Failure Mode and Effects Analysis (FMEA) and Program evaluation and Review Technique (PERT): The Most Commonly Used Technique for Analysing Risk

Abstract

A failure modes and effects analysis (FMEA) is a procedure in product development, systems engineering and operations management for analysis of potential failure modes within a system for classification by the severity and likelihood of the failures. A successful FMEA activity helps a team to identify potential failure modes based on past experience with similar products or processes, enabling the team to design those failures out of the system with the minimum of effort and resource expenditure, thereby reducing development time and costs. Because it forces a review of functions and functional requirements, it also serves as a form of design review. It is widely used in manufacturing industries in various phases of the product life cycle and is now increasingly finding use in the service industry. Failure modes are any errors or defects in a process, design, or item, especially those that affect the intended function of the product and or process, and can be potential or actual. Effects analysis refers to studying the consequences of those failures. The Program (or Project) Evaluation and Review Technique, commonly abbreviated PERT, is a statistical tool, used in project management, that is designed to analyze and represent the tasks involved in completing a given project. First developed by the United States Navy in the 1950s, it is commonly used in conjunction with the critical path method or CPM.

Keywords: Failure Modes and Effects Analysis, Reliability, Functional, Risk Priority Number

ORIGINS OF FAILURE MODES AND EFFECTS ANALYSIS (FMEA)

Procedures for conducting FMEA were described in US Armed Forces Military Procedures document MIL-P-1629 (1949; revised in 1980 as MIL-STD-1629A).By the early 1960s, contractors for the U.S. National Aeronautics and Space Administration (NASA) were using variations of FMECA or FMEA under a variety of names. NASA programs using FMEA variants included Apollo, Viking, Voyager, Magellan, Galileo, and Skylab. The civil aviation industry was an early adopter of FMEA, with the Society for Automotive Engineers publishing ARP926 in 1967.

During the 1970s, use of FMEA and related techniques spread to other industries. In 1971 NASA prepared a report for the U.S. Geological Survey recommending the use of FMEA in assessment of offshore petroleum exploration. FMEA as application for HACCP on the Apollo Space Program moved into the food industry in general. In the late 1970s the Ford Motor Company introduced FMEA to the automotive industry for safety and regulatory consideration after the Pinto affair. They applied the same approach to processes (PFMEA) to consider potential process induced failures prior to launching production.

Although initially developed by the military, FMEA methodology is now extensively used in a variety of industries including semiconductor processing, food service, plastics, software, and healthcare. It is integrated into the Automotive Industry Action Group's (AIAG) Advanced Product Quality Planning (APQP) process to provide risk mitigation, in both product and process development phases. Each potential cause must be considered for its effect on the product or process and, based on the risk, actions are determined and risks revisited after actions are complete. Toyota has taken this one step further with its Design Review Based on Failure Mode (DRBFM) approach. The method is now supported by the American Society for Quality which provides detailed guides on applying the method.

Implementation Failure Mode and Effects Analysis (FMEA)

In FMEA, failures are prioritized according to how serious their consequences are, how frequently they occur and how easily they can be detected. An FMEA also documents current knowledge and actions about the risks of failures for use in continuous improvement. FMEA is used

1

during the design stage with an aim to avoid future failures (sometimes called DFMEA in that case). Later it is used for process control, before and during ongoing operation of the process. Ideally, FMEA begins during the earliest conceptual stages of design and continues throughout the life of the product or service.

The outcomes of an FMEA development are actions to prevent or reduce the severity or likelihood of failures, starting with the highest-priority ones. It may be used to evaluate risk management priorities for mitigating known threat vulnerabilities. FMEA helps select remedial actions that reduce cumulative impacts of life-cycle consequences (risks) from a systems failure (fault). It is used in many formal quality systems such as QS-9000 or ISO/TS 16949, and AS9100.

