The questions you’ve always wanted to ask about risk-based thinking, and how to roll out risk management best practices across the enterprise.
At EtQ, our customers are some of the world’s best known organizations. We work with leading practitioners in the fields of quality management and environmental, health and safety. We also talk with business leaders anxious to establish robust risk management practices across the enterprise. Here are some of the questions that are frequently asked.
Q: What is a quality culture?
A: A quality culture is one that pursues continuous improvement across all the organization's activities through a program of operational excellence. Operational excellence is about executing the business strategy more efficiently, consistently and reliably than its competitors.
Q: What role does risk-based thinking play in a quality culture?
A: Risk is a concept that is universal to most organizations ‒ most people speak risk, even if they don't speak quality or environmental performance. Risk-based thinking provides a systematic and objective methodology for measuring performance, not just within quality and compliance but across all operations.
Q: What are the core benefits of the risk-based approach?
A: Risk provides metrics and a common language for assessing your businesses processes. It allows a company to normalize how it communicates its measures of operational efficiency to more people within the organization. Risk management delivers greater visibility and more control, leading to better decisions.
Q: What's the difference between a hazard and a risk?
A: The terms hazard and risk are often used interchangeably, but they mean different things. A hazard is a condition or situation that creates the opportunity for a problem to occur – a potential, but not a possibility. Risk is the likelihood that the hazard will lead to that negative consequence. Some hazards pose no risk, if there is no probability of exposure to that hazard. Risk management is knowing what those hazards are and estimating the probability of each one manifesting itself.
Q: What is the risk conversation?
A: This is a collaboration between key risk people from across your organization, including your supply chain, to identify risks and use objective and systematic means of measuring them. Its purpose is to cut across functional boundaries to understand how various risks interrelate, in order to develop a system to identify, assess and judge the collective effect they have on the organization's overall level of risk.
Q: What are currently the three most critical risks that every business should address?
A: Reputational risk, compliance risk and EHS risks.
Q: What are the most effective risk assessment tools?
A: Decision Tree, Risk Matrix, Bowtie Model and Failure Modes and Assessment Analysis (FMEA). Hazard Analysis (HACCP) is also widely used in the food and drink industry.
Q: After performing a risk assessment, can I consider my risk effectively managed?
A: No. Risk tools alone will not solve your risk problem. You need people to interpret the results. Assemble a risk team, drawn from across the functions of your organization, to review the different risk outcomes, build risk treatment options and define actions to treat those risks. Treatment of risk should be a combination of people, process and tools.
Q: How can I make my risk management team more effective?
A: Provide them with a high level of visibility and control with automated tools and best practices, such as incidence reporting that includes near-misses, a centralized Risk Register and a CAPA process that includes risk-based verification to ensure the risk has been effectively managed.
Q: Are there published guidelines for adopting a risk-based approach?
A: Yes, the ISO 31000 standard provides a high-level set of principles and guidelines on how to implement risk management. By aligning risk management with the standard, your business will increase the likelihood of achieving your objectives, improve your identification of opportunities and threats, and effectively allocate and use resources for risk treatment.
Q: What process should I use to implement a risk-based approach?
A: Use the Plan-Do-Check-Act (PDCA) protocol central to operational excellence programs. It is an iterative process which you can keep reapplying to your risk management practices to continuously improve your approach to risk.
Our risk management handbook gives you an up-to-date picture of best practices in leading businesses today, with step-by-step guidance on key processes and technologies. The Risk Management Handbook: Supporting a Quality Culture Across Your Business