QM & RM – making it work together

Kvalitetsdagene 2012

© Det Norske Veritas AS. All rights reserved. 2

Det Norske Veritas (DNV)

identify assessmanage

risk

© Det Norske Veritas AS. All rights reserved.

Who am I?

3

Rune M. MoenSenior Principal ConsultantDet Norske Veritas

Tel.: +47 95 14 92 21Mail: rune.moen@dnv.com

� Ph.D. within Quality Management

� 20 years consultant and line manager experience from Norway, Germany and the Netherlands

� Competence within Strategy and Organisational development, Risk Management, Quality and Process Improvement

� PMP certified project manager for several large projects within- Risk Based Management System development- Independent quality assurance of large investment projects

© Det Norske Veritas AS. All rights reserved.

Objectives of this session

How to combine Risk Management and Quality Management principles and systems to improve corporate governance

How to understand and create barriers to reduce risks and improve process performance

4

How to make this work in day-to-day business

© Det Norske Veritas AS. All rights reserved.

Reality for some – can it be you?

December 15, 2004 - Planemaker Airbus's A380 superjumbo project is running 1.45 billion euros ($1.93 billion) over budget because of work to improve theefficiency and weight of the aircraft, the co-head of parentcompany EADS said. Total costs for the mammothdoubledecker are currently estimated at over 12 billion euros.

5

© Det Norske Veritas AS. All rights reserved.

How to ensure quality?

6

Management processes

After salesPurchasing ProductionDevelopment Storage Sales Distribution

Support processes

Concequence

Like

lihoo

d Priorities

© Det Norske Veritas AS. All rights reserved.

Good corporate management - planning ahead

Objectives

Decisions

Processes

Results

Risk ManagementQuality Management

Threats &opportunities

7

© Det Norske Veritas AS. All rights reserved.

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

Five steps to good Corporate

Management

8

© Det Norske Veritas AS. All rights reserved. 9

External sources of Risk

Rules &

regulations

New laws

Liability

Audit

Morals

Ethics

Reporting

ResponsibilityClients

& MarketCustomer loyalty

Trust

Margins

New products

Competition

Market share

Profitability

Brand

Pricing

Contracts

Competition

Suppliers

& Partners

Loyalty

Trust

Exchange of information

Conflict of interest

Hidden agenda

© Det Norske Veritas AS. All rights reserved.

Internal process Risks

10

Process 1

Probability

Consequences

Risks Potential causes FIN REP HSE

Risk 1

Risk 2

…….

Processes Description Process Owner

Process 1

Process 2

Process 3

…….

Risk = Threats & Opportunities

© Det Norske Veritas AS. All rights reserved.

Lack of facility maintenance

� injuries

Key supplier go bankrupt

� Delay in production

Budget reduction

� reduced service quality

Customer expectations unclear

� Customer complaints

Tight labour market

� lack of competence

Inadequate management system

� Unclear roles and responsibilities

Management&

Control

Processes &

Activities

Unstable IT systems

� Loss of critical data

Risk radar

11

© Det Norske Veritas AS. All rights reserved.

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

Five steps to good Corporate

Management

12

© Det Norske Veritas AS. All rights reserved.

Risk analysis and follow-up

13

Risks assessed against business objectives

© Det Norske Veritas AS. All rights reserved.

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

Five steps to good Corporate

Management

14

© Det Norske Veritas AS. All rights reserved.

Prioritisation and treatment strategy

Treat

• Preventive measures reduce the likelihood of the event

• Corrective measures reduce consequence of the event

Transfer

• Contract• Insurance

Terminate

• Eliminate risk by stopping activity• Avoid operations within an area

Tolerate

• Accept risk• Continue like before no change

to activitiesH

igh

Med

ium

Low

Low Medium High

CONSEQUENCE

LIK

EL

IHO

OD

R5 R36

R36R36

Corrective � Consequence reducing

R5

Preventive � Likelihood reducing

15

© Det Norske Veritas AS. All rights reserved.

Effect

Understand what to manage

16

Causes

ImmediateCauses

Underlyingcauses

Immediate Effect

FinalEffect

TopEvent

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

OBJECTIVE

PLAN

ACT DO

CHECK

IMPLEMENTATION

© Det Norske Veritas AS. All rights reserved. 1717

Elements in a well functioning risk framework

Risk Policy(strategy, goals, acceptance)

Risk structure(roles, mandates, responsibilities)

Risk approach(identify, analyse, evaluate, treat1)

Supports System - Tools

Risk reporting and communication

Culture, skills and competencies

1) Ref. ISO standard 31000

© Det Norske Veritas AS. All rights reserved. 18

How to make the framework operational

© Det Norske Veritas AS. All rights reserved.

Spreadsheets versus ERM software?

� …Spreadsheets can only take us so far! � Simultaneous data entry

� Automated e-mail notifications

� Reports with history and statistics

� Accountability and traceability

� Role-based

� Handles complex information relationship

19

© Det Norske Veritas AS. All rights reserved. 20

Sample interface - EasyRisk Manager™

© Det Norske Veritas AS. All rights reserved.

Success factors

21

� Proportionate� Aligned� Comprehensive� Embedded� Dynamic

© Det Norske Veritas AS. All rights reserved.

Safeguarding life, property and the environment

www.dnv.com

22