The Proactive Quality Guide to. Embracing Risk

Similar documents
Scouting Ireland Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

T A B L E of C O N T E N T S

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Nagement. Revenue Scotland. Risk Management Framework

Risk Management Strategy

Risk Management. Webinar - July 2017

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Risk Management at Central Bank of Nepal

Risk Management Policy and Framework

Risk Management Policy and Procedures.

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

APPENDIX 1. Transport for the North. Risk Management Strategy

Policy Number Functional Field. Governance and Management. Related Policies. Policy of Making University Policies.

Kidsafe NSW Risk Management Plan. August 2014

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Client Risk Solutions Going beyond insurance. Risk solutions for the Manufacturing sector. Start

Risk Management & FMEAs. By Jay P. Patel, ASQ Fellow CEO & President QPS Institute

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Procedures for Management of Risk

M_o_R (2011) Foundation EN exam prep questions

OUT OF THE UNKNOWN. Industry-leading supply chain risk management. Will Harman September 2013

IT Risk in Credit Unions - Thematic Review Findings

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

Risk Management Process-02. Lecture 06 By: Kanchan Damithendra

2018 THE STATE OF RISK OVERSIGHT

Client Risk Solutions Going beyond insurance. Risk solutions for Real Estate. Start

Innovation and the Future of Tax

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

RISK MANAGEMENT POLICY AND STRATEGY

Risk Management. CITS5501 Software Testing and Quality Assurance

HITRUST Third Party Assurance (TPA) Risk Triage Methodology

Goodman Group. Risk Management Policy. Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

1. Define risk. Which are the various types of risk?

Fraud Investigation & Dispute Services Corporate misconduct individual consequences

AN INTRODUCTION TO RISK CONSIDERATION

Enterprise Risk Management Program

WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE

Risk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016

1st Capacity Building Seminar on Enterprise Risk Management

Client Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start

Documentation Control. Hazard Identification, Risk Assessment and Management Procedure. (This document is linked GG/CM/007- Risk Management Policy)

EU VAT Forum. Consolidated report on Cooperation between Member States and Businesses in the field of e-commerce/modern commerce

RISK MANAGEMENT FRAMEWORK

Client Risk Solutions Going beyond insurance. Risk solutions for the Healthcare sector. Start

Risk Evaluation, Treatment and Reporting

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

Business Auditing - Enterprise Risk Management. October, 2018

HSC Business Services Organisation Board

RISK MANAGEMENT POLICY

Risk Management Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Security Risk Management

An Introduction to Risk

Project Selection Risk

InFocus. Insurance regulation and technology: Adding business value to compliance

Risk management culture focused on integrity and good conduct

GOV : Enterprise Risk Management Policy

Table of Contents Advantages Disadvantages/Limitations Sources of additional information. Standards, textbooks & web-sites.

ENTERPRISE RISK MANAGEMENT Framework

Contents INTRODUCTION...4 THE STEPS IN MANAGING RISKS ESTABLISH GOALS AND CONTEXT IDENTIFY THE RISKS...8

Risk Management Plan for the Ocean Observatories Initiative

Risks and uncertainties facing the business

Infrastructure Risk Management. Infrastructure Risk Management

13.1 Quantitative vs. Qualitative Analysis

PRINCE2 Sample Papers

Client Risk Solutions Going beyond insurance. Risk solutions for Energy. Oil, Gas and Petrochemical. Start

Manage Risk STUDENT HANDOUT

The future of operational risk in financial services A new approach to operational risk capital management

The OCEG Open Risk Classification using XBRL

Enterprise Risk Management Focusing on the Right Risks

Natural catastrophes: business risks and preparedness A research programme sponsored by Zurich Insurance Group Executive summary March 1st 2013

RISK MANAGEMENT. Co-X/QHS/SOP03

Risk Management Policy

Risk Management Policy

The working roundtable was conducted through two interdisciplinary panel sessions:

