obtained.

For assistance in identification of the process hierarchy of the organisation and aligning it with the organisational risk requirements please contact us via our Contact Page.

Risk Management Programs Home Characteristics Process Relationships

The level of detail in determining the process risk within an organisation in a risk management program will be a direct relationship with the level or levels of process development undertaken in the organisational risk profile which will drive the placement and efficiency of any required process controls to mitigate risk within the organisational processes.

In order to build the relationships each process needs to be questioned against each organisational requirement, characteristic and deliverable. This is achieved using relationship identification as follows:
High – If the process fails or does not meet KPI or metric requirements there will be a major non-conformance/non-deliverable against the organisational requirement, characteristic and deliverable
Medium – If the process fails or does not meet KPI or metric requirements there will be a minor non-conformance/non-deliverable against the organisational requirement, characteristic and deliverable
Low – If the process fails or does not meet KPI or metric requirements there will be annoyance in other processes and metrics against the organisational requirement, characteristic and deliverable
None – Blank – there is no known relationship between the process and the organisational strategy, deliverable, requirement or objective

For assistance in developing characteristics relationships between process hierarchy of the organisation and organisational requirements, characteristics and deliverables within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Key Organisational Risk Points

From the organisational risk profile the organisational process risk profile can be determined.

From the Organisation Risk Profile the organisation can ascertain which processes at either level in the hierarchy a most prone to risk failure against all the requirements of the organisation. Other factors can be added such as frequency of process, resource levels required for process, owners and executors of processes, procedures, forms and work instructions related to each process, process interaction data, process metrics and so on.

Key Organisational Risk points are process that score highly relative to other processes and processes that are exposed to the safety, regulatory processes required by the organisation and processes that are exposed to higher scoring organisational requirements, characteristics and deliverables which is at the organisational discretion.

Organisational Goals and Objectives


Identification of organisational key risk points and processes allows the organisation to focus on the processes that have a higher relative risk to the organisational requirements over those processes that do not. Further drill down can be conducted on the processes with the higher risk profile. This can be achieved by:
  • Conducting PFMEA on the higher risk processes
  • Using an audit plan approach to audit higher risk processes more frequently
  • Instigating contingency measures in process and personnel to ensure available resource and asset are at the required levels
  • Real time alert on higher risk processes
  • Update and implementation of process and organisational controls

For assistance in developing further analysis on identified higher risk processes within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Current Control Levels

The process risk profiling tool allows for current process controls to be aligned with processes and organisational requirements, characteristics and deliverables and rated for their effectiveness in controlling the potential non conformances in either processes or the requirement, characteristic and deliverable.

Process Controls can include:

  • Manufacturing process controls
    • Inspections
    • Testing
    • Automated systems
    • Error Proofing
  • Legal Instruments
  • Sign Off
  • Computerised Field Checking
  • Audits
  • Training and Training Matrices
    • Procedures and Work Instructions
    • Policy
    • Induction and Safety training
  • Site Inspections
  • Alarms
  • Electronic Controls
  • Visual Management
  • Templates and Gages
  • Electronic Process Management
  • KPI Monitoring
  • And so on….

The level of control for a process or organisational requirement, characteristic and deliverable will be proportional to the level of severity of the failure related to the process, requirement, characteristic and deliverable. The higher the severity the more robust the control required.

The levels of effectiveness of the control will lead to the organisation being able to perform a gap analysis on the process hierarchy and lead to actions to close any risk gap through new or updated design controls.

For assistance in developing and assessing the levels of current process controls within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Gap Analysis and Action Requirements based on Criticality, Significance and Annoyance

Gaps and action requirements occur in risk management programs when the controls and measures in place or missing in an organisational process hierarchy are insufficient to control the process requirements and characteristics that could lead to critical or significant failure within the organisation.

Critical failure can be defined as any breach of safety or regulatory requirements of the organisation. Certain levels of financial and reputation risk that may lead to organisational failure are also considered.

Significant failure can be defined as failure in the process to deliver the requirements of the organisation defined by the level of importance that the organisation states against the requirements, characteristics and deliverables outlined.

