It recently occurred to me while moderating panels on operational excellence during an SAP Manufacturing Forum that many organizations and manufacturing executives are tangentially, if accidentally, engaged in risk management without their knowledge.
In this post we will take a cursory glance at what firms are already doing in the way of risk management while re-framing what has been viewed as compliance as business improvement processes. We end by advocating the importance of explicitly managing operatioinal risk.
Yesterday’s Compliance Management
Nearly all manufacturers are engaged in inspections, hazard analysis & critical control points (HACCP), or ISO 9001 among others. These essential processes help to mitigate risk but are carried out in the name of compliance. In the case of inspections, the traditional ‘produce and sort’ quality control methods fail to prevent hazards from occurring, and only identify hazards at the end of the process. HACCP seeks to identify and plan out hazardous production practices based on science, and designs measurements to reduce those risks to a safe level. The ISO 9001 standard provides a tried and tested framework for taking a systematic approach to managing the organization’s processes so that they consistently turn out product that satisfies customers’ expectations.
Today’s Business Improvement
Most manufacturers are merely concerned with the mentioned processes as a way of complying with regulation. They do not embrace the spirit of regulation, which is to understand manufacturing processes and therefore reduce the risks involved. Fully embracing this spirit would leave manufacturers with improved business processes and provide them with a framework for developing rigorous operational risk management systems.
A comprehensive risk management framework must identify risk, quantify risk, prioritize risk and mitigate risk. Most manufacturers do the mitigations, think of HACCP for FDA regulated industries (e.g. food service, cosmetics, and pharmaceuticals), for compliance purposes but fail to go through the entire exercise. Taken together, the framework can seem quite daunting since each of the capabilities on their own could generate a vast body of research. Consider the Risk Quantification portion of the framework. Risk Quantification is calculated by looking at the likelihood that a specific risk factor may occur and the impact to the organization if it does occur.
Tomorrow’s Operational Risk Management and Operational Excellence
Tomorrow’s risk management will be about testing the process, not every product. This will lead to reduced testing on finished goods and will encourage companies to look at risk holistically, and not just as a way to comply with regulation.
Companies must acknowledge how important opertional risk management is to quality. Given that quality touches the entire product life-cycle, from design and manufacturing to sales and service, successful operational risk management is a proxy for quality. It therefore becomes increasingly important for manufacturers to explicitly manage risk and employ people and processes dedicated to this aim.
Companies should always ponder why they do what they do and design and implement processes that address their aims. When companies predict and quantify risk, they will be able to better understand the problem at hand and leverage executive leadership to bring to bear the synergies of people, process, and technology that will put them on a path to operational efficiency, innovation and continued success.