View
215
Download
1
Category
Preview:
Citation preview
Raimund Laqua, PMP, P.Eng. Founder, Chief Compliance Engineer ray.laqua@leancompliance.ca www.leancompliance.ca
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
MIDDLE MANAGEMENT
RISK MANAGEMENTMAP
RISK MANAGER OBJECTIVEQUALITY DEPARTMENT
1. BUSINESS IS RISKY AND UNCERTAIN
“It’s a dangerous business, Frodo, going out your door.
You step onto the road, and if you don't keep your feet,
there's no knowing where you might be swept off to.”
2. UNCERTAINTY CREATES THE OPPORTUNITY FOR RISK
“It simply isn’t an adventure worth telling if there are no dragons”
UNCERTAINTYALEATORY
Natural variability
MARGINS
Distributions
Having to do with chanceNo ability to predict outcome
EPISTEMIC
BUY DOWN
Lack of knowledge
Probabilistic events and outcomes
Having to do with knowledgeCan predict outcome
RISK
“effects of uncertainty on expected results”
- ISO 9001
“effects of uncertainty on objectives” - ISO 31000
“an uncertain event or condition that, if it occurs, has a positive or negative
effect on a project's objectives.” - PMI PMBOK
Cone of Uncertainty
Objective
3. NOT ALL RISKS MATTER
“All that glitters is not goldNot all that wander are lost”
4. RISKS THAT MATTER ARE CONNECTED TO
OUTCOMES
Firm Infrastructure
Human Resource Management
Technology
Procurement
Inbound Logistics
Operations Outbound Logistics
Marketing & Sales
Service
PRIMARY ACTIVITIES
SUPP
ORT
ACTI
VITI
ES
MARGIN
MARGIN
OUTCOMES DEFINE YOUR OBJECTIVES
Firm Infrastructure
Human Resource Management
Technology
Procurement
Inbound Logistics
Operations Outbound Logistics
Marketing & Sales
Service
PRIMARY ACTIVITIES
SUPP
ORT
ACTI
VITI
ES
MARGIN
MARGIN
Ethics & Compliance
Environmental
Safety
Quality
Inbound Logistics
Operations Outbound Logistics
Marketing & Sales
Service
PRIMARY ACTIVITIES
SUPP
ORT
ACTI
VITI
ES
RISK
RISK
COMPLIANCE MAKES SURE YOU ACHIEVE THEM
You cannot measure progress
You cannot improve
You are not certain of where you are heading
You are reactive
5. WITHOUT OBJECTIVES THERE
ARE NO RISKS
“It’s the job that’s never started that takes the
longest to finish.”
MIDDLE MANAGEMENT
ComplianceOutcomes
Non Conformance
ProactiveCompliance
ReactiveCompliance
Cost of Non-Conformance
ConformanceZone
ComplianceOutcomes
Non Conformance
ProactiveCompliance
ReactiveCompliance
Cost of Non-Conformance
Benefit of Outcomes
ConformanceZone
ComplianceOutcomes
Non Conformance
ProactiveCompliance
ReactiveCompliance
Cost of Non-Conformance
EFFECTIVE QUALITY
Moving beyond the conformance zone
creates the opportunity for benefits
Clear Objectives & GoalsCertain and AnticipatingFocusing on Root Cause
Plan TimelineAlways Ahead
Advancing OutcomesReturn on Investment
PROACTIVE
70% of companies do not measure the
effectiveness of their compliance programs
No Objectives & GoalsUncertain and SurprisedFocused on Symptoms
Forced TimelineAlways Behind
Non-ConformanceSunk Cost
REACTIVE
RISK #1
Risk management is a proactive activity that involves: setting objectives, anticipating, and acting
RISK #2
RISK #3
YOU NEED A STRATEGY
One does not simply walk into Mordor …Not with ten thousand men could you do this. It is folly.
