Vous êtes sur la page 1sur 17

Guidebook:

Risk Management
Table of Contents
Chapter 1: Identifying & Managing Risks
Utilizing the Cloud for Quality Management Software Solutions......................................................4
6 Traits of a Reliable Cloud-Based Quality Management System.....................................................6

Chapter 2: Risk Management Across All Industries


4 Benefits of Audit Management through the Cloud.............................................................................9
Ditching the Manual Auditing and Corrective Action Processes......................................................11

Chapter 3: Fun Takes


Quick Guide to the Benefits of Automated Quality Management....................................................14
How QMS Software Improves Visibility & Why it Matters...................................................................16

Guidebook: General Quality 2


Chapter 1:
Identifying & Managing Risks

Guidebook: General Quality


Do You Know What Your Risks Are? Heres
How to Find Out
Detecting risk is a crucial part of compliance
management. Companies, regardless of practice, need
to manage and track their quality processes, always.
With a flexible quality and compliance risk assessment
system, nuances and nonconformances can be detected
early on.

Risk tools provide the framework for handling adverse


events in a systemic way. This is a vital part of any
Quality and Compliance Management System. Such
systems practice the overall control of risk instead
of just detecting threats and letting them run. They
are able to stop it at the root of the cause and provide detailed and necessary
adjustments to mitigate the event and its trends.

We have compiled the results of our Risk Tracker tool into this blog post. In this
system, the administrator will log the event details such as the nature of the adverse
event they are experiencing and what the potential impact is on their business. From
there, the risk category will be determined and the probability and severity will be
entered which will lead to the outcome or result.

Risk Assessment lets the user see which event should be assigned a corrective and
preventive action. It ensures that critical events wont get lost amongst minor issues.
As a risk tool is able to filter events from the critical and non-critical it is also able to
distinguish the difference between the two. Some of the results that have been logged
in the VERSE Risk Tracker already have distinguished that some organizations may in
fact benefit from a risk tool, or a risk-based solution.

Risk Assessment is decided in total by a combination of factors defined by the


category of risk, the probability of it occurring and the severity of the outcome. These
three factors will be able to tell the result, which would rank from acceptable to
intolerable.

With the VERSE Risk Tracker, you can see what your risk is, email yourself the report,
and then refer back to it again whenever you want to leverage risk-based assessments.

Below is actual data based on our risk tracker report, including an example of each
risk category:

Acceptable: An example of an acceptable risk would be a defective product sent to


a customer. Normally, this is not ideal, but if the total of non-defective parts going
out is at 98% it would be acceptable to have a minuscule amount of 2% not pass

Guidebook: General Quality 4


inspection. The defective material did not cause major problems with a customers
finished product and the organization will be able to maintain a current purchasing
and production practice with their consumer. Therefore, this particular adverse event
is acceptable.

Tolerable: A tolerable event would be, for example, the certification of personnel.
Lack of training that is discovered post assessment would, in this particular case
be considered tolerable. This is a potential risk that exists in all organizations and
although it could end in disruption it has an easy solution, which would be to revise
procedures to make the post training assessment of that particular procedure a
mandatory training assessment later on.

Undesirable: An example of an undesirable risk is something like the wrong product


information placed on a product label. A labeling error is a safety issue that could
cause customers to assume the product is meant for something it is not. This could
lead to a destruction of personal property or health issues due to allergens. This is
undesirable, and based on testing could result in a recall, but luckily in this instance
did not. This type of nonconformance is undesirable because a recall is considered
an extremely lengthy process and could result in detrimental consequences for an
organization.

Intolerable: An intolerable risk would be a major operational issue. An event that


was logged in the risk tracker was a matter of stacking pallets too high. This is a
more hazardous issue for an organization because it could result in injury or death
in the event of an earthquake or other unfortunate event. Therefore, precautionary
measures must be taken to limit the height of the stack to a certain number of pallets
or feet to ensure that this particular circumstance will not result in a catastrophic
event.

Risk can rank anywhere from as low as reasonably possible to likely to result in severe
consequences or death. Any organization will face threats within their workplace and
that is why it is important for all to take precautionary measures to mitigate and deter
risk rather than wait until later and try to clean up the mess. It saves time, resources
and overall cost.

Risk tools are able to rank risk levels and provide precautionary measures to reduce
actual risk factors in the long run. It is important to determine where risk lies, so better
decisions can be made to foster quality and compliance. Try our Risk Tracker today
and see where your risks are.

Guidebook: General Quality 5


Weathering Any Storm with Risk Management

Risk has become a buzzword in almost every industry. It is the foundation for
producing safe, quality products and services. Does implementing Risk Management
Software sound like an overwhelming task? Well, its not. We use risk management in
our everyday lives.

