The Effects

Of Uncertainty
Oscar Combs
 The Effects Of Uncertainty

The Effects Of Uncertainty

ISO 9001:2015, clause 6.1 requires an organization to identify its risks and take actions to address
identified risks. It is very tempting to start with a huge list of potential risks for the organization, but
is the organization focusing on the actual risks that have an effect on their operations? To perform
an effective risk assessment, an organization must first identify the uncertainty in its processes.
Once the uncertainties are identified, then mitigation controls can be targeted at the effects of the
identified uncertainty. Failure to identify the uncertainty first could lead to flawed risk identification
and non-value-added risk mitigation controls. The approach defined in this article will lead to more
effective and meaningful risk identification and mitigation. How does an organization identify its
uncertainties?

What is Uncertainty?

Before we go any further, there are two definitions that I must define to put this concept in
perspective. These terms are uncertainty and risks. Uncertainty is defined as, “something that is
uncertain or that causes one to feel uncertain”. Risk is defined as, “the effects of uncertainty”. Now
that these two terms have been identified, its clear why an organization must start with defining the
uncertainty within its processes, before attempting to identify its risks or the effects of that
uncertainty. An organization that doesn’t start with identifying uncertainty, will define false risks and
miss actual risks that are actually having an effect on their organization. There is uncertainty in all
organizational processes. The effect of this uncertainty is what plagues the organization and its
interested parties, so we must identify the uncertainty first.

Identifying Uncertainty Then Effects

The identification of uncertainty first, is critical to effective risk identification. Here is a simple
example, to explain the importance of identifying the uncertainty first. Let’s say an employee
identifies the risk of being late to work, but doesn’t start with identifying the uncertainties involved
with the risk of being late to work. Some uncertainties of being late to work may include: traffic,
mechanical issues, weather, running out of gas, getting into an accident and many other
uncertainties. The effect of any one of these uncertainties, could result in the risk of the employee
being late to work. Each of the uncertainties of being late, will require its own risk mitigation to
address the effect of being late to work. The employee may have put a risk mitigation in place for
traffic, but failed to think about getting into an accident; therefore, the risk of being late to work, may
not be effectively mitigated. If the employee identifies all of the uncertainties first and then develops
risk mitigation and contingencies for each uncertainty, the employee will drastically reduce the
probability and the effect of being late for work. Let’s apply this concept to an organizational
process.

Mitigating Effects of Uncertainty

Here is an example of an uncertainty that can impact every organization. Consider the uncertainty
involved in the employee hiring process. There are many effects of uncertainty or risks involved in
this process, which can have an effect. As explained above, the organization should first start with
identifying the uncertainties and then identifying the effects of the uncertainties or risks. Here are a
couple of uncertainties involved with the employee hiring process.
 The Effects Of Uncertainty

1. Candidate may not fit organizational culture

2. Candidate may not be qualified
The effect of these uncertainties or risk, is that the organization may not hire the right candidate, but
the organization can’t start with the risk, the organization must start with identifying the
uncertainties, to reduce the probability and effect of the risk on the organization. If the organization
simply starts with the risk, it may fail to put risk mitigations or contingencies in place, to address the
effects of the uncertainties listed above. For example, what if the organization simply attempts to
mitigate the risk by having candidates complete an application and go through an interview? This
mitigation control may help reduce the probability and effects of the risk, but there are many
organizations that hire candidates using these controls and employee don’t fit their culture and are
not qualified. This is because the risk mitigation was focused on the risk and not the uncertainty. To
address the uncertainty of the candidate not fitting the organizational culture, the organization may
conduct a committee interview or have the candidate take a personality test. To address the
uncertainty of the candidate not being qualified, the organization may call references and request
proof of credentials. Both of these risk mitigations, would go a bit further than the application and
interview controls. Once the uncertainties and their effects are identified, the organization is now in
a position to identify effective risk mitigations, which will target the effects of uncertainties, as
opposed to a list of risks.

Conclusion

In conclusion, risk mitigation is more than simply writing a random list of risks. An organization must
first identify the uncertainties within its processes. Once the uncertainties are identified, the
organization must then identify the effects of the uncertainties. These are the risks that will and
most likely are having an effect on the organization. Focusing on the uncertainties and their effects
will allow an organization to implement a more robust and proactive risk mitigation program.

About the Author

Oscar Combs, Senior Consultant of The ISO 9001 Group, a management

consulting, auditing and training firm based in Houston, Texas. Oscar has over
23 years of experience working with management systems. Oscar has worked
with clients throughout North America, South America, Europe, The Middle
East, Asia and Africa helping companies manage risk and improve their
business operations. Oscar holds an MBA from the University of Houston. He
is certified by Exemplar Global as a Principal Management Consultant and Lead
Auditor. Oscar is also a Senior Member of the American Society for Quality and
has served as the Programs Committee Chair for ASQ’s Houston Chapter 1405.
SoftExpert EQM is the most comprehensive enterprise quality management software (EQMS). It helps
companies to achieve and maintain ISO 9001 certification through automated, highly interactive quality
processes tailored to an organization’s specific products, operations and business practices.

Process mapping Document Control

As a modular and scalable solution platform, SoftExpert Quality Management Software seamlessly integrates
all key quality initiatives, including process mapping, documented information (SOP – standard operating
procedures, work instructions and records), non-conformance reports (NCR/NCMR), corrective/preventive
actions (CAPA), quality indicators (KPIs). The solution also manages supplier relations, customer complaints,
quality audits, competence and training, quality risks and controls, quality inspection and statistical process
control, increasing QMS agility and robustness.

Quality tools Statistical process control

With SoftExpert EQMS, companies can comply with multiple regulations and standards, including ISO
9001:2015, FDA, ICH, and EU. The solution easily manages, tracks and reports all quality metrics in real-time,
streamlining informed decisions. It allows companies to coordinate and drive business activities, meet
customer and regulatory requirements and improve their effectiveness and efficiency on a continual basis.

Risk Management Audit Management

Learn More at:

https://www.softexpert.com/solucao/enterprise-quality-management-eqm/
 Manage business process change with checklists
About SoftExpert
SoftExpert is a market leader in software and services for enterprise-wide business process
improvement and compliance management, providing the most comprehensive application suite to
empower organizations to increase business performance at all levels and to maximize industry-
mandated compliance and corporate governance programs.
Founded in 1995 and currently with more than 2,000 customers and 300,000 users worldwide,
SoftExpert solutions are used by leading corporations in all kinds of industries, including
manufacturing, automotive, life sciences, food and beverage, mining and metals, oil and gas, high-
tech and IT, energy and utilities, government and public sector, financial services, transportation and
logistics, and healthcare.
SoftExpert, along with its extensive network of international partners, provides hosting,
implementation, post-sales support and validation services for all solutions to ensure that
customers get the maximum value from their investments.

SoftExpert Excellence Suite

The Roadmap for Business Excellence and Enterprise Compliance

More information: www.softexpert.com | sales@softexpert.com

Disclaimer: The content of this publication may not, in whole or in part, be copied or reproduced without prior authorization from SoftExpert Software. This
publication is provided by SoftExpert and/or its network of affiliates strictly for informational purposes, without any guarantee of any kind. The only guarantees
related to SoftExpert products and services are those contained within a contract. Some product functionalities and characteristics presented herein may be
optional or may depend on the makeup of the offer(s) acquired. The content of this material is subject to change without prior notice.