Quality assurance focus has been the minimization of defects in the pursuit of competitive advantage and the satisfaction of stakeholders (usually customers) who increasingly expect perfection in the delivery of products and services. Interestingly, while one could argue that many staff functions have these elements as goals or outcomes, few other disciplines seem to lend themselves so closely to the ultimate objectives of risk management. In essence, losses, errors and defects are similar and produce similar operational and financial impacts. Indeed, a marriage of disciplines could be beneficial.
I first stumbled on this issue when I was asked to consider a key leadership role heading both enterprise risk management and quality assurance functions for an organization with global reach. My curiosity was piqued and I began to investigate the dynamics of the quality assurance function and contrasting it with risk management. It seemed an odd pairing and a rare one, but the focus of each set of responsibilities reflected significant overlap and a more natural alignment than I first thought. Of course, this discipline takes on quite a different approach depending on the industry within which it is used. In fact, in financial services it is often represented by the process engineering discipline, in which many quality assurance tools and techniques are used to accomplish objectives. You may know this as the Six Sigma approach in manufacturing.
Now with the International Standards Organization (ISO) having fashioned ISO 31000 as a valuable, albeit non-certifiable risk standard that is both comprehensive and simple in construction, the parallels in these disciplines are even more obvious. The quality assurance discipline is enabled by several ISO standards, typically subject to certification, such as ISO 9001, ISO Guide 34 and ISO 17025 among others. These standards guide the quality assurance practitioners in ways similar to ISO 31000 and when used together, complement each other in many areas. A leader so challenged with these combined accountabilities can capture synergies between the two disciplines allowing for greater efficiencies in overlapping areas.
ISO standards follow a common approach used in their management system standards, which represents a thread of logical implementation and execution often referred to as "PDCA" or Plan, Do, Check and Act. The approach contains an elegant simplicity. It can be easily followed whether you're executing risk management or quality assurance processes.
The synergies become more pronounced when you review and compare the two leading standards. ISO 31000 is constructed around a set of principles for management to follow; a framework that articulates the "how to" of managing risk and a set of process elements that are the tactics that define execution of risk strategies and goals. ISO 9000 also jumps off a set of principles that guide the quality assurance professional down a road of consistency and efficiency that leads to a process of certification that when achieved, facilitates competitive advantage.
Both disciplines enable outcomes that improve corporate performance and results. The opportunity to broaden the discipline, and accomplish more through efficiencies not commonly contemplated, seems to make plenty of sense.
CHRIS MANDEL is the president of Excellence in Risk Management LLC, a long term risk management leader and former president of RIMS.
May 1, 2011
Copyright 2011© LRP Publications