The Components of a Sound Emerging Risk Management Framework

Risk Management Guideline July, 2017

Risk Management Framework

West Coast District Municipality. Risk Management Policy

RISK REGISTER POLICY AND PROCEDURE

Client Risk Solutions Going beyond insurance. Risk solutions for Retail. Start

Risk Management Framework

TIMES ARE CHANGING. Image from

Risk Management Policy and Strategy

Presenting and Understanding Risk Management

TABLE OF CONTENTS INTRODUCTION:... 2

A Holistic Approach to Risk Management. Dono Tong & Jeff Chan

JFSC Risk Overview: Our approach to risk-based supervision

Enterprise Risk Management process at Dragon Oil

Zurich Hazard Analysis (ZHA) Introducing ZHA

Job Safety Analysis Preparation And Risk Assessment

How Internal Audit Can Help Promote Effective ERM

Risk Check: Applying Community Risk Reduction Strategies To Enforcement Inspections

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

Managing the risks of legacy ICT to public service delivery

Tax operations evolution Drivers, barriers, and building blocks

Risk Management. Policy and Procedures

Transcription:

The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats

The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats More and more businesses are reporting that they face an ever-increasing range of risks and are unsure how to overcome them. Marketplace disruption, globalized supply chains, regulatory uncertainty and intensifying competition are all contributing to a volatile and unpredictable business environment 19% of emerging threats where risks are difficult to identify and mitigate. Managing risk is becoming a key strategic issue, where those businesses that can successfully combat both current and emerging risks will develop a significant advantage over their competitors. 19% believed they had sufficient ability or capacity to manage the risk believed they had sufficient ability or capacity to manage Reputational Risk A recent survey by Deloitte/Forbes revealed that reputational risk was a key concern for the 300 global executives polled. While most felt that their current reputation was strong, only 19% believed they had sufficient ability or capacity to manage the risks of emerging threats. Respondents cited fraud and corruption, security risks (physical and cyber) and product and service risks as the main drivers of reputational risks. Yet their greatest concern was over risks they had classed as outside their control: Third-party/extended enterprise issues Competitive attacks Catastrophic events. Businesses recognize the need for early identification of potential events impacting their reputation. Tackling a threat as it occurs is not effective in our always-on, inter-connected age. As a result, businesses are investing in tools and processes allow a proactive approach to risk, such as scenario planning, predictive and analytical tools and brandmonitoring tools. The Proactive Quality Guide to Embracing Risk 3

100% 32% of respondents ranked ensuring safety and health policies, codes and goals are used throughout supply chains as seriously problematic 73% of CCOs ranked third-party compliance risk management as the most challenging concern they face Third-Party Risk As supply chains grow more complex in the global economy, risks have multiplied while becoming harder to overcome. In a 2015 Deloitte survey, 73% of Chief Compliance Officers (CCO) ranked third-party compliance risk management as the most challenging concern they face, while 32% of respondents to the State of the EHS Nation 2015 Survey ranked ensuring safety and health policies, codes and goals are used throughout supply chains as seriously problematic. The Deloitte survey indicated that CCOs are employing a range of tactics to manage these risks more effectively: 42% say they always audit compliance with policies or regulations 38% always perform extensive background checks 32% always require training or certification. Yet as many 44% of respondents to the Deloitte survey cited above described supply chain risks as beyond their control and lacked confidence in addressing them. The key to overcoming these problems is to apply risk-based thinking to supplier management. Risk management can improve supplier onboarding, selection and review. Risk-based metrics can be used to assess supplier performance, viability and vision alignment, and select and monitor suppliers in the network effectively, based on a risk ranking. The Proactive Quality Guide to Embracing Risk 5

Regulatory Uncertainty Now that the UK has voted to leave the European Union, there is great uncertainty around how regulations will apply in the future. Every industry is affected because EU Regulations apply directly to UK legislation, and EU directives mandate the UK to introduce legislation to bring in their provisions. Environmental Health and Safety (EHS) is of particular concern, as so many UK regulations exist as a result of EU influence. As Richard Clarke, Senior EHS consultant at Cedric has observed, many UK Statutory Instruments exist because a EU Directive obliged the UK government to introduce domestic legislation. For example, the Energy Efficiency Directive has so far resulted in 28 individual UK Regulations, including the currently relevant ESOS requirements. It is uncertain that such regulations would remain in force following Brexit, given that the decision to leave was heavily influenced by the desire reduce EU regulatory burdens on business. In areas where the UK has ceded its authority to the EU, such as the working environment to protect workers health and safety, it is difficult to predict how that transfer of authority will be reversed and what effect that will have on the standards expected in those working environments that were in line with those of the EU. Businesses are now facing the complexity and the increased risk of a regulatory environment that might no longer be harmonized with the EU, the UK s biggest trading partner. The Proactive Quality Guide to Embracing Risk 7

