Category: Risk Based Thinking
If the last 3 months have taught us anything about lean and process improvement, it should be that long supply chains are not lean. It is interesting that many of the businesses that should know better e.g. automotive businesses have been caught out with this problem.
One of the key components of a truly lean business is local supply chains. When COVID19 erupted in China, supply chains to many British (and global) firms were disrupted. The loss of capacity directly affected output of suppliers running long supply chains and trying to achieve JIT (Just In Time). The excess inventory in the supply chain bought some time, but very quickly those businesses found themselves with too few parts. The supply chains were not even just in different countries in one continent, they crossed multiple continents. As the crisis in China worsened, back up plans were implemented. Some worked, some didn’t, some businesses had not activated their emergency plans for so long they were no longer valid. Suppliers had ceased trading, disposed of tooling, changed materials, machinery, people, processes, all of which will have required fresh quality assessments. No doubt these were expedited, often by trading risks, the risk of quality failure later seen as a smaller risk than supply failure now.
We now face a nightmare scenario. Low output from extended supply chains and inadequate emergency response plans in the first instance, now the virus has spread to our country. The requirements for social distancing and isolation are now hampering output here in the UK – just as output in China is starting to come back online. The extended reduction in output has significant economic impact, requiring government intervention to prevent industrial collapse.
For now we must all be rational, obey the social distancing and isolation advice to ensure our communities are safe and the vulnerable are protected, but what of the future? I suggest that when we regain stability, British companies should re-evaluate the use of extended supply chains. We should onshore the manufacturing of critical components to insulate the supply chain from a further risk. With increasing severe weather events from climate change, political instability and regional unrest, long supply chains hold high risk. The risk and hence cost is not borne by the company alone, there is government level risk that is being taken through global supply chains. With some organisations transferring profit to benefit from better tax conditions, it is possible that the contributions of a business in a country don’t match the cost of large scale supply chain disruption. Whilst it can be tempting to focus on short term cost saving, the long term economic damage of a significant global event is too high a risk. This too is a feature of lean thinking, organisations must foucs on the long term strategic benefits.
If a business wants to be truly lean this must include long term strategic thinking and as a result localised supply chains wherever possible.
Under the revised ISO quality systems standard ISO9001:2015 there is a requirement for risk assessment, but what does that really mean?
It is relatively easy to understand risk in the context of safety or environmental contamination, but how does risk apply to quality? The best way to start looking at this is to think about what a complaint is; complaints happen when the business has failed to deliver the customer’s expectations against an order. A specification was agreed, the customer had a clear vision of the benefit they would experience from purchasing your product, but it failed to deliver.
Sometimes the product attracts complaints even though it meets the specification. Why?
Part of the revised standard requires businesses to understand the context of their business, in other words do you understand your business strategy and the market segments you are targeting? Also who will buy from you and who are your competitors?
From start to finish of delivering a product or service there are risks. Did we understand what the customer asked for, does the customer understand what they need, did we produce what we expected to produce, was it delivered on time? There is a tendency to assume that the customer knows what they want , understands how my product will achieve their aims and knows how to use my product. Sometimes this is true, but often there are assumptions and misunderstandings in the buying process that make this a false view.
There are several points at which the risk of providing the wrong product or service can be controlled. The first is ensuring we understand what the customer wants, which involves not only understanding the stated requirements of the customer, but also the unstated requirements such as obvious or industry standards in the customers business that they would just expect us to know. One example would be renting a room in a hotel – do you need to specify the the room has a bed in it? If our standard products don’t satisfy the customer needs or their stated requirements, what else do they need that we don’t know about. the risk of failing to address this is the customer choosing another supplier.
These considerations were implicit in ISO9001:2008, but have been made explicit in ISO9001:2015. There are many ways to manage risk, but we can only manage risks when we assess what the risks are.
One of the most significant changes in ISO9001:2015 is bringing the requirement to understand the legislation that is relevant to your business. This was always a requireemtn, but with the harmonisation of standard structure from Annex SL, the legislative requirement has been made more obvious.
Another area that has been strengthened with more rigorous risk analysis is handling of non-conformance. Whilst consideration of the risks associated with releasing the product have always been considered, an FMEA approach requires us to consider both performance and commercial risks, which may not have been clear before. What are the potential costs of failure compared to the cost of rejecting or scrapping the product? This is not a licence to release anything, far from it. An effective FMEA on a non-conforming product should involve all stakeholders, which must include the customer. Can we afford to involve the customer in a decision about defective stock? Surely it is healthier for the supply chain if we do, it also gives the customer a chance to consider the real impact of a defect, not only on their process, but also on their total supply chain costs.
Rejecting something that is out of specification seems an easy choice, but it creates costs which will come back later in the form of price increases.
Auditing is an area where risk has become an explicit consideration. It is no longer acceptable to simply audit on the basis of auditing all procedures every year, now we must consider the risk to the business of a failure in a particular area. When you consider the risk it becomes obvious that just auditing every process every year is not the right thing to do. For example if there is a manufacturing process that is absolutely critical to customer quality, would it make sense to audit that process at the same frequency as a process that causes a minor inconvenience if there is a defect?
In conclusion, applying risk analysis techniques as part of the QMS encourages the business to consider its strategy, objective and environment in a structured and rational way. Using risk analysis in this way helps a business integrate its quality functions into the daily business operations and makes it almost impossible for a business to run a QMS in parallel to standard business operations. Integration at this level results in safer products, more accountability and better customer satisfaction.