Pawel Nowicki, PhD The Department of Quality Management Cracow University of Economics, Poland RISK...

Pawel Nowicki, PhDThe Department of Quality ManagementCracow University of Economics, Poland

RISK MANAGEMENT IN QUALITY MANAGEMENT -

METHODOLOGY

INTRODUCTION

An essential element in the strategy of any organization is to minimize business risk to a level that ensures the

security market.

To ensure efficiency and competitiveness, it is required from the organization to:

implement a system and a comprehensive approach to risk management and therefore

to identify effective methods for identifying, analyzing, monitoring and mitigation of risk.

TEMPUS MEETING KRAGUJEVAC 2015

INTRODUCTION

System management and its improvement should lead to a comprehensive minimizing of the risk of

adverse events.

A number of rules and standards supports this objective of minimizing risk.


INTRODUCTION

Universally known solutions relates to:

corporate risk management,

environmental risk,

the risk for accidents,

sickness,

biological risk or

loss of reputation due to the poor quality of the product.


INTRODUCTION

Risk is defined in the ISO 31000 standard as

"the effect of uncertainty on objectives".

At the same time it is shown that the uncertainty causes a deviation from the expectations - positive and/or

negative.

Risk is often expressed as a combination of the consequences of an event (including changes in circumstances) and the associated probability of

occurrence. TEMPUS MEETING KRAGUJEVAC 2015

THE RISK IN THE STANDARDIZED

MANAGEMENT SYSTEMS

The objective of each standardized management system is a systematic approach to supervise activities in the

organizations, focusing on the prevention of non-compliance.

Standardized management systems meet the requirements of different standards, and are a tools of

profiled risk management within the organization.


Combining the effects of the events of the likelihood of its occurrence is the most common component of the definition of

risk.

Risk management is defined as the coordinated efforts of directing and supervising the

organization's risk.

This definition is similar to the definition of the management of the different standards but a different element is always a major problem for the standard. In the ISO 31000 standard this applies to risk, and in the ISO 9001:2015 (draft version) it relates to quality.TEMPUS MEETING KRAGUJEVAC

2015


METHODOLOGY OF RISK MANAGEMENT

1. Risk identification (strategic and operational)

2. Risk analysis (strategic and operational)

3. Spot risk assesment

4. Hierarchisation of risk

5. Risk registration


RISK IDENTIFICATION (STRATEGIC AND OPERATIONAL)

Risk identification may be carried out:

top-down - head of the unit or the other senior executives identify risk in the organization;

bottom up - mid-level managers and employees identify the risks associated with their department and with the tasks performed.



Requirements concerning the risk identification:

Identification of risk requires the institution to understand the nature and objectives of the services provided. In this way, the institution can cope with the identification of risks to which it is exposed.

Then, specify the measures necessary to provide each service, based on knowledge of the functioning of the services and the risk of appearing at every stage of the business.



Example:

Service - Education Objectives - the safety of students, good results in exams Requirements - employment of qualified staff, maintenance of

buildings and equipment, ensuring cash. Identified risk: inability to maintain or improve the quality of teaching; lack of opportunities to optimize the contribution of all staff; changes in government policies affecting the curriculum; insufficient financial means to wealth creation; inadequate maintenance plan assets; serious violations of the legislation; failure to detect fraud; and inability to maintain the financial viability of the organization.



STRATEGIC RISK

RISK CATEGORY Risk Description The objectives which involve risk

Political

Economical

Social

Technological

Legislative

Environmental

OPERATIONAL RISK

RISK CATEGORY Risk Description The objectives which involve risk

Financial

Legislative

Vocational

Physical

Contractual

Technological



To effectively carry out the process of risk identification (manual):

In preparation for the session, managers and employees should have the opportunity to consider the impact of risk on the organization or the services provided by the unit.

Template should be drawn up to identify risks and give it to each participant prior to the session.

The execution of the contract there shall be determined the time necessary to discuss the risks, its causes and consequences. Therefore, it is necessary to understand the causes of risk.


RISK IDENTIFICATION (STRATEGIC AND

OPERATIONAL)

Provide incentives for starting and controlling the debate, stimulate discussion, maintaining a session within the set hourly and the results recorded session.

Each session participant can ask questions / identify risk without fear of any repercussions.

