Organizational Risk Management


This Month

AZTC Southern Arizona Tech and Business Expo 
October 25, 2017 Tucson, AZ  
Baldrige Fall 2017 Conference October 26-27 Tempe, AZ  

Helpful Links

What We Deliver
  • Operational and Quality Systems
  • Assessments
  • Training
  • Internal Audits
  • Lean Enterprise
  • Six Sigma
  • Kaizen Events 
  • Breakthrough Improvement

Improved Profits and More!

Our newsletters provide information on business management systems and process improvement methods. These systems include ISO 9001 QMS, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental Management Standard, and others. Further subjects include performance improvement methods such as Six Sigma, Lean Enterprise, and other topics of interest to our readers.

Do You have a Subject of Interest for our Newsletter?  Please let us know.


ATTENTION ISO 9001 and AS9100 Organizations: Time is running out! You have less than 1 year to transition to the new standard. Contact us for all your transition needs.    

Organizational Risk Management

Risk based thinking (RBT) is one of the most substantial changes to ISO management system standards in many years. It is a clearly-bounded methodology approach that distributes risk across the full scope of a management system as an integrated business function. The International Organization for Standardization (ISO) has this to say on RBT:

“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.

Although the function of risk based thinking is to manage risk at various critical stages and relationships with your products and services, the true purpose of risk based thinking is more than just creating a systematic, precautionary approach for your organization.

Instead, you should look at risk based thinking as a form of acquiring and maintaining organizational knowledge. This is important because a badly managed organizational system is immediately apparent to users, customers and investors, who often look for so much from you than just your certification status. This is one of the reasons why risk based thinking features so heavily in updated standards like ISO 9001:2015 and ISO 14001:2015, and the highly anticipated future ISO 45001 Health and safety management system standard.

Faulty-managed organizational risk can start when an organization designs a purely linear process for risk management. This is appropriate and to some extent logical during the implementation of a new management system, but once the management system becomes established it can become a considerable burden, and sub-optimization takes place

During the implementation process risks are considered and managed through a series of periodic fixes – as opposed to an iterative process. Systems like this suffer from a lack of agility and can become predictable non-value added activity.

In order for the organization to learn about new risk, it can mostly rely upon a system of internal audits and management reviews. Is a single annual management review meeting an iterative process? Risks are therefore considered too infrequently to capture and control real time threats.

Risks are also often managed centrally. Organizations commonly lack the insight, scope and flexibility to handle risks that occur at a grass-roots level, where the work gets done. Decisions to prevent and mitigate risk can sometimes be delayed as employees do not have the capability to assess risk, or the time to define and reduce the risk.  Often this happens because employees do not feel empowered or confident to take preventative and corrective action in the first place.

There are 5 common symptoms which could highlight to you that your approach to risk management could be improved:

1.    Uncertainty – the organization struggles to collect the right, or enough information about its risks. Checks are too infrequent, must be recurring and beyond annually. The scope of information about the organizations risk is narrow.

2.    Complexity – the organization is collecting enormous amounts of information about risk to the low level weeds areas. Decision makers cannot interpret the information. Opportunities are overlooked.
3.    Ambiguity – the organization is not able to formulate the correct questions in order to understand its risk. Additional information is useless because risk is not understood or documented effectively, and is some cases not documented at all.
4.    Lack of Common Language- there are multiple interpretations of risk between individuals across the organization. Risk management is mutually exclusive or in conflict. A power struggle usually ensues between individuals with conflicting views and beliefs.
5.    Silo mentality (larger organizations) – different departments resist communicating information about risks across the organization. This typically leads to a condition of both uncertainty and not my problem mentality.



Choose the right risk management tools. Experiment with different approaches while your management system is in operation.

Understand the standards.  You need to correctly interpret the terminology applied to ISO management systems. Risk is not always stated explicitly in each ISO standard. Terms like “suitable” and “appropriate” will often imply that you need to demonstrate a balanced approach towards risk based thinking.You should also assume that risk identification can have a positive impact, Opportunity- and that it can even provide workable business opportunities. Your approach must accept risk as a systemic entity in your management system. You need to consider all of the functional aspects of your management system, and how effectively risks are identified and controlled in real-time.

Transitioning into a risk-intelligent business can take a considerable length of time and experience. The value of implementing an ISO management system (in particular the new 2015 and 2016 standards) is that it determines the focus for a Risk-Based approach. But it does not tell you which business tools to apply – this choice is yours.


Steps to Continual Improvement

Continual improvement is a type of change that is focused on increasing the effectiveness and/or efficiency of an organization to fulfill its policies and objectives. It is not limited to quality initiatives. Improvement in business strategy, business results, and customer, employee, and supplier business relationships can be subject to continual improvement. Putting it simply, it means getting better all the time.

What continual improvement is not. Improvement is not about using a set of tools and techniques. Improvement is not going through the motions of organizing improvement teams and training people. Improvement is a result, so it can only be claimed after there has been a beneficial change in an organization’s performance.

Clause 10 Improvement under the ISO 9001:2015 Standard requires an organization to “determine and select opportunities for improvement.”  An example could be gradual, incremental or breakthrough. Continuous improvement is gradual never-ending change, whereas continual improvement is incremental change.

