Turning Uncertainty into Informed Action
Co-authored by Mike Vella
At its core, risk management exists to protect us. It aims to reduce both the likelihood and the consequences of adverse events, whether those events affect safety, quality, cost, equipment, or project schedules.
Good risk management is not reactive. It is proactive. It assumes that future events can be influenced and, to some degree, controlled. That belief alone fundamentally changes how organizations plan, design, and operate.
What Do We Mean by “Risk”?
In practical engineering terms, a risk has three essential components:
- An event – some unwanted change or outcome
- The probability that the event will occur
- The impact if it does occur
Another way to ask the same question is: What is at stake?
Once those elements are understood, risk management becomes less abstract and far more actionable.
A General Risk Management Process
Risk management models are not one-size-fits-all. They vary by industry, organization, and application. Still, most effective models share a common backbone.
1. Risk Identification
This is the deliberate search for risks before they become problems. The goal is to surface conditions or events that could negatively affect a project, process, or system.
2. Risk Analysis
Here, raw risk information is transformed into decision-ready information. This step evaluates likelihood, severity, and contributing factors so leaders can prioritize intelligently.
3. Risk Planning
Risk planning translates analysis into decisions and actions, both immediate and long-term. This is where mitigation strategies, contingencies, and acceptance criteria are defined.
4. Risk Implementation and Monitoring
Actions are executed, and risk indicators are monitored throughout the project or activity. Deviations are identified early, allowing corrective action before losses escalate.
5. Control and Adjustment
If risk indicators drift out of acceptable bounds, actions are adjusted. The intent is always the same: reduce the impact of unforeseen effects and bring the system back under control.
6. Communication
Communication is not a side activity. It is central to effective risk management. Visibility, feedback, and shared understanding are what allow risk management efforts to succeed across teams and organizations.
Risk Management Is Iterative, Not Linear
Risk management is often shown as a neat sequence of steps, but in practice it is iterative. As more information becomes available, assumptions are revisited, risks are re-ranked, and plans are updated.
This is especially true during execution phases, where real-world data replaces early estimates. Effective risk management expects this and is designed to adapt.
Leadership Owns the Process
While standards and frameworks are helpful, risk management ultimately belongs to leadership.
Every organization must define, customize, and enforce its own risk management process. Industry standards can guide that effort, but they cannot replace ownership or judgment. Risk tolerance, priorities, and decision authority are leadership decisions, not checklist items.
Common Risk Management Frameworks
Several widely used frameworks formalize these ideas.
Project Management Institute (PMI)
PMI expands the basic risk process into six steps:
- Risk management planning
- Risk identification
- Qualitative risk analysis
- Quantitative risk analysis
- Risk response planning
- Risk monitoring and control
PMI provides extensive resources, particularly for project-driven environments.
ISO 31000 (International Risk Management Standard)
ISO 31000 provides broad guidelines applicable across industries. It emphasizes:
- Scope, context, and criteria
- Risk identification, analysis, and evaluation
- Risk treatment and mitigation
- Ongoing monitoring, review, communication, and consultation
The focus is on embedding risk management into everyday decision-making rather than treating it as a standalone activity.
FDA Q9 (Quality Risk Management)
FDA Q9 is especially relevant to regulated industries. It emphasizes:
- Risk assessment through identification, analysis, and evaluation
- Risk control through reduction or acceptance
- Risk review to ensure decisions remain valid over time
- Strong emphasis on risk communication and appropriate tool usage
Although developed for healthcare and life sciences, its principles translate well to manufacturing and quality systems.
Different Models, Same Objective
Despite differences in terminology and structure, all credible risk management models share the same intent:
Minimize losses related to safety, cost, equipment, quality, and schedule.
They differ not in purpose, but in how explicitly they guide planning, analysis, and decision-making.
Final Thought
Risk management is not about eliminating risk. That is rarely possible. Instead, it is about making uncertainty visible, deciding deliberately, and acting early.
When done well, risk management shifts organizations from reacting to problems toward anticipating them. For engineers, designers, and quality professionals, that shift is often the difference between controlled outcomes and costly surprises.
Authors’ Biographies
Ray Harkins is the General Manager of Lexington Technologies in Lexington, North Carolina. He earned his Master of Science from Rochester Institute of Technology and his Master of Business Administration from Youngstown State University. He also teaches 60+ quality, engineering, manufacturing, and business-related courses such as Quality Engineering Statistics, Reliability Engineering Statistics, Failure Modes and Effects Analysis (FMEA), and Root Cause Analysis and the 8D Corrective Action Process through the online learning platform, Udemy.
Mike Vella served as Senior VP Operations at the Suter Company, an employee-owned food producer located in Sycamore, Illinois for 12 years. Prior to joining Suter, Mike was the Vice President and General Manager of TI Automotive’s Brake and Fuel Group in North America. He is a Fellow with the American Society of Quality and an instructor with the Manufacturing Academy, developing training resources focused on quality, problem solving and statistical analysis.
Leave a Reply