How Risk Management Improves Safety, Compliance and Quality The current business environment, Tactical approaches to risk, where hefty fines and irreparable damage to the organization regardless of industry, is characterized businesses react to problems after they reputation. by constant change and increasing occur, are no longer effective on their Establish processes for reducing complexity. Consumer and competitive own. They cannot address the multiplying Instead, businesses need to take a and preventing risk pressures, continuous innovation, unknown risks produced by such volatile strategic approach to risk, with a robust globalized supply chains, regulatory conditions. In our fast-paced, complex risk management system that helps to: Give the organization an objective, changes coupled with increased oversight environment, problems can escalate quantifiable means of assessing its and evolving criminal threats, are all key and spread quickly. Being unaware of Identify risks overall level of risk. factors introducing an ever-growing the hazards involved in the business range of risks to safety, compliance heightens risk even more, increasing Categorize risk across and quality. the potential for serious disruption, The Proactive Quality Guide to Embracing Risk 9

A Consistent Approach to Risk The first step in developing your risk management system is establishing a common definition of risk throughout your organization. The terms hazard and risk are often used interchangeably, but they mean different things. A hazard is a condition or situation that creates the opportunity for a problem to occur a potential rather than a possibility. Risk is the likelihood that the hazard will lead to that negative consequence. Some hazards pose no risk, if there is no probability of exposure to that hazard. Risk management is knowing what those hazards are and estimating the probability of each one manifesting itself. Risk is pervasive throughout all areas of an organization, from Quality and EHS, to IT and the supply chain. The problem is that people s assessment of risk and approach to managing it are dependent on how they experience it. Compliance will focus on regulation, IT on cybersecurity, Quality on eliminating human error. The result is a series of subjective judgments and internal silos managing multiple risks, which though different, are all related. With little or no communication between the groups or an integrated methodology to holistically manage the risk, the business is left exposed. Risk management provides a unified understanding and universal methodology for addressing these varying factors. Begin by bringing all your key risk people together to look at all your areas of risk and explore all the factors affecting risk. Cutting across departmental boundaries to understand how various risks interrelate will help you develop a system to identify, assess and judge the collective effect they have on the organization s overall level of risk. This is how you move towards strategic risk management. Next, determine how to quantify those risks in a systematic and objective way. Severity and probability are useful scales. Then, implement a process for evaluating and assessing the risk, using Risk Assessment tools, such as the Risk Matrix or Bowtie Risk. The Proactive Quality Guide to Embracing Risk 11

Risk Matrix The Risk Matrix is designed to help you the probability of a hazard occurring Using a cost/benefit calculation is an from historical data so that you can be calculate risk across various outcomes, multiplied by its impact. It plots five levels effective way of deciding whether a risk confident it fits the context of your which then gives you clear guidelines of severity against five levels of frequency is acceptable or not. Be sure to vet the actual operations. on whether that risk is acceptable in a color-coded chart to show overall risk matrix using real-world examples drawn or unacceptable. It defines risk as for different situations, like so: SEVERITY MINOR (1) NEGLIGIBLE (2) MARGINAL (3) CRITICAL (4) CATASTROPHIC (5) FREQUENT (5) PROBABILITY PROBABLE (4) OCCASIONAL (3) REMOTE (2) IMPROBABLE (1) The quantified risk falls into one of three zones: Low risk that s considered acceptable (green) High risk that s considered unacceptable (red) Moderate risk which may or may not be acceptable (yellow). The Proactive Quality Guide to Embracing Risk 13

Bowtie Risk Bowtie Risk is a proactive risk assessment happening. It also plans recovery controls threats that could lead to this outcome would have recovery controls in place to tool. It helps overcome situations where to minimize impact, should the event for example, smoking, poor storage prevent it becoming catastrophic fire the business has very little data on the actually occur. of packaging waste, poor storage of alarms, fire extinguishers, a sprinkler potential of a critical event that may have flammable materials or bad maintenance system or a fire marshal. So even if the catastrophic consequences. The tool An example could be fire safety in a of electrical points. Then you would event still occurred, there would be constructs a scenario where such an storage facility, where the undesired introduce controls to block those threats barriers in place to make sure the risk event might occur, then puts preventative event would be a fire that is out of and reduce the risk of them occurring. were minimized. controls in place to mitigate the risk of it control. You would first consider potential If, despite this, a fire does break out, you The Proactive Quality Guide to Embracing Risk 15