As an example, an organisation may have a process that scores high on relative risk in the process risk profile of the organisation which has had no failure point analysis conducted on it. The failure point analysis which deliver the process steps that when they fail could lead to any critical or significant event escaping and require control to prevent this. There is a gap in the process hierarchy in terms of problem control and prevention. The actions that follow would be to conduct an PFMEA on the high risk process and identify process points where potential escape points can occur which would lead to actions of the development of process controls to mitigate the risk at this point. Alternatively, an action may exist that allows a particular failure to be controlled by an instrument/measure/test/inspection/control that either prevents the cause of the outcome occurring or is a control for the entire process. Either way the gap analysis leads to specific actions around controlling the cause of a particular process failure from occurring or removing the potential failure completely through process redesign.

Gaps are highlighted when the level of control is not adequate to the level of risk outlined in the organisational process risk profile.

For assistance in analysing gaps and developing actions against inadequate process controls within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Risk Change Management

Change Management requirements in process improvement including the addition and upgrade of process controls would comprise of:

  • A view of organisational processes and their interactions
  • A view of process owners for stakeholder management
  • A view of process executors for stakeholder management and change training requirements
  • A view of the existing document chain at strategy/policy, procedural and work instruction levels
  • A view of current resources and personnel required to execute current processes
  • A view of current KPI in processes and interacting process and data representing the history of affected processes

Change management should be in of itself a process within the organisation that follows:
  • Identification
  • Change Notification
  • Change Approval
  • Planning
  • Planning Approval
  • Change Action
  • Change Review and Monitor
  • Document the Change
  • Approval of Change
  • Close Change and transition to BAU

The level of scrutiny of each step is directly dependant on the level of risk attained to the prescribed and or identified change.

Systems can be developed to create an efficient environment for process improvement and change that identify all the requirements of a process improvement and change and can run the change management process for an organisation and store its history of change. This is a key characteristics of the Quality One iProgent™ approach.

For further information on iProgent™ and assistance in change management and change management in process improvement please contact us via our Contact Page .

Visio Change Management View


Delivering Process Improvement and upgrading and implementing controls comes in the change action section of the change management process. The action plan for implementation of process improvements needs to be in the form of a Task and Timing Plan which needs to include:
  • Risk Management and Mitigation
  • Stakeholder Management
  • Contingency Plans
  • Resource and Asset cutover
  • Personnel Training Plans
  • Documentation Updates
  • Data Collection Plans and Data Collection cutover
  • Supplier and Customer engagement
  • Transition to BAU
  • Organisational Governance Requirements

A change management procedure should be written specifically for the organisation as a template for efficient process improvement change management in relation to the specific products and or services the organisation delivers.

For assistance in developing a process improvement change management procedure and executing process improvements within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Succession Planning

Process risk profiling identifies areas of the organisation that require a succession plan either by process or role. By obtaining the ownership and executors roles of process the process risk profile can ascertain the role in the organisation that holds the greatest risk. These are the key roles in the organisation that require a succession plan. The succession plan should include:

  • An assurance in the management system that the processes of high risk are kept up to date
    • Procedure
    • Process Map
    • Work Instruction
    • Policy
    • KPI
    • Process Interactions
    • Personnel Competency Requirements
    • Training Matrix Competencies of all Personnel
  • An assurance that personnel competencies are up to date. This allows for:
    • Personal Development programs for each personnel for any succession planned role in the organisation
    • Shadowing of positions by the most competent personnel
    • Secondment of the highest competency personnel in times of leave or emergency
    • Minimal time for process not running under high level competency delivery
  • Capturing and closing any gaps determined by the process risk profile.

For assistance in succession planning within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Legacy Development

Organisational Process Risk Profiling also identifies the areas of the organisation that are prone to legacy gaps when key personnel or resource move outside of the organisation.

Legacy is the information within the organisation that is not captured in any formal manner. It is the data and capability that is removed from an organisation when personnel or assets leave the structure of the organisation which does not allow for access to the data to occur any longer. It is important for an organisation to identify where legacy data exists in the organisation, the importance of the data, the risk if the data cannot be accessed, whether the data requires capture and whether a training program is required for the legacy data gap. Data or process that is part of the organisational enterprise wide integrated management system can be considered legacy data that has been already captured and is not a gap in any risk profile or succession planning.

