Proactively managing risk: the new "waste".An unforeseen risk causes a problem to hit you out of the blue. Someone is assigned to get to the bottom of the problem and solve it--quickly! Everyone looks for what, or who, is to blame for the latest predicament. You're in firefighting 1. firefighting - What sysadmins have to do to correct sudden operational problems. An opposite of hacking. "Been hacking your new newsreader?" "No, a power glitch hosed the network and I spent the whole afternoon fighting fires." 2. mode. There are many ways to become aware of risks and their causes. Waiting until a problem arises is a very reactive solution. The better way is to take a more proactive approach. A continuous process improvement (CPI (1) (Characters Per Inch) The measurement of the density of characters per inch on tape or paper. A printer's CPI button switches character pitch. (2) (Counts Per I ) tool called value stream mapping Value Stream Mapping is a Lean technique used to analyse the flow of materials and information currently required to bring a product or service to a consumer. At Toyota, where the technique originated, it is known as "Material and Information Flow Mapping" [1]. (VSM VSM Value Stream Mapping (manufacturing process evaluation technique) VSM Vibrating Sample Magnetometer VSM Vascular Smooth Muscle VSM Visual Studio Magazine VSM Vietnam Service Medal VSM Virtual Shared Memory VSM Viable Systems Model ) has been used effectively over the last decade to help organizations visualize their key processes so as to expose problems of waste and to plan improvements. The CPI approach follows through on those improvement efforts and repeats the process for still greater gains. Traditional CPI is focused on removing waste or non-value-added steps. But with just one more pass added to the standard CPI methodology, VSM can be used to also identify and reduce risks in all key processes. This combination of VSM enables organizations to leverage the continuous improvement initiatives that are likely already part of their ongoing transformation effort. Risks as Threats We are all exposed to risks daily--at work and in our private lives--and often manage them without even thinking about it. Organizations are challenged to maintain operations during disruptions and to avoid operational failures. Whether by natural disaster, terrorist action, or simple employee mistakes, organizations need to identify risks and mitigate losses. We need to ensure that we think about risk actively and proactively in the way we deliver value to customers. Risks can be opportunities as well as threats, but this article will focus mainly on risks as threats. Risk management means developing and deploying a systematic corporate process for cost-effectively identifying, assessing, and addressing risks and causes of risk. [ILLUSTRATION OMITTED] Risks can take various forms: financial risks, risks to the public or key stakeholders Stakeholders All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. , risks to project success, risks to the products or services, risks from missed opportunities, policy failures, and even risks to reputation. Risks can affect an organization's performance, stakeholders, customers, and future livelihood. A clear understanding and plan are needed for managing risks. Done properly, a plan for mitigating risk can be integrated into existing strategic plans to meet key objectives, targets, and the demands of good corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. . Good risk management reinforces the value of appropriate risk taking. It can also encourage innovation through promoting a no-blame culture. Risk management must not be seen as something in addition to effective operations; it must be part of what an organization does every day to be successful. Having a risk management process in place is critical for business success. Risk: A New Form of Waste Many firms have started implementing CPI principles in their many forms (Lean, Six Sigma Not to be confused with Sigma 6. Six Sigma is a set of practices originally developed by Motorola to systematically improve processes by eliminating defects.[1] A defect is defined as nonconformity of a product or service to its specifications. , Theory of Constraints Theory of Constraints (TOC) is an overall management philosophy that aims to continually achieve more of the goal of a system. If that system is a for-profit business, then the goal is to make more money, both now and in future. , etc.). The key principle in CPI, as outlined in many works on the Toyota Production System The Toyota Production System (TPS) is the philosophy which organizes manufacturing and logistics at Toyota, including the interaction with suppliers and customers. The TPS is a major part of the more generic "Lean manufacturing". , is the constant elimination of wastes, which are non-value-added steps, tasks, or work. If risks are considered by all practitioners as another form of waste, risk analysis and mitigation can easily leverage the current CPI methodology (sequence of activities to improve processes). The seven wastes, first detailed by Toyota Production System developer Taiichi Ohno in the 1950s, are as follows: * Overproduction--Producing more material than is needed before it is needed * Inventories--Material sits taking up space, costing money, and potentially being damaged; problems are not visible * Waiting--Material, people, or assets are waiting; value is not flowing to customers * Defects--Defects impede im·pede tr.v. im·ped·ed, im·ped·ing, im·pedes To retard or obstruct the progress of. See Synonyms at hinder1. [Latin imped flow and lead to wasteful rework re·work tr.v. re·worked, re·work·ing, re·works 1. To work over again; revise. 