As expressed in the blog 3 Functional Ways Risk is Critical to Quality Management by LNS Research, an organization’s approach to enterprise quality management should never remain stagnant. 

“Certainly there are timeless elements of quality management strategies that have been applied for decades and will continue to be applied over time. But advances in computer and web-based systems have brought specific quality management tactics to the next level. We are now witnessing an unprecedented level of access and visibility into quality management metrics and performance, in some cases on a real-time basis.”

This sentiment is even more prevalent with advances in Industry 4.0, Industrial Internet of Things, artificial intelligence, machine learning, robotics, and other automation technologies already rapidly approaching the manufacturing landscape, and subsequently the management of risk in the manufacturing environment.

“This is part of a natural progression most organizations experience when it comes to quality management. Strategies and technologies that once worked—and, indeed, do continue to function as a bare minimum—need to be updated or sometimes overhauled or replaced in order to improve performance and accelerate competitiveness. This is particularly true when it comes to risk management, which, as global manufacturing leaders know, needs to be embedded into quality management approaches.”

A key to any discussion of developing, let alone embedding, an approach to risk management is understanding the differences and similarities of implicit versus explicit risk management.

The implicit approach “might involve evaluating existing quality processes, for example, prioritizing CAPAs based on how they will impact an organization’s risk profile, or auditing suppliers and facilities on a case-by-case basis based on risk factors. It can be thought of as more of a tactical approach, and differs from a more overt or strategic approach.”

In an explicit approach, “organizations assess all areas of the enterprise proactively and build a clear, bottom up risk framework replete with a comprehensive risk register that accounts for the robustness or lack thereof in quality processes, and proceed to apply it strategically across the entire organization.”

As is common with just about everything, taking from column A and from column B will result in not only an acceptable risk program, but also an accurate, encompassing one, covering the tactical as well as the strategic. The relationship between quality and risk presents itself in three key areas: corrective and preventative actions, audit management, and supplier quality management.

Corrective and Preventive Actions (CAPA)

A foundation of quality management, corrective and preventive actions, or CAPAs, include an identification stage and an investigative stage, both of which feed into how we assess risk and control the processes of a good overall manufacturing process.

“When Operational Risk Management (ORM) is linked with or embedded into EQMS, the risk assessment approach benefits from accumulated information generated through the identification of hazards and adverse events, which in turn improves our capabilities when it comes to quantifying, prioritizing, and migrating risk.

“When EQMS and ORM systems intertwine, we can eventually begin to prioritize our workflow based on CAPAs. For example, risk matrices can be informed by the number of open CAPAs, which point to areas of business activity that become ‘riskier’ business activities by virtue of the fact they are associated with open CAPAs. As these two elements begin to ‘speak’ to one another, we ultimately make risk management and quality management more effective.”

Audit Management

Assessing risk and preparing and performing an audit should be a give-and-take process, or two-way street, as well. 

“As we establish audit criteria, we can leverage data acquired in historical and ongoing risk assessments. And risk assessments, likewise, are also be informed by the criteria we have established to conduct audits.”

For instance, “as discussed with CAPAs, we see how a risk matrix can be informed by metrics associated with audit performance, audits complete/incomplete, as well as audit frequency, just as risk factors can feed back into audit management, inviting us to, perhaps, audit certain performance factors on a higher frequency, more intensive basis based on risk, and others on a lower frequency, less rigorous basis.”

Supplier Quality Management

As a process begins to involve, affect, and rely on more people and organizations, the more challenging it can become. Controlling vendor and supply chain quality management is no exception. 

“Quality, risk and sustainability need to be more tightly integrated, across the enterprise and its entire supply chain. Functionally, this asks manufacturing leaders to boost their ability to evaluate and monitor suppliers on an ongoing basis according to quality, supply chain, and operational risk factors.

“Organizations need the ability to rank both supplier quality management and supplier relationship management according to—above and beyond quality—risk-based metrics that can actually be accumulated through the right analytical tools. However, this means linking these interrelated tools across the enterprise.”

The Risk of Ignoring Quality Risk Management

Linking quality control to risk information and linking risk information back to quality control, providing a continuous loop to and from both, helps to improve quality and risk analysis.

“Quality management data is too valuable to be left in silos, especially in the manufacturing environment, and in turn risk management data is too valuable to be isolated from quality management frameworks. Only the right processes and technology—supported by an organizational culture that views quality and risk as pervasive corporate matters—will enable an organization to manage quality effectively from a risk-based perspective.”