FMEA is intended to provide an analytical approach to reviewing potential failure modes and their associated causes. FMEA is a recognised tool to help to assess which risks have the greatest concern, and therefore which risks to address in order to prevent problems before they arise. The development of these specifications helps to ensure the product will meet the defined requirements and customer needs.

The pre-work

The process for conducting an FMEA is typically developed in three main phases, in which appropriate actions need to be defined. Before starting with an FMEA, several other techniques are frequently employed to ensure that robustness and history are included in the analysis.

A robustness analysis can be obtained from interface matrices, boundary diagrams, and parameter diagrams. Failures are often found from external 'noise factors' and from shared interfaces with other parts and/or systems.

Typically, a description of the system and its function is developed, considering both intentional and unintentional uses.

A block diagram of the system is often created for inclusion with the FMEA, giving an overview of the major components or process steps and how they are related. These are called logical relations around which the FMEA can be developed.

Step of FMEA

Step 1: Occurrence

In this step it is necessary to look at the cause of a failure mode and the number of times it occurs. This can be done by looking at similar products or processes and the failure modes that have been documented for them in the past. A failure cause is looked upon as a design weakness. All the potential causes for a failure mode should be identified and documented. Again this should be in technical terms.

Rating Meaning

1 No known occurrences on similar products or processes

2/3 Low (relatively few failures)

4/5/6 Moderate (occasional failures)

7/8 High (repeated failures)

9/10 Very high (failure is almost inevitable)

2

Step 2: Severity

Determine all failure modes based on the functional requirements and their effects. Examples of failure modes are: Electrical short-circuiting, corrosion or deformation. A failure mode in one component can lead to a failure mode in another component, therefore each failure mode should be listed in technical terms and for function. Hereafter the ultimate effect of each failure mode needs to be considered. A failure effect is defined as the result of a failure mode on the function of the system as perceived by the user. In this way it is convenient to write these effects down in terms of what the user might see or experience. Examples of failure effects are: degraded performance, noise or even injury to a user. Each effect is given a severity number (S) from 1 (no danger) to 10 (critical). These numbers help an engineer to prioritize the failure modes and their effects. If the sensitivity of an effect has a number 9 or 10, actions are considered to change the design by eliminating the failure mode, if possible, or protecting the user from the effect. A severity rating of 9 or 10 is generally reserved for those effects which would cause injury to a user or otherwise result in litigation.

Rating Meaning

1 No effect

2 Very minor (only noticed by discriminating customers)

3 Minor (affects very little of the system, noticed by average customer)

4/5/6 Moderate (most customers are annoyed) 7/8 High (causes a loss of primary function; customers are dissatisfied)

7/8 High (causes a loss of primary function; customers are dissatisfied)

9/10

Very high and hazardous (product becomes inoperative; customers angered; the failure may result unsafe operation and possible injury)

Step 3: Detection

When appropriate actions are determined, it is necessary to test their efficiency. In addition, design verification is needed. The proper inspection methods need to be chosen. First, an engineer should look at the current controls of the system, that prevent failure modes from occurring or which detect the failure before it reaches the customer. Hereafter one should identify testing, analysis, monitoring and other techniques that can be or have been used on similar systems to detect failures. From these controls an engineer can learn how likely it is for a failure to be identified or detected. Each combination from the previous 2 steps receives a detection number (D). This ranks the ability of planned tests and inspections to remove defects or detect failure modes in time. The assigned detection number measures the risk that the failure will escape detection. A high detection number indicates that the chances are high that the failure will escape detection, or in other words, that the chances of detection are low.

Rating Meaning

1 Certain - fault will be caught on test

2 Almost Certain

3 High

4/5/6 Moderate

7/8 Low

9/10 Fault will be passed to customer undetected

3

After these three basic steps, risk priority numbers (RPN) are calculated

Risk priority number (RPN)

RPN play an important part in the choice of an action against failure modes. They are threshold values in the evaluation of these actions.

After ranking the severity, occurrence and detectability the RPN can be easily calculated by multiplying these three numbers: RPN = S × O × D

This has to be done for the entire process and/or design. Once this is done it is easy to determine the areas of greatest concern. The failure modes that have the highest RPN should be given the highest priority for corrective action. This means it is not always the failure modes with the highest severity numbers that should be treated first. There could be less severe failures, but which occur more often and are less detectable.

After these values are allocated, recommended actions with targets, responsibility and dates of implementation are noted. These actions can include specific inspection, testing or quality procedures, redesign (such as selection of new components), adding more redundancy and limiting environmental stresses or operating range. Once the actions have been implemented in the design/process, the new RPN should be checked, to confirm the improvements. These tests are often put in graphs, for easy visualization. Whenever a design or a process changes, an FMEA should be updated.

Timing of FMEA

The FMEA should be updated whenever:

A new cycle begins (new product/process)

Changes are made to the operating conditions

A change is made in the design

New regulations are instituted

Customer feedback indicates a problem

Uses of FMEA

Development of system requirements that minimize the likelihood of failures.

Development of methods to design and test systems to ensure that the failures have been eliminated.

Evaluation of the requirements of the customer to ensure that those do not give rise to potential failures.

Identification of certain design characteristics that contribute to failures, and minimize or eliminate those effects.

Tracking and managing potential risks in the design. This helps avoid the same failures in future projects.

Ensuring that any failure that could occur will not injure the customer or seriously impact a system.

To produce world class quality products

Advantages

Improve the quality, reliability and safety of a product/process

Improve company image and competitiveness

Increase user satisfaction

Reduce system development timing and cost

4

Collect information to reduce future failures, capture engineering knowledge

Reduce the potential for warranty concerns

Early identification and elimination of potential failure modes

Emphasize problem prevention

Minimize late changes and associated cost

Catalyst for teamwork and idea exchange between functions

Reduce the possibility of same kind of failure in future

Reduce impact of profit margin company

Reduce possible scrap in production

Limitations

Since FMEA is effectively dependent on the members of the committee which examines product failures, it is limited by their experience of previous failures. If a failure mode cannot be identified, then external help is needed from consultants who are aware of the many different types of product failure. FMEA is thus part of a larger system of quality control, where documentation is vital to implementation. General texts and detailed publications are available in forensic engineering and failure analysis. It is a general requirement of many specific national and international standards that FMEA is used in evaluating product integrity. If used as a top-down tool, FMEA may only identify major failure modes in a system. Fault tree analysis (FTA) is better suited for "top-down" analysis. When used as a "bottom-up" tool FMEA can augment or complement FTA and identify many more causes and failure modes resulting in top-level symptoms. It is not able to discover complex failure modes involving multiple failures within a subsystem, or to report expected failure intervals of particular failure modes up to the upper level subsystem or system.

Additionally, the multiplication of the severity, occurrence and detection rankings may result in rank reversals, where a less serious failure mode receives a higher RPN than a more serious failure mode. [16] The reason for this is that the rankings are ordinal scale numbers, and multiplication is not defined for ordinal numbers. The ordinal rankings only say that one ranking is better or worse than another, but not by how much. For instance, a ranking of "2" may not be twice as severe as a ranking of "1," or an "8" may not be twice as severe as a "4," but multiplication treats them as though they are. See Level of measurement for further discussion.

