Adopting a risk mindset
It is not too late for all sectors of industry to take lessons from the recent Boeing 737 MAX tragedy and adopt workplace strategies that focus on the benefits of a risk mindset in operations and activities
In March this year, the crash of an Ethiopian Airlines Boeing 737 MAX claimed the lives of all the passengers and crew. Since then, the spotlight has been firmly fixed on the aircraft manufacturer’s representatives, who have been hard-pressed to issue assurances that possible flaws that could have led to the disaster are being addressed.
Among statements made early on by Boeing’s CEO, Dennis Muilenburg, is a critical line that still resounds. He said: “It’s our responsibility to eliminate this risk. We own it and we know how to do it.” There is no doubt that the company has a robust risk-management framework in place.
From that perspective, it is not too late for all sectors of industry to take lessons from the tragedy by adopting workplace strategies that focus on the benefits of a risk mindset in operations and activities.
Awareness of process risks and opportunities
Enterprise-wide risk-management processes instil a culture of risk evaluation and awareness among relevant stakeholders. This mindset encourages process owners to be vigilant and anticipate potential dangers, even if job descriptions of those who could be in jeopardy do not include risk-related activities.
The engagement of people is one of seven quality-management principles that form the foundation of the ISO 9001:2015 quality-management systems standard. For example, when a job card is issued to a process owner, the supervisor should involve him or her in underlining the importance of adhering to process controls.
In case deviations occur, instead of implementing consequence management, line management should promote a lessons-learned approach. A risk-based mindset should always be applauded when risks are averted that could have impacted on the quality or safety of the final product.
Alignment of risk assessment to the process
When an organisation decides on the processes it needs, it take should take into consideration the associated risks. ISO 9001:2015, clause 4.4.1 (f) requires an entity to “address the risks and opportunities as determined in accordance with the requirements of clause 6”. Consequently, clause 6.1 refers to “actions to address risks and opportunities”.
Process-based risk assessments and related controls need to be aligned to the relevant operations and activities. Let us envisage a scenario where job cards are not completed as scheduled. Depending on contractual obligations, penalties are likely to be imposed if on-time delivery of a product or service is not met.
Encourage accountability and learning
Management should encourage personnel to be accountable for their final outputs. Integrating risks into operations and activities involves personnel making appropriate decisions – and that’s a challenge if they are not aware of, or ignore, the extent of the risks the organisation they represent is prepared to take.
For instance, news reports published regularly indicate that some companies fail to determine appropriate risk measures when evaluating and selecting service providers. Behind these stories are the company representatives who make decisions on behalf of their entities.
The relentless quest to improve inevitably demands taking lessons from past events. Management should ascertain what controls were overlooked or ignored. They should also determine the impact the outcome has had on the organisation.
Adopting this approach will help organisations to go beyond mere tick exercises and should result in the implementation of best practices aimed at enhancing risk-management strategies. This should simultaneously help to encourage a culture of risk accountability.