Sessions should be an open forum where employees can safely discuss the identified risks.

The results of the session should be saved and transmitted to verify and examine the participants of the session, which will enable clarification or extension of risk descriptions.


RISK ANALYSIS – STRATEGIC /OPERATIONAL

How can you make a risk analysis?

After identifying the risk, it should be subjected to analysis. The necessity of risk analysis results from the need to better understand the nature of the identified risks faced by the organization.

Risk analysis includes:

determine the cause and effect of identified risks;

risk of cross-checking (duplication and escalation of risk);

separation of the low risk from the significant risk;

evaluate the nature and risk category; and

the risk connection with the objectives of the organization.



Causes and effects of risk

In order to risk identification showed its results and to allow the definition of the future risk management method, for each identified risk should be followed :

The causes of risks (strikes, shortages of relevant stocks, natural phenomena) and

The impact of risk on the organization when they occur.



Questions that will enable the determination of impact:

whether the organization will work in breach of the law?

if the organization violates its duty to protect people - whether people will die? Do people get injured or get sick?

whether the risks would lead to financial losses? whether the risks would lead to a loss of image or

reputation of the organization? whether service users will notice any difference?



Separation of small and significant risk. The risk is divided considering:

its impact on the organization in the event;

probability of risk; and

existing risk control mechanisms.

This procedure allows the assessment of the level of risk, and whether action can be taken to control risks.



Effects/Impacts

These are possible outcomes, effects or consequences for organizations such as losses, injuries, adverse events, cost or delay.

Probability/Likelihood

This is the estimated probability or possibility of the event.

Risk control mechanisms

The existence and functioning of policies, standards, procedures and physical measures to prevent whose objective is to minimize the negative effects of risk for the organization.


RISK ANALYSIS – STRATEGIC /OPERATIONAL – AN EXAMPLE

Risk Analysis:Cause and effect

Analysis:Operating risk

control mechanisms

Anlysis: The relationship between the impact, probability

and control mechanisms

Risk of injury to the worker.

Cause:· Lack of training in health and safety of persons;· Dangerous equipment.The result:· The claim related to negligence;· Interference in providing services (as a result of the absence of the employee);· Damage to reputation.

· A comprehensive training program;· Evaluation each of the key activity in terms of protection of the health and safety of persons;· Ensuring in the budget more resources for the health and safety of people;· The inspection and maintenance of equipment;· The budget for the service;· The replacement of equipment;· The event reporting process with the health and safety of persons and· The presence of the person responsible for the health and safety of people in every department

Preliminary analysis suggests the risk of placing risks in the upper right corner of the chart, due to the high probability of an accident taking into account the number of employees participating in their activity or nature of the activity, which can lead to an accident.

However, the functioning of risk control reduces the likelihood of injury or death in an accident. Therefore, the risk moves from right to left on an axis of probability.


SPOT RISK ASSESMENT

How should you perform a spot/point risk assessment? The risk should be assessed in two ways:

As if there were no control mechanisms; and

Taking into account existing control mechanisms.

This assessment is carried out in order to:

Demonstrate the effectiveness of internal control mechanisms for reducing the risk; and

Highlight the serious risks that may be hidden, despite operating controls.


SPOT RISK ASSESMENT

The organization must agree and implement a spot/point risk assesment system including definitions for equal levels of probability and impact of risk.

After making these arrangements, there should be used risk management criteria in a uniform manner across the organization.


SPOT RISK ASSESMENT

In this way:

identified risks are assessed according to their impact on the entire organization,

(The risk to the greatest extent affecting the organization's ability to achieve the objectives are those risks which are assigned the highest priority from the point of view of risk management);

reduces the subjectivity associated with risk assessment point, and enhances transparency and accountability in the process of scoring risk assessment and prioritization.