Your People Determine Your Business Risks These risk assessment tools on their own are not the solutions to managing risk. They are there to support decision making by reducing subjectivity, standardizing responses and providing quantitative justification for them. For true effectiveness, you need people on the other end interpreting the results. They know the business, understand the hazards and can help determine how to make risk work for your organization. A good approach is to assemble a Risk Team drawn from across the functions of your organization to review the different risk outcomes and determine how you re going to handle different risk levels. Responses typically include: Acceptance Reduction Compensation Transfer Avoidance Leave it if it s worth the risk Take steps to mitigate Take steps to insure Outsource the risk to a Stop the process altogether. the risk yourself against the risk partner/supplier The Proactive Quality Guide to Embracing Risk 17

Taking Action to Manage Risk Once you have determined how you are going to treat risk, you need take action on managing it. You can introduce improvement activities that support managing risk, manage changes to your processes and operations and implement controls to mitigate or reduce risk. This is where risk management streamlines your Quality, Compliance and EHS processes. Take Corrective And Preventative Actions (CAPA) for example. With a risk-based approach to your QMS, you can identify critical events, mitigate the risk and prevent re-occurrence of these events. Once a complaint is escalated to the Quality department, the team determines its risk criteria (severity, frequency) and then uses the Risk Matrix to determine the corresponding actions. If the risk is intolerable, then a CAPA is generated with an action plan to determine the root cause and any corrective actions. Since the CAPA process itself is directly tied to the risk level, a second risk assessment is carried out to measure risk mitigation as a result of the corrective action. Once again, the severity and frequency of the action are determined to ensure that it is within acceptable risk tolerances. If it is, then the event is considered to be corrected. If not, then it is sent back to the beginning of the CAPA process and reworked until it is corrected within business s risk tolerance and quality standards. The Proactive Quality Guide to Embracing Risk 19

The Risk Register Takeaways: As a final point, the effectiveness of your people s ability to manage risk rests on the quality of the data available to them. As the business measures risks and takes actions, it is building its own risk history. It should draw data from all its operational areas to see the whole picture, and record all types of data, including near misses, not just the critical ones. This data should then be stored in a centralized location the Risk Register to provide visibility into risk within the whole organization. Your Risk Team will use this historical data to help fine-tune its risk picture and ensure accurate results. They can examine how risk management has evolved over time, spot trends, analyze high risk areas and determine what needs more oversight. In this way, risk management helps the business fine-tune its operations informed by its risk history. In today s volatile business environment, risks can be difficult to identify but their damage can quickly escalate, seriously threatening competitiveness, profitability and reputation. Post-Brexit uncertainty, increasing consumer power and supply chain risks are critical threats that many food and drinks businesses struggle to mitigate. Risk management, where a strategic approach is taken to risk in order to reduce and prevent risk across the organization,provides a solution. The Risk Matrix and Bowtie Risk are two powerful Risk Assessment tools underpinning the risk management process. Use risk management to streamline your Quality, Compliance and EHS management systems and improve the overall performance of your business. The Proactive Quality Guide to Embracing Risk 21

Find Out More About the Risk Management Capabilities of Today s Quality Management Software. Download: Enterprise Quality Management How Systems Can Break Down Silos Download the eguide now! About EtQ EtQ is the leading Quality, EHS, Operational Risk and Compliance management software provider for identifying, mitigating and preventing high-risk events through integration, automation and collaboration. At the core of EtQ s framework is a compliance management platform that enables organizations to implement best-in-class compliance processes configured to meet their existing processes, create new compliance processes and automate and control their compliance ecosystem. EtQ s product lineup includes Traqpath for individual compliance users, Verse Solutions for small to medium sized businesses and Reliance for enterprise organizations. EtQ was founded in 1992 and has main offices located in the U.S. and Europe. To learn more about EtQ and its various product offerings, visit www.etq.com or blog.etq.com.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback