I'm big into Mountain Biking. I've been an avid biker for over 10 years now - if it's on two wheels, sign me up. As I matured as a biker, my confidence grew and I began to move faster on the trail. But as I moved faster, things become more complex. I had to process more information in less time - the bend in the trail, the slight angles and indentations of the topography before me. I upgraded my equipment, and got even faster, requiring more quick decision-making. If I made the wrong decision, I could end up eating tree bark or breaking my bones.
Those are the risks, right? But we take measures to mitigate risk - Helmets, pads, etc. There's an analogy here, trust me.
My point is this: Manufacturing industries have matured over the years, customer demand increases, and the complexity of the products also increase. So we now have a complex product lifecycle that needs to move faster to keep up with demand. Just like a mountain biker speeding along the trail, Manufacturers must keep pace with the demand, while ensuring Quality of the product at every step. The faster we move, the harder it becomes to correct adverse events, and prevent quality issues in the same way we're used to. We need a measure to help us search out the most critical issues and address the Quality issues that matter most. Risk Management is of growing importance in Quality for this very reason.
(If it were only this easy...)
Let's look at some of the areas risk plays in the Quality Lifecycle:
1. Risk in Design: Incorporating risk in design is a critical, but sometimes overlooked component in the Quality Lifecycle. Traditionally speaking Quality has always been reactive in nature - "Events happen and we need to correct them". However, if we can work towards mitigating risk during earlier stages in the product lifecycle, such as in design, then we can mitigate the risk of these in-field failures. Tools like Failure Mode Effects Analysis (FMEA) or simple Hazard Analysis provide the ability to break down a design to it core components and assess the risk of failure. By calculating the risk before the product is even built, you can take steps to mitigate that risk in a more proactive way. Even for known risks, you can better prepare your team for potential post-market events, and handle them more efficiently.
It's like reading the trail map before you head out on the ride - you know in advance where the danger areas are, and can take steps to slow down, speed up - or just go for that big jump.
2. Risk in Process: Corrective Actions are an issue in many organizations. You would think that a system designed to efficiently correct problem wouldn't be a problem itself, but it can be, especially if every event becomes a Corrective Action. Too many corrective actions can shift the focus on what is most overdue, versus what is most critical. By incorporating risk into the process of adverse events, you can filter the critical and non-critical events, ensuring that the highest risk events make it to the top of the list. Less critical events can even be handled immediately - Quality systems do not specifically state that every event become a corrective action. Using Risk will help to streamline the system in this fashion.
On the trail, you do risk assessments all the time - you pick an imaginary "line" down the hill, looking for the most efficient path. As you encounter potential risks, you focus on the most dangerous points on the line - "Do I worry about the log in the trail, or the big cactus jutting out on my side?" (the answer is to worry about the cactus - no log can hold me back).
3. Enterprise Risk Management: Risk mitigation is everywhere. Heck, I'm relating mountain biking to risk, so why wouldn't it be everywhere in an organization? If you think of an umbrella, the spines the make up the umbrella are the various areas (risk in design, risk in process, safety risks, human factors, governance, etc.). The Umbrella as a whole is Enterprise Risk Management (ERM). ERM seeks to combine risk elements from all over the organization and take action based on those elements in broad strategic level.
In reality, ERM follows a path no different that the more granular departmental levels:
Risk Identification: Simply put, look for the potential risks. Whether at a low-level or high-level, you need to figure out where your risks arise. This can be from adverse events, hazard analysis, departmental surveys and similar areas.
Risk Assessment: Once you've identified the risk, you need to determine how severe it is. Is this risk high, low, or negligible? Assessment seeks to categorize (and potentially prioritize) our risk.
Risk Review: New risks within an organization need to be reviewed. Risk cannot automatically be assigned an action - often you need a team to review the risk ranking, determine the next steps and so forth.
Risk Mitigation: We now ask the question, "how do we fix this?" Risk Mitigation relies on taking steps to correct the events, and ultimately reduce their risk to acceptable levels. Corrective Actions help to create a plan for investigating and correcting systemic issues, and reduce the risk of recurrence.
Risk Reporting: The last step is sometimes overlooked, but critically important. Reporting not only creates visibility into top risks, but it also lets you trend out potential areas of improvement. Reporting lets you see how one area's risks overlaps with other area's risks.
As industry move faster and product lifecycles shorten, you need to benchmark Quality not only as a corrective measure, but in a proactive, preventive way. Incorporating Risk into the product lifecycle will help to identify, mitigate and prevent potential risks along the way.
Much like a mountain biker traveling through the woods, you need to identify potential risks, assess the dangers, take steps to correct your "path" to mitigate the risk, and continue on. The faster you go, the more risk mitigation plays into the equation.
...and you try not to get too dirty in the process.