Types of FMEA

Process: analysis of manufacturing and assembly processes

Design: analysis of products prior to production

Concept: analysis of systems or subsystems in the early design concept stages

Equipment: analysis of machinery and equipment design before purchase

Service: analysis of service industry processes before they are released to impact the customer

System: analysis of the global system functions

Software: analysis of the software functions

INTRODUCTIONThe Risk Environment

5

In today‟s competitive business environment, business entities are faced with greater uncertainties(risks and opportunities) as they strive to create value. And in the quake of the current globaleconomic crisis, businesses in a bid to stay competitive have taken several crucial measures. Somebusinesses have cut-down on the number of staff tremendously to save cost in a bid to survive (oneof such businesses is British Telecom; a Telecom giant which cut 15,000 jobs after making a £1.3bnloss1), some shut-down offices, branches, divisions, or plants within their business enterprise due todrastic reduction in the demand for their products/services (such is the case of Honda motors whichshut-down its plant at Swindon for four months from February to May 20092), and the going „burst‟of several businesses due to the inability to repay their debt (an example is Woolworths which closeddown,closing its 807 British outlets and leaving over 27,000 people unemployed3). These have ledmanagers and investors in recent times to pay more attention to managing the risks inherent andemerging in their businesses.It is therefore of great importance for businesses to take advantage of making appropriate strategicdecisionson uncertain outcomes, as at worse it would cut-down losses due to disaster and at best,improve profitability in cases of opportunities. “Uncertainties present both risks and opportunities,with potential to erode or enhance value.”4 The sources of uncertainties with adverseeffects/outcomes (the probability of which is defined as risk) are described as due to thevolatility/complexity/heterogeneity of risk; the impact of external events (such as customerpreferences, competitors strategies, and so on), the response to external events /developments (suchas compliance to policies/regulations/standards, development of strategies, and so on), and thebehaviour of employees is as well crucial. Some of the risks covered in this research include capacityexpansion risk, diversification, vertical integration, financial, marketing, and human resources.The 2009 Risk Management survey5 carried-out by the Aon Corporation presents its findings in four

6

key components; Top ten risks, Overall risk preparedness, Business losses related to risk, and keybusiness topics/functions. And the top ten risks are published as follows:1. Economic slowdown2. Regulatory/legislative changes3. Business interruption4. Increasing competition (new addition to top ten since 2007 report)5. Commodity price risk (new addition to top ten since 2007 report)6. Damage to reputation7. Cash flow/liquidity risk8. Distribution or supply chain failure (new addition to top ten since 2007 report)

9. Third party liability

Failure to attract or retain top talentThe Relevance: A Need for Enterprise Risk ManagementThe recession has forced businesses to place more focus on the management of risks relating to allaspects of their businesses. Such management is broadly defined as “Enterprise Risk Management”ERM, which describes the set of activities that businesses undertake to deal with all the diverse risksthat face it in a holistic/strategic/integrated method. These risks include financial, strategic,operational, hazardous, and compliance risks, spanning through the organization. Many of such riskshave significant impact on the profitability, effectiveness, and reputation of business enterprises.In the 21st century, there are several checkpoints that have considerably driven the need for enterpriserisk management, which today is referred to as drivers of ERM, this includes increase in thefollowing6:Greater transparency (Corporate Governance)Financial disclosures with more strict reporting and control requirementSecurity and technology issuesBusiness continuity and disaster preparednessFocus from rating agenciesRegulatory compliance (laws and regulations)Globalization in a continuously competitive environment

7

The „what‟ ERM provides for Businesses (the benefits) has been highlighted in many publications, butas any critic (manger) would say, “this is not enough; anyone could lay claims that lofty”. The „how‟this is achieved is what these critics are interested in knowing now that it has caught their attention.They need very good reasons, why they should apply such a process looking at its associated cost andeffect on the bottom-line of their businesses. The „how‟ is what links the process of ERM to thebenefits it is said to give. This explanation may very well be the incentive that businesses(management) need to implement the ERM process towards realizing, with reasonable assurance,their strategic objects.UNDERSTANDING ENTERPRISE RISK MANAGEMENTThe Concept of Risk ManagementLet‟s start by understanding the simple concept of risk and progress gradually towards managingenterprise risks. The renowned „father of modern management‟, Peter Drucker is quoted to have said,and I quote, “a decision that does not involve risk, probably is not a decision”7. Thomas Stewart says;“Risk – let‟s get this straight up front – is good. The point of risk management isn‟t to eliminate it;