SPOT RISK ASSESMENT

Points 1 2 3 4 5

Description Remote Unlikely Possible Probable Highly probable

Probability 0-20% 21-40% 41-60% 61-80% 81-100%

Table point of the probability of risk


SPOT RISK ASSESMENT

Points Description

Criteria

Financial OrganisationalProtecting the

health and safety of persons

Reputation

5 Extreme/Catastrophic

Financial loose> 125.000 EURO

Failure to achieve key objectives. Life loose

Press reports around the country

4 MajorFinancial loose25.000 EURO <

125.000 EUROFailure to achieve a key objective. Serious injuries

Some of the information in the national media

3 ModerateFinancial loose2500 EURO <

25000 EUROBusiness disruption Some injuries

Some of the information in local or regional media

2 MinorStrata finansowa25 EURO < 2500

EUROSmall business disruption Little injuries

Limited information in the local or regional media

1 Insignificant Financial loose< 25 EURO

Short-term business disruption Little injuries

Poor information in the local or regional media

Table point of the impact of risk


SPOT RISK ASSESMENT

Impact

Catastrophic 5 10 15 20 25

Major 4 8 12 16 20

Moderate 3 6 9 12 15

Minor 2 4 6 8 10

Insignificant 1 2 3 4 5

Remote Unlikely Possible ProbableHighly

probableProbability

Spot risk assessment matrix

HIERARCHISATION OF RISK

Spot risk assessment lets you organize your risks by their weight or dot matrix criteria for risk assessment.

This method allows prioritization of actions taken to reduce the risk:

Risk located in the upper right corner (red) need urgent attention of the organization;

risks contained inside the matrix (yellow) should be discussed and monitored. In some cases, an organization may take further action; and

Risk located in the lower left corner (green) is the lowest risk for the organization.


Impact

Catastrophic 5 10 15 20 25

Major 4 8 12 16 20 Moderate 3 6 9 12 15

Minor 2 4 6 8 10 Insignificant 1 2 3 4 5

Remote Unlikely PossibleProbabl

e

Highly probabl

eProbability


HIERARCHISATION OF RISK

It should be noted that:

Immediate action required for certain high-risk spot evaluation may not be possible at the moment.

Some operations can be easily and quickly undertaken to reduce medium and low risk.


RISK REGISTRATION

To understand the organization's risk profile, all information about the risks can be introduced into "risk register".

Risk register may be maintained in paper form, spreadsheet, database, or in a specialized risk management program. The Register should include all types of identified risks.

Risk register which forms the basis a risk management plan in the organization must be a "living document", changing in order to reflect the dynamic nature of risk and the risk management of the organization. There is no specific format of the risk register.


RISK REGISTRATION - EXAMPLES OF THE

INFORMATION CONTAINED IN THE RISK REGISTER

Risk Identification Number - a unique reference number for each type of identified risks.

Risk description - The description of risks, possible time scale of the risk and the possible impact on the organization.

The type / category of risk - the nature of the risk, ie. The strategic, financial, operational, and so on.

Risk Management - Manager responsible for the risk management.

Impact - Grading assigned to the consequences or effects of the risk to the organization.

Probability (likelihood inherent) - Grading attributed to the occurrence of risk in the absence of control mechanisms.


RISK REGISTRATION - EXAMPLES OF THE

INFORMATION CONTAINED IN THE RISK REGISTER

The total points assessment of the risk (inherent).

Functioning control mechanisms - control mechanisms currently operating in the organization, which reduce the likelihood of risk.

Probability (likelihood residual) - Grading attributed to the occurrence of risk, taking into account operating controls.

The total points assessment of the risk (residual).

Required action - concerted action to be taken to further reduce the likelihood of risk. Such action should reduce the residual risk assessment point.

Responsible for the operation and the date of implementation - the person responsible for carrying out the action and the date by which you must perform the operation.

CONCLUSION

Risk management is a term and practice that has been known for a long time.

In conclusion it is important to underline that risk management in the context of profiled management

systems is not substitutable but complementary in the idea of minimizing risks for business operation.

Elements that influence the decision of choosing a management system include type of business, size of the

organization and market conditions.


CONCLUSION

The application of effective mechanisms of risk management allows an organization to:

identify threats quickly and respond to them better than the competition

use appearing opportunities faster and better than the competition

which translates into

achieving more than the average income and will

maintain a relatively high rate of development, which is one of the conditions for lasting competitive advantage.TEMPUS MEETING KRAGUJEVAC 2015


Thank You very much for your attention

Pawel Nowicki, PhD The Department of Quality Management Cracow University of Economics, Poland RISK...

Documents

Transcript of Pawel Nowicki, PhD The Department of Quality Management Cracow University of Economics, Poland RISK...