Organisational Requirements, Characteristics and Deliverables
Organisational Entities and Processes
Characteristics Process Relationships
Key Organisational Risk Points
Current Control Levels
Gap Analysis and Action Requirements based on Criticality, Significance and Annoyance
Risk Change Management
Succession Planning
Legacy Development
Organisational Expansion and Contraction
Organisational Requirements, Characteristics and Deliverables
In order to identify process risk within an organisation in a risk management program the process hierarchy needs to determine what is important to the organisation
which is generally defined by the organisation’s requirements, characteristics and deliverables. This can also be reflected in the organisations policies.
The process risk identification process is the method to deliver the process approach and risk approach required in ISO9001:2015.
Sources for organisational requirements, characteristics and deliverables can include but are not limited to:
- Organisational strategies and objectives
- Organisational short and long term plans
- Immediate process improvement campaigns
- 2 Year Plans
- 5 Year Plans
- 10 Year Plans
- Organisational Policy
- Procurement
- Supply Chain Payment
- Resourcing
- Process Cost
- Marketing deliverables
- Quality Objectives
- Safety and Regulatory requirements
- Standards the organisation chooses to be assessed by
- Jurisdictional requirements
- Personnel Well-being programs
- Market Metrics
- Exchange Rates
- Consumer confidence levels
- Interest Rates
- Inflation
- Raw Material costs
These when combined with their level of importance and relationship to each process will enable the organisation to gauge the level of relative risk of each
process within it.
For assistance in developing organisational requirements, characteristics and deliverables and aligning them with the organisational risk management program
please contact us via our
Contact Page.
Organisational Entities and Processes
In order to obtain process risk and relative process risk for the organisation the makeup and structure of the organisation needs to be known. The organisational process
and entities can be represented by the process hierarchy with each process related to one or many organisational entities which are represented by departments, groups or
teams within the organisation and its reporting chain. The process hierarchy for an organisation follows these distinct levels
- Level 1
- Organisational Level – organisation details, overall strategy and industry sectors defined
- Level 2
- Strategic – business departments/units that deliver the organisational strategy and key areas of business development
- Level 3
- Operational – processes within business departments that deliver the department/units requirements and objectives
- Level 4
- Instructional – micro view of process within the business department unit. Some processes at this level maybe in multiple business departments.
Each process within a level needs to be associated with at least one entity. Within that entity a role should exist that owns the process or co owns the process with
an equivalent role in another entity. Roles that execute processes could potentially come from multiple entities within the organisation.
A relationships
between organisational requirements, characteristics and deliverables and the organisational process hierarchy is established so that an assessment of the level of
risk in each process can be obtained.
For assistance in identification of the process hierarchy of the organisation and aligning it with the organisational risk requirements please contact us via our
Contact Page.
Characteristics Process Relationships
The level of detail in determining the process risk within an organisation in a risk management program will be a direct relationship with the level or levels of
process development undertaken in the organisational risk profile which will drive the placement and efficiency of any required process controls to mitigate risk
within the organisational processes.
In order to build the relationships each process needs to be questioned against each organisational requirement, characteristic and deliverable. This is achieved
using relationship identification as follows:
High – If the process fails or does not meet KPI or metric requirements there will be a major non-conformance/non-deliverable against the organisational requirement,
characteristic and deliverable
Medium – If the process fails or does not meet KPI or metric requirements there will be a minor non-conformance/non-deliverable against the organisational requirement,
characteristic and deliverable
Low – If the process fails or does not meet KPI or metric requirements there will be annoyance in other processes and metrics against the organisational
requirement, characteristic and deliverable
None – Blank – there is no known relationship between the process and the organisational strategy, deliverable, requirement or objective
For assistance in developing characteristics relationships between process hierarchy of the organisation and organisational requirements, characteristics and deliverables
within an organisational risk profile please contact us via our
Contact Page.
Key Organisational Risk Points
From the organisational risk profile the
organisational process risk profile can be determined.
From the Organisation Risk Profile the organisation can ascertain which processes at either level in the hierarchy a most prone to risk failure against all the
requirements of the organisation. Other factors can be added such as frequency of process, resource levels required for process, owners and executors of processes,
procedures, forms and work instructions related to each process, process interaction data, process metrics and so on.
Key Organisational Risk points are process that score highly relative to other processes and processes that are exposed to the safety, regulatory processes required
by the organisation and processes that are exposed to higher scoring organisational requirements, characteristics and deliverables which is at the organisational
discretion.
