Subscribe to Email Updates

Quality Creates...Perspective

3 Reasons Why Risk Management for Compliance Shouldn't Stress You Out

Tim Lozier
by Tim Lozier on Mon, Nov 11, 2013

riskprocessSometimes the simplest path is the best path.  If you look at the most successful businesses today, they have built their philosophy around very simple ideals.  Apple is a great case of simplicity - simple design, simple message, and so forth (but let's not just talk about Apple).  Simplicity in business means asking "Why".  Simon Sinek, who is a prolific author and speaker boils it down to this concept.  Ask yourself why you do business and build out from there - all the complexities of any initiative will fall in line.  This can ring true for an organization looking to achieve compliance through risk management - understand the "why" and it won't seem so lofty a goal.

We talk about risk on this blog...a lot.  So much so, that we often get into the big theories and methodologies behind risk management, risk assessment and operational compliance related to Quality Management and EHS management.  And it's good stuff - I wouldn't write about it if it wasn't.  However, when I speak to people who are starting out building a risk-based strategy, they often get caught up in the details, and forget to look at things in a bigger, more simplified context.  "What tools to do I use?", "How many levels of risk do I drill down?", "What is ALARP?". and the list goes on.  You can read our other blog posts to get a sense of that, but for now let me boil it down to this - Risk Management shouldn't stress you out - chances are you are already doing it.  You just need to formalize it.  Here are 3 things to consider in your risk journey that might make it easier to digest:

1.  Risk should augment your processes, not replace them:  Too often, people feel like they need to re-engineer their overall processes to build in Risk, but it's not the case.  Risk Management seeks to identify threats and quantify them so you can make decisions.  You can do this in your existing processes; you just have to add risk to the picture.  Think of it like this - you encounter adverse events in the Quality System, and you have to make a decision on what to do with them.  You already do this in operations, all you are adding with Risk is a systematic and consistent method for doing it.  You just look at the events and rate the event with a risk assessment.  This can be designed to be easy, like a decision tree that asks you questions.  "Why is this event critical?"  "What are the consequences of this?"  "Is it bad - how bad?" Then, based on your answers, you come to a decision - most likely based on what you've done before.  By continuing to do this for events, and looking at your past, you've established a risk assessment that doesn't rely on "gut feel", it relies on evidence from the past, or using calculations of consequences.

2.  Ask yourself, "Why are we doing this"?:  So many times, companies receive a directive or have a goal to build in risk, and never step back to ask "Why"?  Knowing why risk is important is a big step to understanding how to go about it.  Why do most people build in risk management?  It's usually to help make better decisions.  Why do we want to make better decisions?  Because we want to be compliant.  Why do we want to be compliant?  Because ultimately, we make the best products and our customers are relying on us to make the best decision for them when using our products.  Having this mentality helps to understand that risk is not about some larger directive, it's about making the process more efficient and making the best possible decisions for our customers.  We want to make these decisions consistently and efficiently, and risk is just another extension of good business decision making.

3.  Risk Starts with Your People:  People always ask, "Where do i start on this risk journey?"  Don't start with the tools; don't start with the process - start with your people.  The best risk data comes from asking managers and operational leaders, "Where are your biggest threats to success?"  Most companies will send out a simple survey to ask this question, and having the people in the organization identify where the threats lie is the most important step in starting risk management.  These folks are in the field, executing on processes every day - they will know where potential problems/hazards lie.  Once you've done that, you can categorize these threats and start to build a "Taxonomy of Risk" - which is a lofty way of saying you categorize and prioritize the common risk types to see where you need to focus your attention.  Then, you can start to look at the processes with the most risk elements, and augment them with a risk assessment. 

It's important to ask questions for Risk Management.  Why?  How? Who?  These are the first steps to take in building a picture of your company's goals, opportunities, and obstacles to meeting the ultimate goals of the business.  Risk Management is simply a method to help you identify problems and make better decisions to get closer to your company goals, in such a way that is faster, repeatable and consistent.

The Role of Risk Management in Compliance Systems The Role of Risk Management in Compliance Systems

Wed, Nov 13, 2013 1:00 PM - 2:00 PM EST

In this webinar, guest speaker, Forrester Research’s Chris McClean, and EtQ's Tim Lozier will conduct a deep dive into the role of Risk Management in compliance, quality and EHS, providing analysis and research from Forrester including the best practices for managing risk and compliance, how compliance fits into the global management strategy, compliance challenges facing executives, and much more. We will also take a look at some of the key risk tools used, with real-world case studies on how risk is applied in operational compliance in organizations today.

Register to Attend the webinar Now


Leave a comment

Tim Lozier
Written by Tim Lozier
Tim is the Manager for Marketing and Strategy at EtQ, Inc.
Written by Author

Related posts

How To Map ISO 14001:2015 To Your EHS Management System


Environmental compliance should be a priority for every company, but an EHS management system helps ... 

Companies that have...

Rachel Beavins Tracy
By Rachel Beavins Tracy - June 27, 2019
Behavior-based Safety: What You Need To Know


BBS and Batman were both born in the 1930s, and still relevant in the 21st century ... 

Behavior-based safety may have its...

Rachel Beavins Tracy
By Rachel Beavins Tracy - June 11, 2019
6 Ways You Could Be Using Your EHS Software More Effectively

Nearly 3 in 4 Environmental, Health and Safety (EHS) professionals say their department is understaffed. Whether due to...

Rachel Beavins Tracy
By Rachel Beavins Tracy - August 2, 2018