that would eliminate reward. The point is to manage it – that is, to choose where to place bets, and

where to avoid betting altogether”8. We see the same school of thought in the words of Dan Borge,former director of Bankers Trust; “Many people think that the goal of risk management is toeliminate risk – to be as cautious as possible, not so. The goal of risk management is to achieve thebest possible balance of opportunity and risk. Sometimes, achieving this balance means exposingyourself to new risks in order to take advantage of attractive opportunities.”9.Again, Peter Drucker makes it clear what an attempt to eliminate risk completely would lead to; “Abusiness has to minimize risk. But if its behaviour is governed by the attempt to escape risk, it will

8

end up taking the greatest and least rational risk of all: the risk of doing nothing.”10. Dr Vedpuriswaradds that risk can neither be avoided nor eliminated completely11. The theme of risk management isclearly highlighted as the minimization of risk in a bid to keep it within controllable limits, as well asthe acceptance of risk in other to gain reward – the definition of a risk appetite.Uncertainty in business and life in general is said to exist due to the futuristic nature of outcomes.The outcomes of business operations are to be reached at sometime in the future after the tasks havebeen performed. G. Monahan agrees to this in his work stating that businesses face risk due to theuncertainty of possible outcomes of the actions taken in the course of doing their business12.And even in situation where a high level of certainty exists towards the achievement of positiveoutcomes, a sudden disastrous event may occur to change this fate. Barton T. L. et. al. sheds light onthe „risk‟ debacles which the business community has witnessed that have resulted in considerabledecrease in shareholder value, financial loss, damage of company reputation, so on13. They point outthat such events may include environmental disaster, mergers destroying shareholder value,organisations trading in complex derivative instruments without the understanding of the „risks‟involved, traders lacking oversight and have inadequate controls for the enormous risks they assume,etcetera, while placing emphasis on the attention and handling of such „risks‟.G. Monahan argues on the notion that risk is the same as uncertainty, by defining risk as anythingthat produces a distribution of various probabilities for various outcomes14. COSO on the other hand,defines uncertainty as that which presents both risk and opportunities, with potentials to erode orenhance value. Risk is the possibility that the occurrence of an event will adversely affect theachievement of objectives, and opportunity is the possibility that an event will occur and positively

affect the achievement of objective. The author has adopted the COSO definitions in this paper.15

9

What is Enterprise Risk?Currently, the need for corporate governance, internal control (as well as the compliance to rules andregulations) and risk management have been of critical concern to businesses as experts call for theintegration of all three with a single management approach referred to as the integrated GRC.16

However, the solution came as „Enterprise Risk Management‟, as it emphasizes on all three aspectswithin its process of application. Experts point at the recent financial crisis and the related economicdownturn, and the failure of risk management to help the situation as further backing for the reevaluationof the discipline for a change to a more co-ordinated (wider scoped) risk managementapproach that recognizes the interdependencies of risks17. Again, Enterprise Risk Management isdescribed as the solution to this challenge.Enterprise risk is the aggregate of all functional and process risks a business entity faces in the courseof carrying out its business activities. Such risks would include the types described by CasualtyActuarial Society18 listed below:1. Hazard risk2. Financial risk3. Operational risk4. Strategic riskEnterprise Risk Management (ERM) approach is a first attempt to recognize the interdependenciesamong risks and the treatment of risks across all business operations. 16

About Enterprise Risk Management (ERM)The holistic approach that characterizes the present trend of risk management, referred to in sometext as enterprise-wide risk management, enterprise risk management (ERM), strategic riskmanagement, or integrated risk management, is aimed at dealing with uncertainty for theorganisation.19

The rationale behind this approach is that value is maximized when the decision-makers sets strategyand objectives to strike an optimal balance between growth and return goals, and the related risks,and efficiently and effectively allocate resources in pursuit of the entity‟s objectives.20 Barton et. al.