For example, lets consider this scenario. A winter storm is heading toward your
townthey are predicting between 12 to 16 inches of snow. While you can never be
certain that it will be this level of accumulation, you start to prepare yourself anyway
for this potential storm. When planning for the worst, you ask yourself a series of
important questions.

While not the most critical question, everyone living and working in the snowbelt
knows the first question is typically can I make it to work?
So your first risk assessment includes determining:

Then you start to consider the critical questions, should the storm prove to be as
severe as predicted:

What if I lose power?

You can keep warm with a fireplace, generator, gas stove, or lots of blankets.
You can keep your food from perishing by limiting opening the refrigerator/
freezer, placing food outside or in a garage to keep cold.
You can get light at night with candles, gas/battery lanterns, flashlights (or you
can go to bed early).

Guidebook: General Quality 6


Preventing Risk with the QMS: Before the storm so to speak, organizations put
preventive actions in place to help mitigate risk. Organizations will use Quality
Management System (QMS) processes such as Audit Management to prepare for
potential events and build out a risk plan based on the results.

Being prepared for a power loss ahead of time will make the experience much more
tolerable if it should happen to occur.

Lastly, should the storm last longer than anticipated youll want make sure you have
sufficient supplies to see you through. So you ask yourselfdo I have enough food
and water?

Consider what you currently have on hand and what you should purchase prior to the
storm:

Bottled water
Non-perishable foodscanned and dried foods
Perishable foods that dont need refrigerationfruit, vegetables, bread

Controlling Risk with the QMS: Organizations use processes like Document Control
and Training to help ensure prevention. By controlling documents, and ensuring
proper employee training, you will effectively reduce risk of internal hazards
outdated documents and poor employee performance due to ineffective training.

What can you get during or after the storm if travel is limited?

Can you get a delivery of groceries or restaurant food?


What stores and restaurants are open within walking distance?

Reducing Impact of Risk with the QMS: Regardless of how much preparation you do
beforehand, you will eventually be faced with an adverse event. If you can devise a
methodological plan to take action on an adverse event that has occurred anyway,
you will be able to reduce impact of its risk. In other words, expect (and prepare for)
the unexpected.

Ultimately, the QMSs Risk Management feature allows you to see where risk lies so
you can proactively address it before it spreads to other areas of your organization. In
Enterprise Risk Management, potential risks are identified; often through a complaint
or adverse eventmuch like our weather example above. From there, you can
evaluate the probability and likelihood of that event occurring and put measures in
place to mitigate or lessen the risk.

Understanding and preparing for any adverse situation is key to risk management.
Whether you are assessing risk in your daily life or for your job, it is important to ask
the right questions and determine pre-defined decisions and actions to ensure proper
risk management.

Guidebook: General Quality 7


Chapter 2:
Risk Management Across
All Industries

Guidebook: General Quality


Tools for Managing Risk in a Global Supply
Chain
Complexity is a growing theme in quality
and compliance management, specifically
in regards to the supply chain. This is
because now, more than ever, there is great
competition in the market. Competition
leads to shorter product lifecycles, increases
product complexity and creates a variety
of goods in more areas. Companies need to
maintain compliance and keep up with the
intense pace of business in order to keep
quality and safety considerations in line.

The Compliance Management System is


designed to automate and manage processes
related to quality and compliance and extend
them to the supply chain.

Competition Leads to Outsourcing


Outsourcing brings about inherent and natural risks. It is necessary that suppliers
are factoring in the same level of quality expected internally into their supply chain.
Risks associated with the supply chain are plentiful. For example the loss of critical
skills, loss of IP and counterfeiting, dependence on suppliers, different visions, cultural
differences, loss of operational control and lower visibility in performance and quality.

How Can We Mitigate Risk?


First you must identify the problem. Once that is done, you can go about evaluating
and treating the risk. There are a few tools that are commonly used, some may be new
but it depends on how you plan to leverage your supply chain which you should use.
These include:

Decision Tree: Decision trees are easy to integrate with everyday processes. In
this case, you are given an input of an adverse event and then use the decision
tree to help determine the outcome of the event. Decision trees can be built in
such a way that will help you come to the right decision and provide guidance on
that decision. This is an effective way of risk assessment, especially since it allows
the user to follow a path. Decision trees are powerful because they allow users
to embed actions directly into operational processes. This is especially helpful
when assessing the impact of a supplier material on a finished product, reviewing
inspections or determining whether or not to issue a supplier corrective action or
approve a deviation.

Bowtie Model: The Bowtie Model is the method for assessment of low-occurrence
events. In some cases, there may be very little data on potential events. However,

Guidebook: General Quality 9


those events may be so catastrophic that you cannot afford to sit back and let it
take place. Setting preventive controls in place helps mitigate the event before it
happens.

