CONFIDENTIAL:  This document contains information that is confidential and proprietary to EtQ, Inc.   Disclosure, copying, distribution or use without the express permission of EtQ is prohibited. Copyright  2013 EtQ, Inc.  All rights reserved.

Hacking Risk Management

Glen Fraser

3 Ways to Easily Build Risk into Your Processes

Vewww.versesolutions.com

Agenda

New focus on RiskWhy Risk can be a challengeWays to measure RiskHow to get started – 3 ways

Vewww.versesolutions.com

New focus on Risk

ISO 9001:2015A good deal of risk 

management principles

Vewww.versesolutions.com

Increasing Rate of Change…

Vewww.versesolutions.com

More complex organizations

More intense competition

Companies need to maintain compliance AND keep up! 

Increasing Complexity…

Vewww.versesolutions.com

Brings changes to the standards 

Compliance keeps up with change

Compliance objectives are changing

Vewww.versesolutions.com

Risk Management Process

Risk Management is a broad standard (ISO 31000)R

isk

Ana

lysi

s Identify all relevant risks (e.g., hazard analysis)

Quantify the risk (e.g., probability and severity)

Implement a processUse objective and proven tools

Accept (worth it), reduce (mitigate), compensate (insure), transfer (partner), avoid (stop)

Change management to introduce or improve controls

Vewww.versesolutions.com

Why Risk can be a challenge

Lack of common understanding / termsFrom “A Transformational Approach to Safety Risk Management” Bob Dodd, Aloft

Vewww.versesolutions.com

Why Risk can be a challenge

Lack of common understanding / termsToo much focus on Process, when Content is Key

From “A Transformational Approach to Safety Risk Management” Bob Dodd, Aloft

Vewww.versesolutions.com

Why Risk can be a challenge

Lack of common understanding / termsToo much focus on Process, when Content is KeyUnderstand the Limitations of the Process

– People are not good at assessing risk We don't expect the unexpected We reconstruct instead of replay We see patterns in random events We confuse understanding with knowledge We group think

– Prediction is hard (experts are no better)– Dealing with very small sample sets (single occurrence)

From “A Transformational Approach to Safety Risk Management” Bob Dodd, Aloft

Vewww.versesolutions.com

Why Risk can be a challenge

Lack of common understanding / termsToo much focus on Process, when Content is KeyUnderstand the Limitations of the Process

From “A Transformational Approach to Safety Risk Management” Bob Dodd, Aloft

Vewww.versesolutions.com

Thinking fast and Slow by Daniel Kahneman

Future Babble: Why Expert Predictions Fail ‐ and Why We Believe Them Anyway    by Daniel Gardner

Risk: The Science and Politics of Fear by Daniel Gardner

Why Risk can be a challenge

Vewww.versesolutions.com

Ways to Measure Risk (only a sample)

Decision TreeRisk MatrixHACCPRisk SurveyFailure Modes and Effects AnalysisBowtieRisk Register

Vewww.versesolutions.com

Risk Assessment is the Core Methodology

Vewww.versesolutions.com

Decision Trees

Easy to integrate with everyday processes

Vewww.versesolutions.com

Risk Matrix

Quick, easy, colorful Quantifies the risk level using tested assumptions

Vewww.versesolutions.com

Hazard Analysis (HACCP)

Step Hazard Preventive Measures

GMP/SSOP Risk Assessment CCP

3.1 B:C:P:

BiologicalChemicalPathogens

Steps taken to mitigate hazard

Standard Procedures related GMP

Q1 Q2 Q3 Q4 No‐‐

3.2 B:C:P:

BiologicalChemicalPathogens

Steps taken to mitigate hazard

Standard Procedures related GMP

Q1 Q2 Q3 Q4 No‐‐

3.3 B:C:P:

BiologicalChemicalPathogens

Steps taken to mitigate hazard

Standard Procedures related GMP

Q1 Q2 Q3 Q4 YesYesYes

Preventive approach to safety

Vewww.versesolutions.com

Risk Survey

Survey for ranking known, identifying new risks

Vewww.versesolutions.com

Failure Modes and Effect Analysis

For design of products and processes

Vewww.versesolutions.com

Undesired Event

(Hazard)

Threat

Threat

Threat

Preventive Controls

Preventive Controls

Preventive Controls

Recovery Controls

Recovery Controls

Recovery Controls

Consequence

Consequence

Consequence

Frequency Likelihood Likelihood Severity

Bowtie Model

For low-occurrence events that are catastrophic

Vewww.versesolutions.com

Where to Assess (Operational) Risk

Vewww.versesolutions.com

Risk Register

Monitors risk levels over time– Library of hazards (typically know for each industry)– Collects risk assessment data from many processes– Provides visibility into critical events and data for trend reporting

Risk Register

Vewww.versesolutions.com

Risk Register is the New Center

Vewww.versesolutions.com

Ways to Measure Risk

Risk Technology is NOT automatic– Tools support decision‐making process, but people (experts) make the final decision

– Use a Risk Team to increase visibility and education

Vewww.versesolutions.com

Getting started

Define standard meanings and termsUse an appropriate assessment tool–Vet your risk assessment methods using historical examples to ensure accurate results

Build your Risk Library (Register)

Vewww.versesolutions.com

Thank You!  Questions?

Glen Fraser: gfraser@versesolutions.comContact Us: info@versesolutions.com