2. To subject to a repeated or new process. n. , handling, and effort * Motion--Any (human) motion that does not add value is waste * Transportation--Any (product) movement that does not add value is waste * Overprocessing--Extra processing not essential from the customer point of view. To these, we add risk as the eighth waste: * Risk--Any risk or cause of risk in a key process that is not identified, assessed, and mitigated is waste. We think of risk as a waste because when an uncertain risk becomes a reality, the effort expended ex·pend tr.v. ex·pend·ed, ex·pend·ing, ex·pends 1. To lay out; spend: expending tax revenues on government operations. See Synonyms at spend. 2. to address the problem is above and beyond what should have been expended--and that is waste. Reactive versus Proactive Risk Management A key to successful risk management is a method by which risks are identified and mitigated continually in an organization. Ideally, organizations should want a method that can identify the risk in advance of experiencing the failure. As we stated earlier, there are many ways to become aware of risks and their causes in an organization. The figure shows a continuum of reactive versus proactive methods, from getting hit by a problem and reacting, to leaders identifying key Value Streams and reducing risk as part of their larger transformation efforts. The method described on the far left of the continuum is not really risk management, and some organizations remain there, at least until major risks affect them. Firms often move their risk management efforts to the right on the continuum over time, based on the impact of the risk events they are experiencing. Unfortunately, it sometimes takes significant impact, like legal action or oversight body intervention, to move some organizations to a proactive position. The closer a firm is to the left side of the scale and the more it resists movement to the right, the greater the likelihood that a public-, investor-, media-, or regulator-driven crisis will threaten its existence. A Risk Management Framework A risk management framework, which incorporates the DoD's five-step risk management process, is the basis for the methodology. The five steps are identify risks; assess risks; develop mitigation control options and choose the best ones; implement mitigation controls; supervise and evaluate. The first four steps are sequential and repeated as new, discrete risks are identified. The supervise and evaluate step runs concurrently with the other four steps. Within the supervise step, the organization involves internal and external stakeholders, plans for risk management, and tracks risk and mitigation activities. In the methodology, risk mitigation is partitioned into two separate steps: one to develop risk mitigation options and make decisions, and the other is to implement the selected options. The model was developed by NewVectors LLC (Logical Link Control) See "LANs" under data link protocol. LLC - Logical Link Control in a project called Material Security in the DoD Disposal System, conducted for the Defense Sustainment Consortium with funding from the Defense Logistics Agency Noun 1. Defense Logistics Agency - a logistics combat support agency in the Department of Defense; provides worldwide support for military missions Defense Department, Department of Defense, DoD, United States Department of Defense, Defense - the federal department . The prime contractor was The Advanced Technology Institute. Using VSM to Identify More Risks For process risks, a CPI planning tool called value stream mapping can be used by teams to effectively visualize and improve their key processes, as well as to identify and reduce risks in those processes. A typical value stream mapping session will detail both the material flow (product, paper, or even a service) and information flow (rules, plans, or directions for who does what and when) that make up the process. This is sometimes called the "current-state map" or "as-is" map. After the map is developed and verified, the team can make a second pass to highlight risks and causes of risk in and between each process or information step. After a brief discussion of the high-level risks for the organization (be they financial, safety, or other--and they will be different for each organization and business unit), the facilitator could ask the team some key questions to uncover causes of risk in each key process: * What could happen in and