Risk Register: Risk Management and Risk Assessment are designed as means for
measuring and making decisions to affect compliance. As risk is measured within
an organization, a history of risk within your organization. The Risk Register is
designed to help fine-tune operations based on the hazards that take risk from
all events, whether incidents, accidents and any adverse events. It is a centralized
location that will give you a visibility into the risk within all operations.

The supply chain is extremely complex. It is known that people are outsourcing more
and more which increases inherent risks. There are many challenges around supply
chain risk, in which having a traceable, visible means for communication is necessary.
Companies must receive a timely response to all events in order to build an effective
relationship with its suppliers.

If followed correctly and inserted into daily operations, risk management tools can
uncover more data, decision-making capabilities, and insights into redefining your
supplier relationships. With these tools in place, you can effectively take compliance
and quality operations outside of your four walls and extend to your supply chain.

Guidebook: General Quality 10


3 Ways Risk Management Improves
Compliance Across Any Industry
Life Sciences, Transportation, Food
and Beverage, Environmental Health
and Safety (EHS)regardless of the
industry you serve, most businesses
have one thing in common: the need
to manage risks effectively. Risk
management is a growing concept
behind compliance that helps you
make better decisions to ensure
continual improvement. The Quality
Management System (QMS) improves
this process and reduces chance of
error by automating the way you
approach risk.

Below are 3 benefits of automating your risk management process

1. Provides Tools for Identifying and Filtering Risk: In risk management, potential risks
are typically identified through a complaint or adverse event. From there, you can
evaluate the probability and likelihood of that event occurring. This is where tools
like the Risk Matrix are effective.

The Risk Matrix is a colorful grid that is designed to make risk levels obvious to
all employees within your organization. Using this tool, you can plot two or more
levels on a graph, usually severity and probability. Each risk level is then assigned a
number. Within the graph your organization can plot a formula to calculate where
two numbers intersect. The user then assigns a color to each risk level to indicate
the level of criticality.

The Risk Matrix is a powerful tool because it is repeatable and objective. It


automates risk identification to provide a more guided approach to decision-
making and helps to drive change, in both the short-term and long term. You can
use the Risk Matrix to build alerts for critical events and establish guidelines and
decisions around risk management to develop solutions for risk levels that are
unacceptable. This solution is systematic and repeatable, so you can implement
solutions for high risks in a more automatic and consistent manner.

Keep in mind that tools like the Risk Matrix are not staticthey need to be
adjusted and vetted by you over time to ensure that the right results are constantly
achieved. The goal is to define a risk level based on two levels and build guidance
into the results to help foster a decision based on the calculation.

Guidebook: General Quality 11


With the right mix of automation and some required tweaking, the Risk Matrix
becomes a powerful tool for continuous improvement.

2. Links with Corrective Action: The risk management tool automatically links with
Corrective Action to filter adverse events that are not critical. Otherwise, it would
be nearly impossible to weed out the critical events from the noncritical. Risk
management lets you see which events can be immediately corrected without the
need for a corrective action. This not only saves time, it also allows you to focus on
assigning a corrective action to only the most critical events, while ensuring that
these critical events dont get lost among the minor issues. Without this capability,
both events are often given the same priority, so the event you get to first is the
one that gets dealt with firstmeaning that critical events could go unnoticed for
some time.

3. Reporting to Ensure Continuous Improvement: When you have all of the data on
your risk, youll want to report on that information to ensure that risks are seen
by everyone across your organization. The QMS enables automated reporting, so
all risk data is rolled up into one holistic report so you can see any trends in risk
across different departments and locations.

Without some means of easily accessing the data, it becomes difficult to derive
trends and insights on your quality processes. The process of filtering and
exporting data becomes manual and time consuming. The automated QMS
simplifies the process of reporting by enabling you to search for data on multiple
criteria, search within records as well as attachments within those records. This
enables you to see the data pertaining to risk and make decisions that help
promote continuous improvement.

While the QMS simplifies the process of managing risks throughout your
organization, remember that people are still an integral part of the process. While
risk management tools take a level of subjectivity out of the equation, the ultimate
decision making still relies on the people within your organization. In fact, many
companies use a Risk Team to ensure that decisions are made properly, by using
historical data to help adjust their risk process over time to ensure accurate results.

Risk is common for all levels of compliance and is a universal language that is
applicable to many industries and operational areas. By automating the process of
risk management, your organization will gain an objective and systematic way to
filter and prioritize adverse events and improve decision-making capabilities.

Guidebook: General Quality 12


Chapter 3:
Fun Takes

Guidebook: General Quality


Regarding Risk: A Letter to Verse Solutions
Dear Verse Solutions,

Hi there. I am the project manager for my company. Recently, we had to run an


internal audit at the last minute. Unfortunately, we did not pass.

I am reaching out to you in hopes that


you can answer a few of my questions
regarding your Risk Management
solutions.