Likelihood X Severity
OLD STRATEGIES BASED ON AN OLD MAP
EarlyRisk Management
1950 - 1960s
Modern Risk Management, self Protection, insurance
TraditionalRisk Management
1970 - 1990s
Increased focus on controls and compliance in the financial sectorTread-way commission on Fraudulent Financial Reporting (COSO)OSHA publishes 29CFR119 PSM – Hazardous chemicals
Enterprise Risk Management
2000 - 2010s
Sarbanes-Oxley ActCOSO publishes ERM Integrated frameworkISO publishes 31000 risk management standardRisk becomes part of Project ManagementISO publishes 9001:2015 ”risk-based thinking”ICH publishes Q9 Risk ManagementAPI publishes RP 1173 Pipeline Safety Management SystemCSA publishes PSM standard
LOSS PREVENTION
HISTORY OF DRAGON SLAYING (I.E. RISK MANAGEMENT)
RISK-BASED THINKING
is a mindset to proactively improve the certainty of achieving outcomesutilizing methodsthat consider threats and opportunities
NEW STRATEGIES BASED ON THE NEW MAP=
ISO 9001, ISO 31000, PMI PMBOK, ICH 9
OpportunitiesThreats
Outcome
Strategy
Uncertainty EpistemicAleatory
Margins Buy Down
Mission
Uncertainty creates the opportunity for risk
Risks that matter are connected to outcomes
Risk management is an optimization process
to increase the certainty of achieving outcomes
Business is risky and uncertain
Not all risks matter
Without objectives there are no risks
MIDDLE MANAGEMENT
IF YOU WANT TODEFEAT DRAGONS
YOU NEED TO TRAIN
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
MINDSET
METHODS
METHODOLOGY
HOW TO DEFEAT DRAGONS
AvoiderI don’t want
any risk
RISK INTOLERANT
OstrichI don’t want
to know
RISK TOLERANT
GamblerLet’s play the odds
RISK SEEKING
ManagerLet’s size up the risk and decide
RISK NEUTRAL
Dragon SlayerLet’s achieve our objective
RISK OPTIMIZER
LEARN TO BECOME A DRAGON SLAYER
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
RISK PROCESSBOWTIE ANALYSIS
SWOT ANALYSIS
1. Choose Objective
2. IdentifyRisks
3. OptimizeApproach
4. ImplementTactics
CAUSE & EFFECT
THREAT & OPPORTUNITY MATRIX RISK PLAN
COMPLIANCE MAP
LEARN TO SET GOALS AND MEASURE EFFECTIVENESS
Manage Obligations
RISK #4
RISK PROCESSBOWTIE ANALYSIS
SWOT ANALYSIS
1. Choose Objective
2. IdentifyRisks
3. OptimizeApproach
4. ImplementTactics
CAUSE & EFFECT
THREAT & OPPORTUNITY MATRIX RISK PLAN
COMPLIANCE MAP
LEARN WHERE DRAGONS LIVE
• EXTRINSIC – risks that are external to the process.
• INTRINSIC – risks that are inherent in the process
• EMERGING – risks that arise because of changing conditions, behaviours, or capability
INTRINSIC
EXTRINSIC
EMERGING
BLACK SWANMASLOWBIASES COMPLEXITIES
BLIND SPOTS PRIORITIES PREDICTION CAUSE AND EFFECT
LEARN TO SEE DRAGONS
Customer Focus
Leadership
Engagement of People
Process Approach
Improvement
Evidence Based Decision Making
Relationship Management
Layers of Defense
Latent or Active Failures
Threats
Impacts
Avoided
Avoided
LEARN TO HUNT DRAGONS ON THE MOVE
Customer Focus
Leadership
Engagement of People
Process Approach
Improvement
Evidence Based Decision Making
Relationship Management
Layers of Defense
Latent or Active Failures
Threats
Impacts
Avoided
Avoided
LEARN TO HUNT DRAGONS ON THE MOVE
Customer Focus
Leadership
Engagement of People
Process Approach
Improvement
Evidence Based Decision Making
Relationship Management
Layers of Defense
Latent or Active Failures
Threats
Impacts
Avoided
Avoided
LEARN TO HUNT DRAGONS ON THE MOVE
Customer Focus
Leadership
Engagement of People
Process Approach
Improvement
Evidence Based Decision Making
Relationship Management
Layers of Defense
Latent or Active Failures
Threats
Impacts
Avoided
LEARN TO HUNT DRAGONS ON THE MOVE
LEARN HOW DRAGONS AFFECT MISSION SUCCESS
THREAT 3 THREAT 2 THREAT 1
OPPORTUNITY 3 OPPORTUNITY 2 OPPORTUNITY 1
Cause 3
Cause 4
Cause 1
Cause 2Cause 6
Cause 5
Cause 9
Cause 10
Cause 7
Cause 8
Cause 11
Cause 12
EFFECTS ON BUSINESS
THREAT 3 THREAT 2 THREAT 1
OPPORTUNITY 3 OPPORTUNITY 2 OPPORTUNITY 1
Cause 3
Cause 4
Cause 1
Cause 2Cause 6
Cause 5
Cause 9
Cause 10
Cause 7
Cause 8
Cause 11
Cause 12
EFFECTS ON COMPLIANCE
LEARN HOW DRAGONS AFFECT MISSION SUCCESS
STRENGTHS1• Competitive products• Skilled workforce• Learning culture
OPPORTUNITIES4• New product introduction• Supplier qualification project• Strategic initiatives
WEAKNESSES2• Unclear goals and objectives• Corrective actions take to long