between these steps to cause one of the high-level risks? * What could happen in the process that we might not catch internally? * What could be missing or wrong in the information flow to cause one of the high-level risks? Some possible causes of risks are entry errors, inadequate equipment to perform a task, and even language barriers. [ILLUSTRATION OMITTED] Value stream mapping is a form of process mapping that also includes the total accumulated time (both value and non-value added) at the bottom of the map. It is time-scaled. The team mapped in detail the demilitarization de·mil·i·ta·rize tr.v. de·mil·i·ta·rized, de·mil·i·ta·riz·ing, de·mil·i·ta·riz·es 1. To eliminate the military character of. 2. (demil) and mutilation Mutilation See also Brutality, Cruelty. Mutiny (See REBELLION.) Absyrtus hacked to death; body pieces strewn about. [Gk. Myth.: Walsh Classical, 3] Agatha, St. had breasts cut off. [Christian Hagiog. as a condition-of-sale process. This is one of the key processes for the Defense Logistics Agency's Defense Reutilization Marketing Service (DRMS Noun 1. DRMS - the organization in the Defense Logistics Agency that inventories and evaluates and sells reusable United States government surplus Defense Reutilization and Marketing Service ), which sells scrap material, requiring it to be demilitarized or mutilated mu·ti·late tr.v. mu·ti·lat·ed, mu·ti·lat·ing, mu·ti·lates 1. To deprive of a limb or an essential part; cripple. 2. To disfigure by damaging irreparably: mutilate a statue. after the property is sold. After doing the traditional value stream mapping, the team made a second pass over the process, identifying potential causes of risks. These risks were documented on the map using different colored 3M Post-it[R] Notes. A Post-it Note Post´-it note n. 1. A small sheet of paper having the back part partly covered with a non-permanent gum which allows the note to be attached temporarily to another object, and easily removed without leaving any trace of glue on the object to representing each process step in the value stream map was placed in its own functional "swim lane A swim lane (or swimlane) is a type of process flow diagram that depicts what or who is working on a particular subset of a process. The swim lane flowchart differs from other flowcharts in that processes and decisions are grouped visually by placing them in lanes. " or row across a multirowed roll of paper. The team collected some key data about each process, including total process cycle, "touch" time, paper/information flows, and causes of risk. Initial results for DRMS, after just a few weeks of implementing its risk control plan for the demil process, showed a 25 percent reduction in overall risk score (a product of the likelihood of each identified event, multiplied by the impact if it were to occur, normalized by the team on a 1-to-10 scale). Significant improvements were also made to the process to help prevent improper releases of materials and reduce information errors. The biggest benefit to using VSM to identify risk is that CPI tools are likely already used in organizations today. As organizations adopt Lean or other CPI methodologies, they should consider using VSM as a strategic planning Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. tool to integrate, highlight, and prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. opportunities for waste, risk, and complexity reduction. A key part of developing a company's risk management strategy and plans (step 5 in the DoD framework) is to set clear guidelines for continued risk management in all key processes. Using best CPI practices, the leaders of each value stream should create a new "vision" every 12 months or so to further improve the process. Because they are combined, risk analyses will be repeated in this same timeframe and implemented with improvements in flow, waste, and variation. Instead of making a supply chain more brittle (jargon) brittle - Said of software that is functional but easily broken by changes in operating environment or configuration, or by any minor tweak to the software itself. Also, any system that responds inappropriately and disastrously to abnormal but expected external stimuli; e. (e.g., by removing inventory and going faster), this new process would reduce risk by addressing the causes alongside removing waste from a process. Safety is a type of risk that is well suited to this approach. It is possible to get improvements in safety as Lean and CPI implementation ensue en·sue intr.v. en·sued, en·su·ing, en·sues 1. To follow as a consequence or result. See Synonyms at follow. 