First, Id like to tell you a little bit about


my job and its requirements. I am in
charge of scheduling out assignments
and jobs to employees that must be
completed in a timely manner. This is
difficult in itself because there are so
many tasks that need completion that
it becomes hectic. So, typically I have
to decide how to schedule them out so
that no due dates are missed.

I have to define a list of deliverables in


order to create compliance within the
organization and a timeframe in which to complete them by, which ultimately results
in the finalized product. However, there are many roles within my organization and
its too much of a risk to try to quickly push out materials just to create a product.
We must maintain compliance with regulatory requirements and also maintain safety
within the warehouse, workplace and for our consumers.

I must keep in mind:

Workflow-enabled projects: This includes projects that are followed by a timeline. In


order to keep quality events on track and solve issues a head of time, we set deadlines.
These deadlines assign tasks to my employees and express what tasks must be taken
to ensure the timely resolution of all issues. Having a workflow to push this through
makes the process easier to follow. However, risk still remains an issue. Just because
tasks are crossed off, does not mean they are completed. Our workflow needs
standards set in place to create a deliverable and sensible process.

Project Templates and speed: Certain times of the year are a lot busier than others.
Especially being in a competitive field. We often encompass the same type of project
many times over the course of year. However, rather than re-creating a different
project every time, we would like to have a template created that routinely delivers
the variables needed. With the click of a button we would like to have a specific event
loaded quickly and easily.

Guidebook: General Quality 14


Role-based task management for different employees: As stated earlier, I must
assign tasks to each of my employees personally. This is for old and new processes
and job functions that come about. Unfortunately, I do not have the means to stop a
process and mark any red flags. This means that the project will continue with issues
until we go back and retrace our steps and decide what went wrong and how to pick
up where we left off. This example is a good scenariosometimes, we may not know
until it is too late.

Therefore, I would like to ask you three questions that I think would help to get my
business running smoothly and carefully:

Does your Risk Management System allow me to build risk into my existing
processes?
Does it provide me the proper tools to quantify my risks and provide guidance on
actions to take to solve them?
Does it give me the ability to view all of my risks, report on them and allow me to
make improvements?

Thank you for your time and I do hope to hear from you soon.

Sincerely,
Looking for Improvement

Guidebook: General Quality 15


Regarding Risk: A Response from
Verse Solutions
Dear Looking for Improvement,

Thank you for reaching out. Here at Verse Solutions we love to help others help
themselves. You had written and concluded your letter with three questions regarding
our Risk Management tools.

Lets get started:

Does your Risk Management System


allow me to build risk into my existing
processes?

Yes. Our Risk Management tools allow


our users to build risk into existing
processes. With Risk Management,
users can make informed decisions
based on the data in their compliance
management system. For example, Risk
Management links with the Corrective
Action system to filter events by
criticality. This means that you have
insight into the events that are most
detrimental to your business, so you
can address those first.

Does it provide me the proper tools to quantify my risks and provide guidance on
actions to take to solve them?

Yes. Once you identify potential failures and quantify their risks you can begin to take
action. Tools like Job Safety Analysis allow you to break down a job, design or process
into components and identify hazards to avoid risks or mitigate their occurrence.
Applying this to processes fosters improvement with interconnected steps.

Does it give me the ability to view all of my risks, report on them and allow me to
make improvements?

Yes. A tool called the Risk Register allows you to view all risks in a centralized location,
giving a comprehensive overview and allowing you to filter and prioritize the outcome
individually and appropriately. All risk tools cooperate with reporting which means
that with a little help from other modules you can run reports that show insight into
problem areas and ultimately issue a corrective action if needed. Centralized reporting
makes it simple to collect data from across an organization and put it to better use.

Guidebook: General Quality 16


Overall, most companies today find themselves having to watch out for issues before
they take place. For one resource this can be extremely time consuming and you can
spend so much time planning ahead for prevention that you can miss out on exactly
what is taking place right before your eyes. To help manufacturers, there are many
different modules that come along with a Quality Management and Compliance
Management system to proactively address issues before they occur.

Since you have expressed to me that you manage many tasks daily and assign jobs to
certain employees I truly believe that automated technology would help you with your
needs. A single solution can help achieve compliance with built in modules like:

Employee Training
Document Control
Corrective Action
Risk Management
Audit Management

The Verse compliance management solution helps you manage and track
compliance in real time, so you can keep up with the pace of your business. Our
integrated modules inherit data from one process to the next, ensuring a continuous
communication loop. This is a huge benefit for someone like yourself who has many
daily tasks and needs to foster visibility and control throughout the business.

If you have any more questions, please be sure to reach out.

Sincerely,
Verse Solutions

Guidebook: General Quality 17

Vous aimerez peut-être aussi