Types of improvements are call Kaizen Events, Lean, and Six Sigma improvement is common place.
Breakthroughs are improvements, but in one giant leap – a step change. However, the method of achievement is the same, but breakthroughs tend to arise out of chance discoveries and could take years before being made.

When should continual improvement be started? All managerial activity is directed either at control or at improvement. Managers are either devoting their efforts at maintaining performance, preventing change, or creating change, breakthrough, or improvement. If businesses stand still, they will lose their competitive edge, so improvements must be made to keep pace and stay in business. Every system, program, or project should provide for an improvement cycle. Therefore, when an objective has been achieved, work should commence on identifying what is meeting the requirements of the process, and what better ways of doing it.

There is no improvement without measurement. An organization must establish current performance before embarking on any improvement. If it does not, it will have no baseline from which to determine efforts.
There are ten steps to undertaking continual improvement:
  1. Determine current performance.
  2. Establish a need to improve.
  3. Obtain commitment and define the improvement objective.
  4. Organize the diagnostic resources.
  5. Carry out research and analysis to discover the cause of current performance.
  6. Define and test solutions that will accomplish the improvement objective.
  7. Produce improvement plans which specify how and by whom the changes will be implemented.
  8. Identify and overcome any resistance to the change.
  9. Implement the change.
  10. Put in place controls to hold new levels of performance, and repeat step one.
Continual improvement is far more than a set of techniques. For many organizations, it involves a radical change in attitudes. The defense of the status quo, and resistance to innovation, cannot be treated as normal management behavior. A fear of reprisals for reporting problems has to be replaced by congratulating people for identifying an opportunity to improve. Hoarding of good ideas within departmental walls must be a thing of the past as people share their knowledge and experience in the search for greater collective success.


Reinventing Innovation Findings

In a global study conducted by PwC of executives stated their businesses are collaborating with a broader set of stakeholders to recap greater rewards from their innovation efforts.

PwC surveyed over 1,200 executives in 44 countries, asking them about their innovation strategy, operating models, culture, metrics, and more to understand how innovating companies are seeking to create business value and financial returns on their efforts.

The majority of respondents clearly think that bringing more parties into the innovation sandbox is a smart idea. It can deliver significant benefits, from improving innovation’s alignment with business strategy, to accessing fresh ideas and critical talent, to failing faster and getting new innovations to market sooner.

In a world where industry disruption is increasingly the norm, not an anomaly, virtually no company can ignore the imperative to innovate. Failing to do so is an invitation to lose business.

The study results showed that:
  • 54% of the executives we surveyed struggle to align innovation strategy with business strategy;
  • 61% of our survey respondents are embracing open innovation to generate new ideas;
  • 72% of respondents say they’re not out-innovating their competitors.
Key Finding – Strategy, not size, matters in innovation spend.
To read more of the study and to view the Innovation Benchmark 2017 Report, visit the PwC Website.    



In the News
National Manufacturing Day – October 6, 2017 

Manufacturing Day is a celebration of modern manufacturing meant to inspire the next generation of manufacturers. Manufacturing Day occurs in October – this year Manufacturing Day is Oct 6, 2017.

Join thousands of manufacturers and events as they open their doors to show the public modern manufacturing.  Visit the Manufacturing Day Website  for more information and events in your area.


Medical Device Sector New Handbook   

The handbook ISO 13485:2016 – Medical devices – A practical guide written by a group of technical experts from ISO’s technical committee ISO/TC 210, Quality management and corresponding general aspects for medical devices. Tthe handbook provides users with practical guidance and accurate interpretation of the requirements specified in the ISO 13485:2016, Medical devices -Quality management systems – Requirements for regulatory purposes.

Mapped to the structure of ISO 13485:2016, the new handbook offers step-by-step guidance for all organizations in the medical devices sector wishing to implement and maintain a quality management system. It covers guidance applicable to various stages of a medical product’s life cycle, including the gathering of customer requirements, design, development, production, supply chain, installation, servicing and post-market surveillance of medical devices.
Aimed at all organizations, regardless of size and the nature of their business, it helps create a level playing field and facilitate the market access of their products globally. The handbook can be used as the go-to reference when questions arise about specific requirements, their interpretation, and implementation strategies

Purchase 13485:2016 – Medical devices – A practical guide at the ISO Store.


Training Courses
All courses can be delivered at your company or at our training centers. We do provide training beyond our home state of Arizona. Click on the course title for description, schedule, registration and payment. Group discounts are available. We also provide custom designed training to fit your specific needs. All training is fully documented for your training records and certificates of training are awarded.
Don’t see a course or schedule that fits your needs?  Contact us.

What kind of results do you want to create for yourself and your business?

Do you have customers coming back for more of your product or service? Do you have a set of ideal customers you want to cultivate? Are your business processes in control and capable of producing what you, your employees, and your customers require on a continuous basis?

The demands of today’s business environment have caused many of us to shift our approach from thinking as a professional to acting as an entrepreneur. Avoiding past mistakes and taking the time to plan your next moves can make the difference between failure, or sustainable growth for your organization.


Walter Tighe and SES Team
Sustaining Edge Solutions, Inc.
Toll Free 888-572-9642


Leave a Reply