Identification of organisational key risk points and processes allows the organisation to focus on the processes that have a higher relative risk to the organisational
requirements over those processes that do not. Further drill down can be conducted on the processes with the higher risk profile. This can be achieved by:
- Conducting PFMEA on the higher risk processes
- Using an audit plan approach to audit higher risk processes more frequently
- Instigating contingency measures in process and personnel to ensure available resource and asset are at the required levels
- Real time alert on higher risk processes
- Update and implementation of process and organisational controls
For assistance in developing further analysis on identified higher risk processes within an organisational risk profile please contact us via our
Contact Page.
Current Control Levels
The process risk profiling tool allows for current process controls to be aligned with processes and organisational requirements, characteristics and deliverables and
rated for their effectiveness in controlling the potential non conformances in either processes or the requirement, characteristic and deliverable.
Process Controls can include:
- Manufacturing process controls
- Inspections
- Testing
- Automated systems
- Error Proofing
- Legal Instruments
- Sign Off
- Computerised Field Checking
- Audits
- Training and Training Matrices
- Procedures and Work Instructions
- Policy
- Induction and Safety training
- Site Inspections
- Alarms
- Electronic Controls
- Visual Management
- Templates and Gages
- Electronic Process Management
- KPI Monitoring
- And so on….
The level of control for a process or organisational requirement, characteristic and deliverable will be proportional to the level of severity of the failure related
to the process, requirement, characteristic and deliverable. The higher the severity the more robust the control required.
The levels of effectiveness of the control will lead to the organisation being able to perform a gap analysis on the process hierarchy and lead to actions to close
any risk gap through new or updated design controls.
For assistance in developing and assessing the levels of current process controls within an organisational risk profile please contact us via our
Contact Page.
Gap Analysis and Action Requirements based on Criticality, Significance and Annoyance
Gaps and action requirements occur in risk management programs when the controls and measures in place or missing in an organisational process hierarchy are insufficient
to control the process requirements and characteristics that could lead to critical or significant failure within the organisation.
Critical failure can be defined as any breach of safety or regulatory requirements of the organisation. Certain levels of financial and reputation risk that may lead to
organisational failure are also considered.
Significant failure can be defined as failure in the process to deliver the requirements of the organisation defined by the level of importance that the organisation
states against the requirements, characteristics and deliverables outlined.
As an example, an organisation may have a process that scores high on relative risk in the process risk profile of the organisation which has had no failure point
analysis conducted on it. The failure point analysis which deliver the process steps that when they fail could lead to any critical or significant event escaping and
require control to prevent this. There is a gap in the process hierarchy in terms of problem control and prevention. The actions that follow would be to conduct an
PFMEA on the high risk process and identify process points where potential escape points can occur which would lead to actions of the development of process controls
to mitigate the risk at this point. Alternatively, an action may exist that allows a particular failure to be controlled by an instrument/measure/test/inspection/control
that either prevents the cause of the outcome occurring or is a control for the entire process. Either way the gap analysis leads to specific actions around controlling
the cause of a particular process failure from occurring or removing the potential failure completely through process redesign.
Gaps are highlighted when the level of control is not adequate to the level of risk outlined in the organisational process risk profile.
For assistance in analysing gaps and developing actions against inadequate process controls within an organisational risk profile please contact us via our
Contact Page.
Risk Change Management
Change Management requirements in process improvement including the addition and upgrade of process controls would comprise of:
- A view of organisational processes and their interactions
- A view of process owners for stakeholder management
- A view of process executors for stakeholder management and change training requirements
- A view of the existing document chain at strategy/policy, procedural and work instruction levels
- A view of current resources and personnel required to execute current processes
- A view of current KPI in processes and interacting process and data representing the history of affected processes
Change management should be in of itself a process within the organisation that follows:
- Identification
- Change Notification
- Change Approval
- Planning
- Planning Approval
- Change Action
- Change Review and Monitor
- Document the Change
- Approval of Change
- Close Change and transition to BAU
The level of scrutiny of each step is directly dependant on the level of risk attained to the prescribed and or identified change.
Systems can be developed to create an efficient environment for process improvement and change that identify all the requirements of a process improvement and change
and can run the change management process for an organisation and store its history of change. This is a key characteristics of the Quality One
iProgent™ approach.
For further information on iProgent™ and assistance in change management and change management in process improvement please contact us via our
Contact Page
.
Delivering Process Improvement and upgrading and implementing controls comes in the change action section of the change management process. The action plan for
implementation of process improvements needs to be in the form of a Task and Timing Plan which needs to include:
- Risk Management and Mitigation
- Stakeholder Management
- Contingency Plans
- Resource and Asset cutover
- Personnel Training Plans
- Documentation Updates
- Data Collection Plans and Data Collection cutover
- Supplier and Customer engagement
- Transition to BAU
- Organisational Governance Requirements
A change management procedure should be written specifically for the organisation as a template for efficient process improvement change management in relation to the
specific products and or services the organisation delivers.
