Like many things in life, enterprise quality management approaches are not static. Certainly there are timeless elements of quality management strategies that have been applied for decades and will continue to be applied over time. But advances in computer and web-based systems have brought specific quality management tactics to the next level. We are now witnessing an unprecedented level of access and visibility into quality management metrics and performance, in some cases on a real-time basis.
This is part of a natural progression most organizations experience when it comes to quality management. Strategies and technologies that once worked—and, indeed, do continue to function as a bare minimum—need to be updated or sometimes overhauled or replaced in order to improve performance and accelerate competitiveness. This is particularly true when it comes to risk management, which, as global manufacturing leaders know, needs to be embedded into quality management approaches.
Implicit Versus Explicit Risk Management
Another factor that plays into this whole equation is that we tend to have two different and ultimately overlapping risk management approaches, which could be described as implicit and explicit.
- Implicit: This approach might involve evaluating existing quality processes, for example, prioritizing CAPAs based on how they will impact an organization’s risk profile, or auditing suppliers and facilities on a case-by-case basis based on risk factors. It can be thought of as more of a tactical approach, and differs from a more overt or strategic approach.
- Explicit: With this approach, organizations assess all areas of the enterprise proactively and build a clear, bottoms up risk framework replete with a comprehensive risk register that accounts for the robustness or lack thereof in quality processes, and proceed to apply it strategically across the entire organization.
Though a lot of companies evaluate risk solely along the lines of processes, it helps to marry tactical (implicit) risk approaches to strategic (explicit) approaches to fully round out the ORM framework.
With that, let’s discuss the increasingly closely knit relationship between quality and risk and how it can manifest in three key functional areas.
1. Corrective and Preventive Actions (CAPA)
CAPAs are a fundamental component of quality management processes. The identification stage of CAPA processes of course precedes the investigation stage that follows, but should also connect to how we assess operational risk, as well as control mechanisms that feed into the CAPA identification process, from a Good Manufacturing Practices (GMP) perspective.
When Operational Risk Management (ORM) is linked with or embedded into EQMS, the risk assessment approach benefits from accumulated information generated through the identification of hazards and adverse events, which in turn improves our capabilities when it comes to quantifying, prioritizing, and migrating risk.
When EQMS and ORM systems intertwine, we can eventually begin to prioritize our workflow based on CAPAs. For example, Risk Matrices can be informed by the number of open CAPAs, which point to areas of business activity that become “riskier” business activities by virtue of the fact they are associated with open CAPAs. As these two elements begin to “speak” to one another, we ultimately make risk management and quality management more effective.
2. Audit Management
Just as risk assessment ought to be linked to identification of events and hazards from CAPA processes, there’s a two-way feedback loop that ought to be established between risk assessment and the initial phases of audit management. As we establish audit criteria, we can leverage data acquired in historical and ongoing risk assessments. And risk assessments, likewise, are also be informed by the criteria we have established to conduct audits.
And as discussed with CAPAs, we see how a risk matrix can be informed by metrics associated with audit performance, audits complete/incomplete, as well as audit frequency, just as risk factors can feed back into audit management, inviting us to, perhaps, audit certain performance factors on a higher frequency, more intensive basis based on risk, and others on a lower frequency, less rigorous basis.
3. Supplier Quality Management
It’s one thing to roll out risk management across the enterprise. It is quite another to consider how we apply the quality, risk, and indeed sustainability management requirements we have applied to our own organization right across our supply chain and vendor base.
Quality, risk and sustainability need to be more tightly integrated, across the enterprise and its entire supply chain. Functionally, this asks manufacturing leaders to boost their ability to evaluate and monitor suppliers on an ongoing basis according to quality, supply chain, and operational risk factors.
Organizations need the ability to rank both supplier quality management and supplier relationship management according to—above and beyond quality—risk-based metrics that can actually be accumulated through the right analytical tools. However, this means linking these interrelated tools across the enterprise.
The Risk of Ignoring Quality Risk Management
There’s really no rocket science behind the factors discussed above, and the fundamental message is that when we embed risk into quality processes, quality performance can improve courtesy of being linked to risk information, and, closing the continuous feedback loop, quality process data can be fed back into risk processes to improve our capacity to analyze risk.
Quality management data is too valuable to be left in silos, especially in the manufacturing environment, and in turn risk management data is too valuable to be isolated from quality management frameworks. Only the right processes and technology—supported by an organizational culture that views quality and risk as pervasive corporate matters—will enable an organization to manage quality effectively from a risk-based perspective.
If you’re interested in learning more about the connection between quality and risk management, sign up for our webinar today, The Evolving Role of Risk in Enterprise Quality Management. We will be sharing benchmark data from a recent quality management survey, discussing the role of technology in quality risk management, and sharing best practices for mitigating risk and improving quality earlier in the value chain.