Risk Management Essential in Today’s Economy

Sandford Quality ConsultingSlide 110/16/06

Risk Management Essential in Today’s Economy

Sandford Liebesman. Ph.D.Sandford Quality Consulting, LLC

Chair of the Electronics & Communications Division973-898-0082

[email protected]://www.asq.org/communities/sox


Electronics & Communications Division

• Five Technical Committees– Sarbanes-Oxley (SOX)/Linking Management Systems

• Includes Risk Management– Nano Technology– Restriction of Hazardous Substances (RoHS)– Electronics– Communications


Risk ManagementOutline

• Introduction to Risk

• Operational Risks

• Risk Analysis Methodology

• Case Study

• Conclusions


Types of Risk

• Strategic– Achievement of high level goals

• Organizational– Entity Level

– Activity Level

• Compliance– Follow Legal and regulatory requirements

• Operational– Efficient use of resources






• Case Study

• Conclusions


Key Operational Risk Categories

• Risk of ineffective management systems • Customer Satisfaction Risks• Supply Chain Risks • Revenue Recognition Risks • Information Security Risks • Environmental Risks • Logistics Risks• Risk from Natural Disasters


Risk of ineffective management systems

• Poor Management Practices• Poor HR practices• Lack of effective management tools• Data Processing errors• Ineffective call centers• Poor Marketing Strategies• Poor contract administration• Customer communication issues• Design & Development Problems


Customer Satisfaction Risk

• Communication

• Delivery problems

• Product quality

• Design problems

• Repair problems

• Accurate Customer Feedback


Supply Chain Risk

• Communication• Outsourcing large portion of products• Ineffective Supplier Management• Sole supplier• Delivery Problems • Poor received quality• Over stocking the inventory• Under stocking the inventory• Design problems• Documentation errors


Revenue Recognition Risks

• Accounts Payable problems

• Accounts Receivable problems

• Revenues recorded before delivery

• Quotation to cash errors

• Spreadsheet errors

• Out-of-date or Incomplete Pricing Information


Information Security Risks

• Viruses

• Unsecured files

• Inaccurate financial records and reporting

• Poor change control

• Information retrieval errors


Environmental Risks

• Significant environmental aspects (ISO 14001)

– And associated operations & activities

• Significant Risks– Toxic Liquid spills

– Gaseous emissions

– Solid waste • Monitor & Measurement

• Evaluation of Compliance using ISO 14001


Logistics Risks

• Transportation of raw materials

• Transportation of completed products

• Damaged shipped products

• Under stocking of inventory

• Homeland security Logistics risks


Risk from Natural Disasters

• Fires

• Floods

• Earthquakes

• Destructive Storms

• Contamination

• Epidemics






• Case Study

• Conclusions


Risk Analysis

• Effective Risk Analysis requires:– Identification of the Organization’s Risk Appetite &

Tolerance– Predefinition of objectives.– Compatibility of objectives.– Identification of risks to achieving objectives.– Judgment of which risks are critical.– Determination of actions to mitigate risks.


Determine the Risk Appetite & Risk Tolerance

• Top Management and Board responsibility– Align risk appetite with the organization’s strategy

• Risk appetite is the amount of risk, on a broad level, an entity is willing to accept.

• Risk tolerance relates to the entity’s specific objectives. It is the amount of variation relative to specific objectives that an entity is willing to accept.


Tools for Managing Risk

• Risk Level Estimator Matrix

• ISO 9001 Improvement Process

• Failure Modes and Effects Analysis (FMEA)

• Controls


Risk Level Estimator MatrixConsequences

HHMLLE (Rare)

EHMLLD (Unlikely)

EEHMLC (Possible)

EEHHMB (Likely)

EEEHHA (Almost certain)

54321Likelihood

CatastrophicMajorModerateMinorInsignificant

Low Risk – Manage by routine process → FileL

Moderate Risk – Manage by specific monitoring or response → EmailM

High Risk – Management responsibility should be specified →H

Extreme Risk – Immediate action; senior management involved →E


ISO 9001 Improvement Process• Improve the effectiveness of the QMS Through use of the

Improvement loop– Quality Policy

– Quality management system planning

– Quality objectives

– Audit results

– Analysis of data

– Corrective and preventive actions

– Management review

• Repeat the “Loop” on a continual basis


Failure mode and effects analysis• FMEA is a method that examines potential failures in products or

processes. • Helps select remedial actions that reduce risks from a systems failure• Starts with a description of the parts of a system• List the consequences if each part fails and evaluate

• Severity (S), • Likelihood of occurrence (O),• Inability of controls to detect failures (D)

• Identify actions which could eliminate or reduce the occurrence, or improve detectability,

• Track changes to processes and products which are incorporated to avoid potential failures.


Financial Risks and Controls

• A control is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements

– Financial controls are prepared in accordance with general accepted accounting principles (GAAP)

– Assurance that transactions are recorded

– Accurate maintenance of records

– Prevention or timely detection of unauthorized acquisition or disposition of assets

– Quality Controls are built around quality records and decision points






• Case Study

• Conclusions


Case StudyRisk Management at a Teaching Hospital

• Provided by the Juran Institute

• Reducing Risk of Patient Harm from Falling

• Two Major Types of Risk– Operational Risk– Compliance Risk


Operational Risk• Lack of Sufficient Protocols to prevent

unacceptable number of patient falls– Major contributor of patient length of stay (LOS)– Minimize LOS in order to control costs– Used the Morse Falls Scale to measure the risk of

patient falling


Morse Fall ScaleVariables Numeric Values

Score

1. History of falling No 0Yes 25

_______

2. Secondary diagnosis No 0Yes 15

_______

3. Ambulatory aid None/bed rest/nurse assist Crutches/cane/walker Furniture

0 15 30

_______

4. IV or IV Access No 0Yes 20

_______

5. Gait Normal/bed rest/wheelchair Weak Impaired

0 10 20

_______

6. Mental status Oriented to own ability Overestimates or forgets limitations

0 15

_______


Fall Risk Level Action Tool

Risk Level Morse Fall Scale Score

Action

Low Risk 0-24 Low Risk Prevention

Medium Risk 25-44 Medium Risk Prevention

High Risk 45 and Higher High Risk Prevention


Compliance Risk

• Loss of Compliance to the JCAHO National Safety Goals for Hospital related Patient Falls– JCAHO: Joint Commission on Accreditation of

Healthcare Organizations






• Case Study

• Conclusions


Risk AssessmentConclusions/Actions Needed

• Risks are obstacles that impede progress toward achieving objectives

• Risk levels are measured by combining the likelihood of an event with its consequences

• Organizations need to determine their “risk appetite” and “risk tolerance”

• Controls should be selected using a “top down, risk based approach.”


• Article in Quality Progress

– Sandford Liebesman, “How to Manage Risk in a Global Economy,” Quality Progress, March 2008, 58-60.

• Case Studies: I’m still looking for Risk based case studies for my book.

Documents

Risk Management Essential in Today’s Economy