Professional Documents
Culture Documents
This sentiment is even more prevalent with advances in Industry 4.0, Industrial Internet of Things,
arti cial intelligence, machine learning, robotics, and other automation technologies already rapidly
approaching the manufacturing landscape, and subsequently the management of risk in the
manufacturing environment.
“This is part of a natural progression most organizations experience when it comes to quality
management. Strategies and technologies that once worked—and, indeed, do continue to function as a
bare minimum—need to be updated or sometimes overhauled or replaced in order to improve performance
and accelerate competitiveness. This is particularly true when it comes to risk management, which, as
global manufacturing leaders know, needs to be embedded into quality management approaches.”
A key to any discussion of developing, let alone embedding, an approach to risk management is
understanding the differences and similarities of implicit versus explicit risk management.
The implicit approach “might involve evaluating existing quality processes, for example, prioritizing
CAPAs based on how they will impact an organization’s risk pro le, or auditing suppliers and facilities on a
case-by-case basis based on risk factors. It can be thought of as more of a tactical approach, and differs
from a more overt or strategic approach.”
In an explicit approach, “organizations assess all areas of the enterprise proactively and build a clear,
bottom up risk framework replete with a comprehensive risk register that accounts for the robustness or
lack thereof in quality processes, and proceed to apply it strategically across the entire organization.”
As is common with just about everything, taking from column A and from column B will result in not only
an acceptable risk program, but also an accurate, encompassing one, covering the tactical as well as the
strategic. The relationship between quality and risk presents itself in three key areas: corrective and
preventative actions, audit management, and supplier quality management.
“When Operational Risk Management (ORM) is linked with or embedded into EQMS, the risk assessment
approach bene ts from accumulated information generated through the identi cation of hazards and
adverse events, which in turn improves our capabilities when it comes to quantifying, prioritizing, and
migrating risk.
“When EQMS and ORM systems intertwine, we can eventually begin to prioritize our work ow based on
CAPAs. For example, risk matrices can be informed by the number of open CAPAs, which point to areas of
business activity that become ‘riskier’ business activities by virtue of the fact they are associated with open
CAPAs. As these two elements begin to ‘speak’ to one another, we ultimately make risk management and
quality management more effective.”
Audit Management
Assessing risk and preparing and performing an audit should be a give-and-take process, or two-way
street, as well.
“As we establish audit criteria, we can leverage data acquired in historical and ongoing risk assessments.
And risk assessments, likewise, are also be informed by the criteria we have established to conduct audits.”
For instance, “as discussed with CAPAs, we see how a risk matrix can be informed by metrics associated
with audit performance, audits complete/incomplete, as well as audit frequency, just as risk factors can
feed back into audit management, inviting us to, perhaps, audit certain performance factors on a higher
frequency, more intensive basis based on risk, and others on a lower frequency, less rigorous basis.”
“Quality, risk and sustainability need to be more tightly integrated, across the enterprise and its entire
supply chain. Functionally, this asks manufacturing leaders to boost their ability to evaluate and monitor
suppliers on an ongoing basis according to quality, supply chain, and operational risk factors.
“Organizations need the ability to rank both supplier quality management and supplier relationship
management according to—above and beyond quality—risk-based metrics that can actually be
accumulated through the right analytical tools. However, this means linking these interrelated tools across
the enterprise.”
“Quality management data is too valuable to be left in silos, especially in the manufacturing environment,
and in turn risk management data is too valuable to be isolated from quality management frameworks.
Only the right processes and technology—supported by an organizational culture that views quality and
risk as pervasive corporate matters—will enable an organization to manage quality effectively from a risk-
based perspective.”