integrated quality and risk management
DESCRIPTION
Presentation given by Dr. Rune Moen from DNV at the annual conference of the Norwegian Society for Quality and Risk Management. The presentation focuses on how to integrate Quality and Risk Management, and how to make the integrated management system operational.TRANSCRIPT
QM & RM – making it work together
Kvalitetsdagene 2012
© Det Norske Veritas AS. All rights reserved. 2
Det Norske Veritas (DNV)
identify assessmanage
risk
© Det Norske Veritas AS. All rights reserved.
Who am I?
3
Rune M. MoenSenior Principal ConsultantDet Norske Veritas
Tel.: +47 95 14 92 21Mail: [email protected]
� Ph.D. within Quality Management
� 20 years consultant and line manager experience from Norway, Germany and the Netherlands
� Competence within Strategy and Organisational development, Risk Management, Quality and Process Improvement
� PMP certified project manager for several large projects within- Risk Based Management System development- Independent quality assurance of large investment projects
© Det Norske Veritas AS. All rights reserved.
Objectives of this session
How to combine Risk Management and Quality Management principles and systems to improve corporate governance
How to understand and create barriers to reduce risks and improve process performance
4
How to make this work in day-to-day business
© Det Norske Veritas AS. All rights reserved.
Reality for some – can it be you?
December 15, 2004 - Planemaker Airbus's A380 superjumbo project is running 1.45 billion euros ($1.93 billion) over budget because of work to improve theefficiency and weight of the aircraft, the co-head of parentcompany EADS said. Total costs for the mammothdoubledecker are currently estimated at over 12 billion euros.
5
© Det Norske Veritas AS. All rights reserved.
How to ensure quality?
6
Management processes
After salesPurchasing ProductionDevelopment Storage Sales Distribution
Support processes
Concequence
Like
lihoo
d Priorities
© Det Norske Veritas AS. All rights reserved.
Good corporate management - planning ahead
Objectives
Decisions
Processes
Results
Risk ManagementQuality Management
Threats &opportunities
7
© Det Norske Veritas AS. All rights reserved.
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
Five steps to good Corporate
Management
8
© Det Norske Veritas AS. All rights reserved. 9
External sources of Risk
Rules &
regulations
New laws
Liability
Audit
Morals
Ethics
Reporting
ResponsibilityClients
& MarketCustomer loyalty
Trust
Margins
New products
Competition
Market share
Profitability
Brand
Pricing
Contracts
Competition
Suppliers
& Partners
Loyalty
Trust
Exchange of information
Conflict of interest
Hidden agenda
© Det Norske Veritas AS. All rights reserved.
Internal process Risks
10
Process 1
Probability
Consequences
Risks Potential causes FIN REP HSE
Risk 1
Risk 2
…….
Processes Description Process Owner
Process 1
Process 2
Process 3
…….
Risk = Threats & Opportunities
© Det Norske Veritas AS. All rights reserved.
Lack of facility maintenance
� injuries
Key supplier go bankrupt
� Delay in production
Budget reduction
� reduced service quality
Customer expectations unclear
� Customer complaints
Tight labour market
� lack of competence
Inadequate management system
� Unclear roles and responsibilities
Management&
Control
Processes &
Activities
Unstable IT systems
� Loss of critical data
Risk radar
11
© Det Norske Veritas AS. All rights reserved.
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
Five steps to good Corporate
Management
12
© Det Norske Veritas AS. All rights reserved.
Risk analysis and follow-up
13
Risks assessed against business objectives
© Det Norske Veritas AS. All rights reserved.
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
Five steps to good Corporate
Management
14
© Det Norske Veritas AS. All rights reserved.
Prioritisation and treatment strategy
Treat
• Preventive measures reduce the likelihood of the event
• Corrective measures reduce consequence of the event
Transfer
• Contract• Insurance
Terminate
• Eliminate risk by stopping activity• Avoid operations within an area
Tolerate
• Accept risk• Continue like before no change
to activitiesH
igh
Med
ium
Low
Low Medium High
CONSEQUENCE
LIK
EL
IHO
OD
R5 R36
R36R36
Corrective � Consequence reducing
R5
Preventive � Likelihood reducing
15
© Det Norske Veritas AS. All rights reserved.
Effect
Understand what to manage
16
Causes
ImmediateCauses
Underlyingcauses
Immediate Effect
FinalEffect
TopEvent
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
OBJECTIVE
PLAN
ACT DO
CHECK
IMPLEMENTATION
© Det Norske Veritas AS. All rights reserved. 1717
Elements in a well functioning risk framework
Risk Policy(strategy, goals, acceptance)
Risk structure(roles, mandates, responsibilities)
Risk approach(identify, analyse, evaluate, treat1)
Supports System - Tools
Risk reporting and communication
Culture, skills and competencies
1) Ref. ISO standard 31000
© Det Norske Veritas AS. All rights reserved. 18
How to make the framework operational
© Det Norske Veritas AS. All rights reserved.
Spreadsheets versus ERM software?
� …Spreadsheets can only take us so far! � Simultaneous data entry
� Automated e-mail notifications
� Reports with history and statistics
� Accountability and traceability
� Role-based
� Handles complex information relationship
19
© Det Norske Veritas AS. All rights reserved. 20
Sample interface - EasyRisk Manager™
© Det Norske Veritas AS. All rights reserved.
Success factors
21
� Proportionate� Aligned� Comprehensive� Embedded� Dynamic
© Det Norske Veritas AS. All rights reserved.
Safeguarding life, property and the environment
www.dnv.com
22