With the advent of ISO 31000 and other ISO standards suggesting organizational risk management practices, your organization may have or soon will implement a risk management plan. Reliability of your products, systems, or assets is an element of the organization’s risk profile.
As reliability professionals, your knowledge and skills are a natural fit within any risk management plan. You may focus exclusively on the reliability performance-related risks You may find the skills and tools to identify and mitigate risks play an important role beyond just reliability performance.
Large and small organizations face risks. The lines of communication differ as do the context, culture, and management practices between any two organization. The implementation of a risk management plan has to fit your organization.
Here are few general guidelines and practical considerations when implementing your organization’s risk management plan.
Executive Management, Risk, and Reliability
Major decisions within an organization are the purview of executive management. The investment to design and build a new product or purchase major assets for the factory require executive management oversight, approval, and commitment.
The eventual reliability performance of a new product or factory asset will directly impact profitability. The risks involved with the eventual reliability performance are also of concern of executive management when the impact of the risk is sufficiently large.
The implementation of the risk management plan should include the best available reliability information to properly inform executive management of the reliability performance based risks. Communicating clear and concise reliability performance expectations, risks, uncertainties, or events require an ongoing stream of information that makes sense to your executive team.
Here are a few guidelines to consider when implementing a risk management plan:
- Secure executive management engagement with the plan. Just being aware of the plan is not sufficient, it has be implemented such that it provides the executive management team with meaningful, actionable information.
- Manage uncertainty. A simple means is to include estimates of uncertainty with any estimates or calculations. If the results rest on assumptions or engineering judgment, say so and to what extent the reported results may change with changes in assumptions, etc.
- Fit risk management within organizational governance, not as an added effort or side project. Risk management is part of leading and managing an organization.
- Fit the risk management program within how an organization already does business, not as it should do business.
- Establish metrics, triggers, and reporting requirements. Then make sure it is working as expected.
- Keep all stakeholders informed and involved.
- Ensure a common and well-understood language around risk (risk profile, risk tolerance, etc.) exists across the organization. Establish training and refresher elements to establish and maintain a common understanding of the risk management plan and terminology.
- Review the risk management principles in ISO 31000 and adjust your plan to align with those principles.
- Review efficiency of the implementation of the plan, adjust and improve the plan and its implementation.
Best Practices and Considerations
Keep in mind that the risk management plan for your organization has to fit within and serve your organization. Understanding your organization’s culture concerning decision making and fitting your plan and framework to work within that culture is easier than changing your culture to suit a plan.
As with any project, define objectives, milestones, measures, and success criteria. Define who does what and by when both for the development and execution of the risk management plan. Track progress and adjust as necessary to achieve the appropriate objectives.
Include both technical and professional development to improve capabilities within the organization identify and mitigate salient risks.
Conflicts and differences of opinion will happen, establish reporting and escalation procedures to resolve issues quickly.
Understand that the risk management plan will not be perfect, therefore plan on careful monitoring and reviews to help improve the plan to meet your risk management objectives.
Finally, does the plan meet your needs? Risk management is a tool to help you and your organization understand and manage risks to the organization, customers, and society.
Reliability of your product or asset is only one of many risks facing an organization. Understanding and supporting the larger organization risk management program helps you convey reliability risks. Plus, understanding the risk management plan allows you to support the larger identification and mitigation set of tasks given your set of skills as a reliability engineer.