Creating a reliable product that meets customer expectations is risky.
What is risk and how does one go about managing risk? The recent set of ISO standard updates elevates risk management.
A starting place is a definition.
ISO Standards definition of risk
ISO 9000:2015 includes the definition of risk as the “effect of uncertainty on an expected result.”
ISO 31000:2009 includes the definition of risk as the “effect of uncertainty on objectives.”
The origin of the English word ‘risk’ traces back to the 17th century French and Italian words related to danger.
A dictionary definition includes “the possibility that something unpleasant or unwelcome will happen.”
Risk from a business sense may need a bit more refinement. The notes in the ISO standards expand and bound the provided definitions.
One note expands the definition away from unwanted outcomes to include the concept of a deviation from the expected. Surprise seems to be an appropriate element of risk. Surprise may include good and bad deviations from the expected.
For the purposes of the ISO standards, risk includes considerations of financial, operations, environmental, health, safety, and may impact business or society objectives at strategic, project, product or process levels.
The discussion about a specific risk should include the events and consequences. While we may discuss the risk of an event occurring, we should include the ‘so what’ element as well.
If an event occurs, then this consequence is the result. Of course, this can get complex quickly as events and associated consequences rarely have a one-to-one relationship.
Finally, the ISO notes on risk include a qualitative element to characterizing risk.
The likelihood (similar to probability, I think) and the value (in terms of money would be common) of the up or down side of the consequence.
Risk and reliability related risk
As reliability professionals, these definitions may seem familiar and comfortable.
We have long dealt with the uncertainty of product or process failures. We regularly deal with the probability of unwanted outcomes. We understand and communicate the cost of failures.
What is new is the framework described by the ISO standards for the organization to identify and understand risk as it applies to the organization and to the customer.
Reliability risk now has a place to fit into the larger discussions concerning business, market, and societal risk management.
In my opinion, reliability risk is a major component of the risks facing an organization. Witness the news making recalls in recent years.
Our work as a reliability engineer has not been bound by a focus on product or process development, we have long considered the impact of unreliability on customers, and the impact on business objectives, such as warranty and profit.
As organizations begin to explicitly discuss risk within the framework described in these and other standards, we can readily join those discussions.
Our ability to describe the probability of failure in terms of risk should be relatively easy. To a large extent, it is how we operate already.
Risk management blends elements of quality, reliability and business management to create a framework for a comprehensive consideration and management of the many possible ‘unwanted’ or ‘unexpected’ outcomes.
As reliability professionals, we already regularly use the tools to identify risks, the tools to mitigate or eliminate risks, and the tools to estimate future likelihoods and consequences of risks.
We are in an excellent position to lead the discussion about risk within our organization and industry.
How do you view the connection between risk and reliability?
Add a comment or question below and let’s begin the discussion concerning risk management and the role of reliability professionals concerning risk.