to resolve• Too much waste in processes
THREATS3• Price competition• Lack of trust• Increased non-conformances• Excessive costs
NEGATIVE
POSITIVE
LEARN TO STRENGTHEN YOUR ABILITY TO FIGHT DRAGONS
RISK PROCESSBOWTIE ANALYSIS
SWOT ANALYSIS
1. Choose Objective
2. IdentifyRisks
3. OptimizeApproach
4. ImplementTactics
CAUSE & EFFECT
THREAT & OPPORTUNITY MATRIX RISK PLAN
COMPLIANCE MAP
LEARN TO PRIORITIZE THREATS AND OPPORTUNITIES
Risk Event
Causes Prevention Controls
Work
GetTo
WorkConsequencesRecovery Controls
Falling in Hole
T1 -Hole in
Pavement
Walking
Distracted
Cuts and Bruises
Broken Bones
Fatality
OPTIMIZATION COMPLETECOMPLETECOMPLETE
APPETITE: ATTITUDE: TOLERANCE:HIGH MEDIUM TOTALRESIDUAL RISK: MEDIUM
ParkingLot
Running
THREAT
ObjectiveMET
THREATS
LEARN TO OPTIMIZE YOUR APPROACH
Risk Event
Causes Enable Controls
RetireConsequencesExploit Controls
Objective
Increase InDisposable
Income
Disposable Income
Buy LotteryTicket
Gamble
RetireAt 55
Bankrupt
OPTIMIZATION COMPLETECOMPLETECOMPLETE
APPETITE: ATTITUDE: TOLERANCE:MEDIUM LOW TOTALRESIDUAL RISK: LOW
Work
MET
Retire at 65
OPPORTUNITYSpend
More
Get a Higher
Paying Job
Go Back to School SpendInvest Gamble
OPPORTUNITIES
LEARN TO OPTIMIZE YOUR APPROACH
RISK PROCESSBOWTIE ANALYSIS
SWOT ANALYSIS
1. Choose Objective
2. IdentifyRisks
3. OptimizeApproach
4. ImplementTactics
CAUSE & EFFECT
THREAT & OPPORTUNITY MATRIX RISK PLAN
COMPLIANCE MAP
Objective: Getting to Work APPETITE: ATTITUDE: TOLERANCE:HIGH MEDIUMTOTAL
RESIDUAL RISK: MEDIUM
# RISK OWNER
INITIALLEVEL OF
RISK
TREATED LEVEL OF
RISKQUALIFIED RISK PREVENTION RECOVERY
R1 John LOW LOW As a result of walking on the path, falling in the hole may occur, leading to cuts and bruises Pylon, sign, e-mail First aid
R2 John MEDIUM LOW As a result of walking on the path, falling in the hole may occur, leading to broken bones Pylon, sign, e-mail First aid, hospital
R3 Mary HIGH LOW As a result of walking on the path, falling in the hole may occur, leading to a fatality Pylon, sign, e-mail
R4 John LOW LOW As a result of running on the path, falling in the hole may occur, leading to cuts and bruises Pylon, sign, e-mail First aid
R5 John MEDIUM LOW As a result of running on the path, falling in the hole may occur, leading to broken bones Pylon, sign, e-mail First aid, hospital
R6 Mary HIGH HIGH As a result of running on the path, falling in the hole may occur, leading to a fatality Pylon, sign, e-mail
R7 John LOW LOW As a result of distracted walking path, falling in the hole may occur, leading to cuts and bruise Pylon, sign, e-mail First aid
R8 John MEDIUM LOW As a result of of distracted walking on the path, falling in the hole may occur, leading to broken bones Pylon, sign, e-mail First aid, hospital
R9 Mary HIGH HIGH As a result of of distracted walking on the path, falling in the hole may occur, leading to a fatality Pylon, sign, e-mail None
LEARN TO CREATE YOUR PLAN OF ATTACK
INITIATIONCapture preliminary risk data
RISK EVALUATIONConduct risk evaluation and determine treatments
RISK RESPONSEImplement risk response plan
RISK ANALYSISConduct risk assessment
APPROVALSApprove risk response plan
MONITOR RISKActivate risk watches and controlsMonitor risk treatmentsEvaluate residual risk
INITIATION MONITOR RISK
RISK ANALYSIS
RISK EVALUATION APPROVALS RISK
RESPONSE
CLOSE-OUTCapture lessons learnedUpdate documents and records.
CLOSE RISK
LEARN TO EXECUTE SUCCESSFULLY
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
RISK-BASED THINKING
is a mindset to proactively improve the certainty of achieving outcomesutilizing methodsthat consider threats and opportunities
NEW STRATEGIES BASED ON THE NEW MAP=
MIDDLE MANAGEMENT
DO YOU WANT TO BE MORE CERTAIN OF ACHIEVING YOUR
OUTCOMES?
The Proactive Certainty Program™
This program helps you use proactive
strategies to improve the certainty
of achieving your compliance outcomes
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
90 MINUTE – NO COSTCOMPLIANCE MAPPING SESSION
During this hands-on, working session, we help you assess your current situation and identify areas to quickly improve your
compliance.
Raimund Laqua, PMP, P.Eng. Founder, Chief Compliance Engineer ray.laqua@leancompliance.ca www.leancompliance.ca
Copyright, © 2018, Lean Compliance Consulting, Inc.—All rights reserved
Recommended