how healthy robust is your ability to manage risk
play

How Healthy (Robust) is Your Ability to Manage Risk? Thoughts on - PowerPoint PPT Presentation

How Healthy (Robust) is Your Ability to Manage Risk? Thoughts on Risk Based Thinking Requirements in ISO 9001:2015 Presented at the March 17, 2016 ASQ Delaware Section Dinner Meeting Ron Makar (ASQ) CBA, CHA, CQA, CQE, CMQ/OE Principal


  1. How Healthy (Robust) is Your Ability to Manage Risk? Thoughts on Risk Based Thinking Requirements in ISO 9001:2015 Presented at the March 17, 2016 ASQ Delaware Section Dinner Meeting Ron Makar (ASQ) CBA, CHA, CQA, CQE, CMQ/OE Principal Consultant Innovative Quality Consulting, LLC +1 302.494.5978 ron@iQualityConsulting.com www.iQualityConsulting.com www.linkedin.com/in/ronmakar

  2. Topics We Will Cover this Evening 1. Risk Basics : Review common terms and concepts related to risk 2. Risk Based Thinking (RBT) : What is it, how is it different from risk management and what are the requirements in ISO 9001:2015 3. Discussion : How do your RBT efforts stack up against your peers? Tonight’s Objective : To get you to think differently about how you deal with risk

  3. Questions for You … Who among you: 1. Has an established QMS? 2. And is registered to ISO 9001:2008? 3. Is familiar with ISO 9001:2015 (i.e. has a working knowledge of)? 4. Think that you understand what is intended by RBT (vs. risk management)? 5. Works in a regulated industry, e.g. med. Devices, pharma., requiring the application of a risk management program?

  4. Risk Basics Risk based thinking is something that you do inherently (and automatically) in everyday life Sometimes you are forced to make decisions based on a hunch or intuition when you do not have sufficient facts, data or credible information Harry Callahan (Dirty Harry) 1971

  5. Risk Basics Risk based thinking is something that you do inherently (and automatically) in everyday life Go Slow Stop You intuitively know the consequences by not following (probability of occurrence X severity of harm)

  6. Risk Basics - Definitions Harm Physical injury or damage to the health of people, or damage to property or the environment Hazard Potential source of harm Hazardous Situation Circumstances in which people, property, or the environment are exposed to one or more hazard(s) Risk Combination of the probability of occurrence of harm and the severity of that harm Source: BS EN 14971:2012 Medical devices – Application of risk management to medical devices

  7. Risk Basics This is a photo of a single car accident caused by TWD (texting while driving) Harm: Damage to property, injury/death to people Hazard: Inattentive driving (source of harm) Hazardous Situation: The act of texting while driving Risk: P robability of having an “accident” Severity of harm potentially fatal

  8. Risk Basics (Risk Management) • RA: Identify hazards & estimation Risk Analysis of risks for each hazardous Risk situation Assessment • RE: Compare estimated risks Risk Evaluation against given risk criteria to determine acceptability of the risk • RC: implementation of risk Risk Risk Control reduction/elimination measures to Management acceptable levels • RRA: Remaining risk after risk Residual Risk control measures implemented Analysis • PRR: Review of risks during use, e.g. storage, transportation, Post Production maintenance Review Source: BS EN 14971:2012 Medical devices – Application of risk management to medical devices

  9. Risk Basics Murphy’s Law: Risk oriented (occurrence vs. severity) “If anything can go wrong, it will“ Probability of Potential hazards that occurrence can result in harm http://www.murphys-laws.com/murphy/murphy-true.html

  10. Risk Basics: 2 Types of Risk Bad Risk & Good Risk Negative Risk (think: Threats) The likelihood that an unwanted outcome will occur resulting in negative consequences Positive Risk (think: Opportunities) The likelihood that a desired outcome will occur resulting in positive consequences

  11. ISO 9001:2015 Key Changes Risk Based Thinking

  12. ISO 9001:2015 – Key Focuses Enhance clarity and compatibility with other management system standards. 1. Enhanced leadership involvement in the management system 2. Includes Risk ‐ based thinking built-in to the whole system 3. Simplified language, common structure and terms 4. Aligning QMS policy and objectives with the strategy of the organization

  13. ISO 9001:2015 (Major Paradigm Shift) ISO 9001:2008 (and earlier) We tended to see how our organizations “fit” into the requirements of the standard . ISO 9001:2015 You are required to think more about your organization from a contextual, process and risk perspective • Who are you? • What is important? • Who cares?