2. To take place subsequently. , but often the reverse is true in companies today. In an article circulated by Toyota Motor Manufacturing, Kentucky, Taiichi Ohno said, "Safety is always our first and foremost concern, and there can be no man-hour reduction activity without consideration for safety." He also warned that "there are times when improvement activities do not proceed in the name of safety." As flow and efficiency improvements are made, people go faster. This can cause injuries. If the CPI team makes risk a part of their value stream mapping while elevating safety to a high-level risk, they will proceed with actions that must also improve safety. Summing up the CPI with Risk Management Process The team added more elements to the standard DoD 5-step risk management framework to reduce and manage risks even further. This allowed the team to focus on the actual risk-reduction activities as risks were identified. The following list highlights some key steps to reduce risk within the framework of a larger CPI effort. The second-level items show the added elements in the typical VSM methodology that identify and reduce risks: * Identify key process to improve (core processes that add value for your organization) * Create a team tasked to continue working until the goals are met * Create a Current State Value Stream Map; validate * 2nd Pass: Additional Risk process steps: Discuss the high-level risks for the organization (e.g., financial, safety, other) * Assess risks * Propose and evaluate mitigation options * Select mitigation options * Create a Future State Map; a 12-month-ahead vision for what the process should be * Create action plans; integrate and prioritize risk-reduction items with other improvements * Implement action plans * Track improvements * Repeat--schedule another analysis of this key process in 12 months, and spread the combined CPI/risk-management methodology throughout the organization. Why Combine Risk Management and CPI? There is synergy in combining risk management with CPI. There are also several similarities between risk management and CPI process steps that are worth noting; some of them are: * Need for reflection or capturing lessons learned * (Always) involving teams of subject matter experts * Just-in-time training for the people implementing the changes * Communication in many forms * Good governance The terms governance and good governance are increasingly being used in development literature. Governance describes the process of decision-making and the process by which decisions are implemented (or not implemented). at the leadership level * Great follow-through. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. John Maxwell John Maxwell may refer to:
Rises and falls is a category of the ballroom dance technique that refers to rises and falls of the body of a dancer achieved through actions of knees and feet (ankles). on leadership." This applies to risk management and CPI. As improvement efforts mature, workers see that the documented improvement philosophy does not change with new leaders and that this methodology is becoming part of the way people think and work every day. Norman Vincent Peale Dr. Norman Vincent Peale (May 31, 1898 – December 24, 1993) was a Protestant preacher and author (most notably of The Power of Positive Thinking) and a progenitor of the theory of "positive thinking". said, "How you think about a problem is more important than the problem itself." Does your organization have a systematic process for improving processes (e.g., CPI)? Do your people all know and use that methodology? Where is your organization along the continuum of reactive to proactive in addressing risk? Does your organization see risk as another form of waste? And, one last question: Wouldn't it be nice if the CPI methodology used daily also reduced risk as well? This is the goal of combining risk management with CPI.
Continuum of Reactive vs. Proactive Risk-Management Methods
Hit by Make plans based on Brainstorm on Leaders identify Value
problem; prior experience of occasion; make Streams and reduce risk
react bad risks plans to prevent (as part of larger CPI
future risks effort)
Reactive Proactive
Hoeft is a Lean coach at NewVectors. He trained with Toyota and now serves as a sensei sen·sei n. pl. sen·seis 1. A judo or karate teacher. 2. A teacher or mentor. 3. Used as a form of address for such a person. , while teaching in the University of Michigan's Lean programs. Davey works for NewVectors on supply chain improvement projects using risk management and simulation. She studied industrial engineering at SUNY SUNY - State University of New York and the University of Michigan (body, education) University of Michigan - A large cosmopolitan university in the Midwest USA. Over 50000 students are enrolled at the University of Michigan's three campuses. The students come from 50 states and over 100 foreign countries. . Newsome is a Lean Black Belt and chief of transformation initiatives with the Defense Reutilization and Marketing Service Noun 1. Defense Reutilization and Marketing Service - the organization in the Defense Logistics Agency that inventories and evaluates and sells reusable United States government surplus DRMS . The authors welcome comments and questions and can be contacted at steve.hoeft@newvectors.net melinda.davey@newvectors.net, and dean.newsome@dla.mil An Internet address domain name for a military agency. See Internet address. (networking) mil - The top-level domain for entities affiliated with US armed forces. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion