Managing risk has always been a part of quality but now leading companies are looking at specific Quality Risk Management solutions
There are many different contexts in which the term Operational Risk Management can be referenced. If you look at the definition of Operational Risk Management in Wikipedia, much of it is driven from military applications. It is not until the very end of the entry that definitions more typical to business and software settings are mentioned.
In this post we will look at how discrete manufacturing and process industry companies should think of Operational Risk Management and how these principles can be used to reduce risk and improve performance.
What Is Operational Risk Management?
Operational Risk Management is a framework for understanding and managing a company's operations. Many of the more traditional frameworks that companies have used in the past only address operational risks implicitly. However, given today's regulatory and competitive environment, it is important for companies to start looking at risk explicitly in operations.
Traditional management systems, like those promoted by ISO, would include the following:
- ISO 9001:2008 Quality Management System
- ISO 14001:2004 Environmental Management
- ISO 50001:2011 Energy Management System
Complying with these standards means a company has defined roles, responsibilities, documentation, and action plans for managing performance and continuously improving operations in each of these areas. In a way, implementing one of these standards can be thought of as a well proved risk mitigation action, but risk mitigation is only one piece of the overall Operational Risk Management framework. A complete risk management framework has multiple risk capabilities and in its most simple form would look something like the following:
- Risk Identification
- Risk Quantification
- Risk Prioritization
- Risk Mitigation
Each of these capabilities on their own can be considered large areas of research and will not be covered in detail here. What will be considered is the types of risks that are considered operational risks and should be subject to this management framework. There are differences by industry, but a good starting point can be determined by examining what types of risks would be identified as operational in nature. In most cases, this would include the following:
At first glance, this seems like a very broad list, and it is. To explicitly manage every risk in these areas would quickly prove overwhelming. So to help narrow this list it is helpful to think about the Risk Quantification portion of the framework. Risk Quantification is calculated by looking at the likelihood that a specific risk factor may occur and then the impact to the organization if it does occur. With this in mind, Operational Risk Management is not going to look at every possible risk that impacts an asset or employee. Rather, we look at the subset of risks that are Operational in nature. A list of these risk areas is again industry specific, but a good starting point is as follows:
By limiting our definition of the Operational Risk Management framework to these areas, we can ensure that the right people are involved in the initiative and it does not become overwhelming. Although, to ensure a successful Operational Risk Management initiative, it takes more than just getting the structure and scope of the framework right.
Access this NEW eBook, "Manufacturing Metrics in an IoT World: Measuring the Progress of the Industrial Internet of Things," presents results from the fourth iteration of the biennial Metrics that Matter research study conducted between LNS Research and MESA International. It places particular focus on what IIoT means to manufacturers in the MOM space.