For assistance in developing a process improvement change management procedure and executing process improvements within an organisational risk profile please contact
us via our Contact Page.
Succession Planning
Process risk profiling identifies areas of the organisation that require a succession plan either by process or role. By obtaining the ownership and executors roles of
process the process risk profile can ascertain the role in the organisation that holds the greatest risk. These are the key roles in the organisation that require a
succession plan. The succession plan should include:
- An assurance in the management system that the processes of high risk are kept up to date
- Procedure
- Process Map
- Work Instruction
- Policy
- KPI
- Process Interactions
- Personnel Competency Requirements
- Training Matrix Competencies of all Personnel
- An assurance that personnel competencies are up to date. This allows for:
- Personal Development programs for each personnel for any succession planned role in the organisation
- Shadowing of positions by the most competent personnel
- Secondment of the highest competency personnel in times of leave or emergency
- Minimal time for process not running under high level competency delivery
- Capturing and closing any gaps determined by the process risk profile.
For assistance in succession planning within an organisational risk profile please contact us via our
Contact Page.
Legacy Development
Organisational Process Risk Profiling also identifies the areas of the organisation that are prone to legacy gaps when key personnel or resource move outside of the
organisation.
Legacy is the information within the organisation that is not captured in any formal manner. It is the data and capability that is removed from an organisation when
personnel or assets leave the structure of the organisation which does not allow for access to the data to occur any longer. It is important for an organisation to
identify where legacy data exists in the organisation, the importance of the data, the risk if the data cannot be accessed, whether the data requires capture and
whether a training program is required for the legacy data gap. Data or process that is part of the organisational enterprise wide integrated management system can
be considered legacy data that has been already captured and is not a gap in any risk profile or succession planning.
To identify areas of legacy and whether training is required in a risk management program the organisation needs to:
- Identify Processes with greatest risk to the organisation
- Identify Risky Processes with no ownership
- Identify Roles/Owners of Riskiest Processes
- Identify Processes with inadequate Skill Requirement Definition and Competency
- Identify Processes with inadequate Work Instruction
- Identify Personnel in roles and level of turnover in role
- Identify Roles with no lineage to Process and Process to Work Instruction and Procedure
- Prioritise legacy capture via risk, gap and likelihood of loss of legacy data
- Use legacy capture to create and or update Procedures, Processes and Work Instructions
- Identify personnel in new Procedures, Processes and Work Instructions
For assistance in legacy development within an organisational risk profile please contact us via our
Contact Page.
Organisational Expansion and Contraction
Body of Working Knowledge (BOWK) is the entire knowledge base of the organisation which expands and contracts on the basis of internal and external change drivers. The
BOWK is generally greater than the knowledge to be transferred in the Training Management System (TMS) as defined by the organisational curriculum. In rare cases the
gap between BOWK and the TMS can be significantly reduced by the internal change of staff turnover but the loss of legacy data that has not been transferred into the
TMS is potentially no longer available to transfer into Business As Usual (BAU). The BOWK feeds into the TMS through an understanding of the process hierarchy and hence
the curriculum is a subset of knowledge which is transferred into the day to day activity of the organisation and becomes BAU through training. BAU activity is a subset
of the courses and activities undertaken in the TMS and in itself feeds back into the TMS to alter the BOWK and the structure of the TMS and the courses and activities
themselves. A continuous organisational curriculum framework delivers training the requirements of the organisation as personnel changes and adds to its competencies
and as processes change with the competency requirements to deliver them.
The proposed high level view of the continuous curriculum framework program in the TMS is represented in the diagram as part of BAU as a subset of the TMS. The set up
development, implementation and assessment of the continuous curriculum framework in the TMS delivers the competency requirements of the organisation related to the
competencies in the processes founded in the process risk profile. Processes and roles that are of high risk should be the focus within the continuous curriculum
framework approach and be included in any change management requirements.
As the number of personnel expands the requirements on delivery and recording in the TMS increase to ensure risk from the process risk profile is covered. As the
personnel changes the level of competency in the personnel alters and the TMS must alert the organisation to shortfalls in the levels of competency to deliver the
required process. As the processes change the competencies and requirements of the process change -the TMS should deliver the shortfall in competencies to the
organisation and suggest methods to close the gap.
For assistance in the expansion and contraction of personnel and competencies within the organisation within an organisational risk profile please contact us via our
Contact Page.