10

stated that the goal of this new approach is to create, protect, and enhance shareholder value bymanaging uncertainties that could influence the achievement of organisational objectives.21

Enterprise Risk Management is clearly distinguished from risk management and financial riskmanagement in the RIMS Executive Report, 2009. While risk management is described as a broad

term for the business discipline that is concerned with the protection of the assets and profits of an

organisation by either reducing the potential before it occurs, mitigating the impact of a loss if itoccurs, and the execution of a swift recovery after a loss occurs; Financial risk management is theterm often used by non-financial institution to describe the mitigation process for their financialexposure; Enterprise Risk Management on the other hand, is said to represent a revolutionary changein the risk management discipline that broadens the scope of risk management behaviours.22

By definition and contrast, ERM is seen as the new paradigm in risk management; while the oldparadigm in characterized by avoiding losses within a limited scope, separated by function, andterminates at the end of the task (or project), this new approach covers all risks, both internal andexternal, integrates and views all risks from a board, creating awareness organisation-wide, with thegoal of creating, protecting, and enhancing shareholder value by mitigating risks and seizingopportunities in a continuous process.The authorities and expert of this emerging discipline have defined ERM in a number of ways thatdepicts their perception and the way they practice it.The CAS committee definition is stated below:“ERM is the discipline, by which an organisation in any industry assesses, controls, exploits, finances,and monitors risks from all sources for the purpose of increasing the organisations short and longterm value to its stakeholders”23.The committee places emphasis on the following five parts of the definition:1. ERM is a discipline

11

2. ERM applies to all industry3. ERM exploits (value creating) as well as mitigate (manage) risk.4. ERM consider all sources of risks5. ERM consider all stakeholders of the enterpriseThe COSO committee describes ERM as one that deals with risk and opportunities, and definesERM as follows:“Enterprise risk management is a process, affected by an entity‟s board of directors and otherpersonal, applied in strategy setting and across the enterprise, designed to identify potentialevents that may affect the entity, and manage risk to be within its risk appetite, to providereasonable assurance regarding the achievement of entity objectives.”24

As before, the COSO committee also breaks the definition in to simple bits, it seems to be the mostelaborate definition of the concept;1. ERM is a process; it is ongoing and following through an entity.2. ERM is affected by people at every level of an organization.

3. ERM is applied in strategy setting.

ERM is applied across the enterprise, at every level and every unit, and includes entity-levelportfolio view of risk.5. ERM is designed to identify potential events that, in the event of their occurrence, will affectthe entity and to manage the risk within its risk appetite.6. ERM is able to provide reasonable assurance to the management and board of directors of anentity.7. ERM is general towards the achievement of objectives in one or more separate butoverlapping categories.Managing Enterprise RisksAccording to Lexicon Systems, LLC, this new, strategic imperative has grown momentum, and in asingle paragraph summarizes the activities of ERM which will take organisations years and years toaccomplish, stating that: organisation can support ERM solutions when they reach a certain level ofbusiness and information maturity. When this occurs, they establish a “risk culture” and then gatherrisk intelligence. The adoption of a process focused on GRC as against the “siloed” issue-by-issue

12

style follow. In addition to these, they suggest that the organisations establish a risk and compliancearchitecture that considers the business processes, the people and the information technology. Andfinally, the organisation commits and trains the members consistently on corporate policies andprocedures.25

The CAS committee states that this involves continual scanning of the risk environment andevaluating the performance of the risk management strategies, and the feedback into the contextsettingstep of the process and the cycle repeats again and again, continuously.26

The ERM process in a generic sense is a reiterative process in which certain sequential activities arecarried out starting with establishing a context, and then identifying events, analyzing and quantifyingrisks, integrating risks, assessing and prioritizing risks, and finally treating risks/exploitingopportunities. The monitoring and reviewing activities are continuous and concurrent with theseother activities.What is a Framework?By definition a framework serves as a guide, an outline or overview of interlinked items (activities) tofacilitate an approach towards achieving a specific goal. In this context, a framework would aid theimplementation of ERM. It does so by aiding to organize and structure an approach that can both bemeasured and repeated. A risk management framework is described as an organisational specific setof functional activities and the associated definitions that define the risk management system in an

organisation and also the relationship to the risk management organisational system.

The Enterprise Risk Management FrameworkThe “2008 ERM Benchmarking Survey” conducted by the Institute of Internal Auditors (IIA‟s) andIIA Research Foundation‟s Global Audit Information Network revealed in 2009 that the COSO‟sEnterprise Risk Management – Integrated Framework is the most commonly used framework to

13

guide risk management efforts. In the perspective of experts, the only rival to this is the revised ISO31000 standards published in late 2009.In managing risks, these ERM frameworks must identify and analyze it, and then take one of thefollowing actions28:Avoidance of risk by aborting actions that contributes to riskReduction of risk by reducing the likelihood or impact of riskShare or insure risk by transferring or sharing a portion of the risk (impact)And Acceptance of risk by taking no action as a result of a cost/benefit decisionSome other ERM frameworks/standards include:Association (FERMA)ISO 31000British StandardAIRMICRisk and Insurance Management Society (RIMS) Risk Maturity ModelFAA Safety Risk Management and so on.In this paper, the COSO‟s ERM integrated framework will be examined, as it deals with ERMapplicable to all industries and encompassing all types of risks.The Enterprise Risk Management – Integrated Framework is a framework developed by theCommittee of Sponsoring Organisations of the Treadway Commission (COSO) to meet therequirements of a robust framework that would effectively identify, assess and manage risk due toheightened concerns and focus on risk management. The aim was the development of a frameworkthat would be readily usable by managements to evaluate and improve the Enterprise RiskManagement of their organisations.29

The effectiveness and efficiency of the implementation of the COSO framework‟s concepts andprinciples will mostly be affected by an entity‟s size, complexity, industry, culture, management style,and other attributes.30 The Committee discusses that because of the availability of an array ofapproaches and choices, even similar organisations implement ERM differently. On pre-implementation, however, Jerry Micolism emphasizes on the need to develop a company-specificoperation before diving in for a company-specific ERM program.31

In today‟s business world, the ultimate purpose of an ERM framework would be seen as the

14

facilitation of the process to be described, automated, monitored and improved as part of the cycle ofcontinuous innovation and responsiveness to the business dynamics.The Business Case for Implementing Enterprise Risk ManagementThe society of architecture describes the drivers32 for this change and the development of thediscipline of ERM to be due to:1. Regulatory developments2. Rating agency views3. The COSO report4. Basel5. Economic capital6. Conglomerates7. Convergence of financial products, markets, globalization8. Board attention due to public‟s demand for certain assurancesThe challenges/issues of the traditional risk management approachThe major issue is the persistent contextual myopia in risk management, concentrated solely onhazard risk; risk management has been a disconnected function, risks do not always fit into categoriesquite neatly. An example would be business interruption at a plant, this has finance, marketing, andreputational implications beyond the effects on production and also, the applicability of the propertyinsurance policy. The growing recognition that co-ordinating and financing all facets of organisationalrisk effectively, is critical for the maximization of success.33 Scholars have observed that it cost muchmore to manage risk individually.The challenge of having a focus on narrow concerns, a fragmented approach toward riskmanagement has its solution in the understanding of the wider scope of risks being faced.34

Establishing, maintaining, and implementing a new approach35 having:An organisation-wide awareness of risk managementThe channels for communication of risksThe methods, tools and practices for managing riskThe ways to measure operational and financial riskThe organisational risk mapThe risk financing mechanisms

The measurements of risk management effectiveness

15

16