  14. Risk (def.) ISO 9001:2015 Effect of uncertainty Source: ASQ/ANSI/ISO 9000:2015 Quality management systems – Fundamentals and vocabulary

  15. What is Risk Based Thinking? ISO 9001:2008 (and earlier) • Preventive Action clause separate from others ISO 9001:2015 • Consideration of risk is integral and proactive rather than reactive in preventing or reducing undesired effects through early identification and action • Preventive action is built-in when the management system is risk-based

  16. What is Risk Based Thinking? We Know That: 1. Risk is inherent in all aspects of a QMS • or Business Mgt. System, if you are thinking at the enterprise level 2. Risks exist in all systems, processes and functions RBT ensures that risks are identified, considered and controlled throughout the product development process

  17. What is Risk Based Thinking? More Thoughts: 1. It is really not new – you are probably thinking about things that can go wrong (or right) every day! 2. Is ongoing and ensures greater knowledge of risks and improves preparedness 3. Increases probability of reaching objectives 4. Reduces probability of unintended results

  18. Benefits of RBT • Improves governance (compliance, control) Do What You Say – Say What You Do • Establishes a proactive culture of improvement • Enables statutory and regulatory compliance • Assures quality of products and services • Improves customer confidence and satisfaction • Increase effectiveness of the QMS By considering risk throughout the system and all processes, the likelihood of achieving desired outcomes is improved

  19. What is Risk Based Thinking ? 1. It is NOT risk management (a more disciplined, structured, formal approach) 2. No formal risk program required in ISO 9001:2015 3. A systematic approach, vs. treating “prevention” separately 4. Addresses a need to be more proactive 5. Performance based 6. Requirements, Objectives Driven 7. Process based

  20. ISO 9001:2015 and RBT 1. Address risks and opportunities associated with context and objectives 2. Utilizes process based approach 3. Determine factors that could cause processes or QMS to deviate from planned results 4. Establish preventive controls to minimize negative effects and maximize opportunities 5. Increase effectiveness of the QMS

  21. ISO 9001:2015 and RBT (by clause) Clause 4: QMS and its processes The organization is required to determine its QMS processes and to address opportunities Clause 5: Leadership and its commitment • Required to promote the use of process approach and RBT • Required to determine and address risks and opportunities that can affect product/service opportunity

  22. ISO 9001:2015 and RBT (by clause) Clause 6: Actions to address risks and opportunities The organization is required to plan and implement appropriate actions to address risks and opportunities and evaluate their effectiveness Clause 7: Resources The organization is required to determine and provide necessary resources

  23. ISO 9001:2015 and RBT (by clause) Clause 8: Management of operational processes The organization is required to manage its operational processes Clause 9: Monitor, Measure, Analyze and Evaluate The organization is required to monitor, measure, analyze and evaluate the effectiveness of actions taken to address risks and opportunities

  24. ISO 9001:2015 and RBT (by clause) Clause 10: Nonconformity and corrective actions The organization is required to correct, prevent or reduce undesired effects (e.g. nonconformities, customer complaints) and improve the QMS and updated risks and opportunities

  25. RBT Methodology Considerations 1. Define/Describe Your Organization’s Systems 2. Determine “ Context ” 3. Identify Key Processes Use Process Approach Inputs  Transformation  Desired Outcomes 4. Identify Measureable Objectives

  26. RBT Methodology Considerations (continued): 5. Once you have mapped out 1 through 4, you can now identify • Harms • Hazards • Hazardous Situations that can potentially prevent you from meeting objectives, and determine what is acceptable and what is unacceptable

  27. Context of the Organization You need to: 1. Understand the needs and expectations of interested parties 2. Determine the scope of your QMS (BMS) Clause 3.2.2 Context of the organization Combination of internal and external issues that can have an effect on an organization’s approach to developing and achieving its objectives

  28. Context of the Organization Interested Parties Clause 3.2.3 Interested party Stakeholder; person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity Examples: Customers, end users, partners, employees, suppliers, regulators, governments

Recommend


More recommend