The Difference Between Risk Management and Enterprise Risk Management
The uncertainty concerning the future performance of a product or system is a risk to the customer and supplying organization. A product that fails too often or in an unsafe manner may require repair, replacement, or a recall.
A product’s performance including its reliability performance reflects on the organization that designs, builds, and sells the product. A poor reliability performance is no longer a risk to that individual product, rather it is a risk to the product line and organization as well.
Reliability professionals have long been involved with identifying and mitigating risks. The increased emphasis on enterprise risk management through standards such as ISO 31000 require reliability professionals to consider the larger risk management framework and how reliability related risks fit within the larger context.
Simple to Enterprise Risk Management
In Greg Hutchins book, ISO 31000 Enterprise Risk Management there is a table (page 34) that summaries the differences between risk management and enterprise risk management.
The consideration of reliability is most organizations have been with the product and engineering level. Of course, other entities within an organization consider the impact of reliability performance on the ability o meet customer expectations and business objectives, yet most of the identification and mitigation work is at the engineering level.
Risk Management and Reliability Engineering
Risk management as commonly practiced by reliability practitioners is characterized as:
- Compliance and Specification focused
- Downside risk-focused
- Cost focused
- Bottom-up process
We tend to find failures, qualify and quantify the risk, then attempt to mitigate with design or process changes. We may raise major issues to higher levels in the management team, as needed.
In some organizations, there is more proactive work to identify and design out potential field failure risks. In som, the discussion around the consequences of field failures may include the quantified impact on market share and customer satisfaction, or profitability. These proactive activities and considerations fit well within an enterprise risk management framework.
Enterprise Risk Management and Reliability Engineering
A well designed and implement enterprise risk management (ERM) framework may be characterized as:
- Governance, risk, and compliance focused
- Opportunity and downside risk-focused
- Preventive, predictive, preemptive
- Value, return, and investment focused
- Top-down process
ERM requires senior management include the board of directors commitment and involvement. The risks involved have a larger scope than that involved with a little higher warranty return rate than expected. Also, the risks involve span well beyond field reliability performance.
If your organization has or is developing an ERM framework, understanding how your work as a reliability professional fits into the larger program is essential. You need to know what information triggers consideration and action by you, your team, or another team or management group within the organization.
Reliability is Part of Enterprise Risk Management
It’s not the only part. Know how reliability information from goal setting, understanding customer requirements/expectations, to field failure reporting fit within your organization’s risk management programs.
As you know, preventing field failures with good design and risk mitigation is a solid investment in risk avoidance. Think bigger and consider how changes in how your team delivers reliable product and reliability information fits within the needs of key decision makers within your organization. Help them to understand reliability related risks, and how to properly mitigate those risks effectively.
How’s your risk management program? Reactive or proactive? Does your organization have an ERM program and if so how does your reliability work fit into that program?
Also published on Medium.