Your Reliability Engineering Professional Development Site
Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The title may sound strange given the Baldrige’s origin as the U.S. National Quality Award. Yet, its migration to a Performance Excellence Criteria and the addition of Cyber Security, Innovation, and Enterprise Risk Management (ERM) does pose challenges to the quality profession. This is particularly true since the many of the Baldrige examiners are quality professionals. [Read more…]
We are seeing more global certification bodies create their own assurance and branded certification schemes.
Like ISO 31000 letter of conformance for airports.
Dubai Airports this week received a letter of conformance for ISO 31000 – 2009 Enterprise Risk Management from Lloyds’ Register Quality Assurance (LRQA). [Read more…]
Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The National Institute of Standards and Technology (NIST) just issued the 2017-2018 Baldrige Excellence Frame Work. There were modifications to a number of categories such as Category 1 Leadership, Category 2, Strategy and Category 6 Operations. Included in the modifications were substantive additions for Cyber Attacks and Enterprise Risk Management (ERM).
In the discussion of the changes from the 2015- 2016 framework it is noted: “The future competitive advantage that will flow from good ERM is based on the holistic addressing of risk and the actions taken – including the pursuit of intelligent risks – as part of an overall strategic approach to managing organization performance.” (Baldrige.2017.45)
This statement makes two things clear. First, ERM is seen as contributing to the competitive advantage for any organization. Second, ERM is a holistic approach. The inclusion of ERM in the Baldrige Excellence Frame Work does two other things. It reinforces the momentum created by the inclusion of Risk Based Thinking in ISO 9001:2015 and the issuance by OMB of Circular A-123. Both actions expanded the reach and ultimately the interest in ERM. In addition, it signals that ERM is considered part of best practice. This means its use increasingly will become a standard by which all organizations can be evaluated by regulators and stakeholders. [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
We live in a world of consequences. Everything that we experience is a consequence of some action, decision, reaction and/or choice. For organizations, the consequences of a choice, action, decision and/or reaction can cascade throughout the organization and extend to its “Value Chain” rippling through all the known touchpoints and the as yet, unidentified touchpoints.
Organizations need to understand their strategic, operational and tactical capabilities and capacity to recognize, mitigate and/or capitalize on cascade effects. As a result of the diverse nature of global business operations, geopolitical circumstances, culture, etc., there currently is a standardization gap with regard to how organizations should react to cascade effects. This is partly due to opacity, nonlinearity and insufficient competitive/business intelligence that organizations can draw from. This is not to say that the information does not exist. Rather that it does not exist in a form that is readily recognizable to organizations in most cases. [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The focus of this article is on the application of guidance (ISO 31000, FFIEC, etc.) often resulting in the appearance of compliance resulting from a checkbox perspective rather than actually and actively identifying and managing risk(s) by organizations.
In Risk Management: History, Definition and Critique, by Georges Dionne (March 2013 – CIRRELT-2013-17); the opening statement from the Abstract is revealing: [Read more…]
Some 20 years ago, I was volunteering with a not-for-profit organization to develop new products and services.
Our team had lots of ideas. We were excited to innovate, change, add value, and do better. You could feel the energy. It was electric.
The challenge: The organization was riding high and making lots of money on its core products. They did not want or did not need to look at anything new. Why fix something that was not broken from its point of view. OK. We got it.
Well, our great ideas were stuffed. The energy and enthusiasm dissipated. I left the organization.
Several of us wondered what had happened. Dr. Lindborg, an expert in organizational dynamics, in a moment of inspiration, uttered:
This is the Moose Lodge Syndrome at work.
“What’s that?” we said. A little history may help: [Read more…]
ISO maintains risk has implicitly been a part of the standard since the ISO 9001:2015 revision. How? In the new standard, ‘preventive action’ has evolved to ‘actions to address risk and opportunities.’ This changes the Corrective Action – Preventive Action (CAPA) model. In the past, Preventive Action was implemented as a result of Corrective Action specifically to prevent the recurrence of the nonconformity. [Read more…]
Quality, system, and internal auditing are focusing on risk management, process control, process capability, and organizational effectiveness. These value added audits require more information to be collected and analyzed to evaluate value, risk, waste, effectiveness, and efficiency. As an organization moves toward value added auditing, the auditor or audit team will collect more information, conduct in-depth analysis, and obtain sufficient evidence in order to reach conclusions. [Read more…]
Value Added Auditing(VAA) is risk based auditing. Or another way to think about it is VAA is analytical auditing where the sponsor and auditee get valuable information to improve their operations and become more competitive.
So, what can VAA do for you? [Read more…]
VUCA is an acronym for Volatility, Uncertainty, Complexity, and Ambiguity. VUCA is the driver of most disruption in business.
I believe we live in VUCA time. And, VUCA is changing how business is done: [Read more…]
“One Thing is Certain: 2017 Will Be the Year of Uncertainty for CEO’s’”
Shouted a recent Wall Street Journal article.[1]
Why?
Let’s look at the reasons at why we live in VUCA time (Volatility, Uncertainty, Complexity, and Ambiguity).
The critical success factors for ISO 9001:2015 RBT are much like Six Sigma and lean. Our hard lessons learned over the last dozen years migrating organizations from quality to ERM include: [Read more…]
Many CRO’s come from compliance, legal, or finance areas. They do not know operations or quality. This person is critical to quality‘s success with ISO 9001:2015 in terms of providing risk approvals, direction, and resources. The quality department should be flexible and work with the CRO, specifically: [Read more…]
We get this question weekly and sometimes daily it seems.
Why? ISO has not defined Risk Based Thinking? And, this is a hugely important question because ISO has elevated RBT to the same level as PDCA and Process in the Final Draft International Standard (FDIS) of ISO 9001:2015.
One of the things we know is the marketplace hates a vacuum. Someone will develop a product or service to fill in the vacuum. This is exactly what we did with RBT. [Read more…]
ERM is a relatively new concept. There is a robust discussion among experts what it really means. Common ERM elements in most definitions include: [Read more…]