To identify areas of legacy and whether training is required in a risk management program the organisation needs to:

  • Identify Processes with greatest risk to the organisation
  • Identify Risky Processes with no ownership
  • Identify Roles/Owners of Riskiest Processes
  • Identify Processes with inadequate Skill Requirement Definition and Competency
  • Identify Processes with inadequate Work Instruction
  • Identify Personnel in roles and level of turnover in role
  • Identify Roles with no lineage to Process and Process to Work Instruction and Procedure
  • Prioritise legacy capture via risk, gap and likelihood of loss of legacy data
  • Use legacy capture to create and or update Procedures, Processes and Work Instructions
  • Identify personnel in new Procedures, Processes and Work Instructions

For assistance in legacy development within an organisational risk profile please contact us via our Contact Page.

Risk Management Programs Home Organisational Expansion and Contraction

Body of Working Knowledge (BOWK) is the entire knowledge base of the organisation which expands and contracts on the basis of internal and external change drivers. The BOWK is generally greater than the knowledge to be transferred in the Training Management System (TMS) as defined by the organisational curriculum. In rare cases the gap between BOWK and the TMS can be significantly reduced by the internal change of staff turnover but the loss of legacy data that has not been transferred into the TMS is potentially no longer available to transfer into Business As Usual (BAU). The BOWK feeds into the TMS through an understanding of the process hierarchy and hence the curriculum is a subset of knowledge which is transferred into the day to day activity of the organisation and becomes BAU through training. BAU activity is a subset of the courses and activities undertaken in the TMS and in itself feeds back into the TMS to alter the BOWK and the structure of the TMS and the courses and activities themselves. A continuous organisational curriculum framework delivers training the requirements of the organisation as personnel changes and adds to its competencies and as processes change with the competency requirements to deliver them.

The proposed high level view of the continuous curriculum framework program in the TMS is represented in the diagram as part of BAU as a subset of the TMS. The set up development, implementation and assessment of the continuous curriculum framework in the TMS delivers the competency requirements of the organisation related to the competencies in the processes founded in the process risk profile. Processes and roles that are of high risk should be the focus within the continuous curriculum framework approach and be included in any change management requirements.

Body of Working Knowledge


As the number of personnel expands the requirements on delivery and recording in the TMS increase to ensure risk from the process risk profile is covered. As the personnel changes the level of competency in the personnel alters and the TMS must alert the organisation to shortfalls in the levels of competency to deliver the required process. As the processes change the competencies and requirements of the process change -the TMS should deliver the shortfall in competencies to the organisation and suggest methods to close the gap.

For assistance in the expansion and contraction of personnel and competencies within the organisation within an organisational risk profile please contact us via our Contact Page.

Forthcoming courses

There are currently no upcoming training courses scheduled. We add more courses regularly, so please check back soon.

Latest News

8D Virtual Training

17-Jan-2023

8D Virtual Training
The next virtual 8D training course has been scheduled for the 30th and 31st of January 2023.

Details...

2022 Quarter Four Training Schedule

16-Oct-2022

2022 Quarter Four Training Schedule has been released with training in Melbourne, Brisbane, Auckland and online in FMEA, 8D, Process Mapping, SPC, and MSA.
Details...

Lean Six Sigma White Belt Training Melbourne

15-Jun-2022

Lean Six Sigma White Belt Training
The next Lean Six Sigma White Belt training course in Melbourne has been scheduled for the 8th of July 2022.

Details...


Quality One - Discover the Value

Quality One Australia was first established as Quality Associates Australia in 2005 due to an overwhelming response for its partner company, Q1 - Quality One USA to provide quality training, consultation and facilitation services to various industries throughout the South East Asia region.  We rebranded in 2018 to more closely align with our US partner.

We specialise in end to end process and quality management from initial education, training, curriculum and certification ( Lean Six Sigma , 8D , FMEA, APQP, SPC etc. ) through to the implementation of quality management, electronic management and business and process improvements across your organisation. We deliver change, improvement and solutions to organisations locally, throughout Australia, across the Asia region and globally through our Q1 network.

If you desire this level of excellence then let us help you achieve your goals.
Learn More
Copyright © 2024      This website and its associated software are the property of Quality One Australia. This software may not be copied redistributed or modified for any purpose without the express written permission of the copyright owners. All rights reserved.