By David Drerup.
In our previous article, we shared why Enterprise Loss Management is the connective tissue for Intelligent Operations. Risk Management should be a lens that helps keep everyone focused on the path forward, but in practice is often the Achilles’ Heel. This can be due to blind spots in risk management including the notion that high level decision processes can function effectively outside risk management constraints. Our focus today is on operational risks, which include exposures caused by deficiencies in compliance, internal systems, human factors including human error, and external events down to the level of individual production facilities. Enterprise Risk Management (ERM) more broadly covers financial, operational, and compliance risks. Management of Change (MOC) is structurally integral to re-evaluating threats and maintaining the integrity of all existing programs that it supports. This article covers how MOC fundamentally supports Intelligent Operations.
Establishing a point of reference or context is key to creating a foundation for risk management. As examples, Process Safety Management (PSM) is a compliance framework that includes a risk component, while ISO 31000 is a newer example of an ERM framework that is a suggested standard, not a requirement. Process Hazard Analysis (PHA) is a staple for risk identification and analysis in the process industries. HAZOP and the What-If Checklist methodology are popular PHA approaches for organizations dealing with toxic chemical and flammable hydrocarbon risks. While there are numerous methodologies (i.e. FMEA, HAZID, LOPA, QRA) that can be utilized for assessing risk, some are more qualitative in nature than others. What-If and HAZOP are considered qualitative, LOPA semi-quantitative, and QRA quantitative. Methodology selection should be dependent on corporate risk tolerance, expert competency, and desired outcome.
As companies mature, developing a risk registry is a key to success as not all threats are equal in severity and consequence. At the most basic level, organizations typically use a risk matrix to rank hazards or threats. A risk matrix can also be applied to areas like capital projects and other threats. One key here is to design the matrix with detailed guidelines that allow the average user to clearly apply the logic and generally come to reasonable and consistent conclusions. A proper Risk Control System needs to incorporate MOC to ensure that changes are constantly addressed.
All of these risks can be monitored and managed if an integrated IT solution is available to use. Without an integrated solution, threat detection becomes much more challenging.
Realistically, companies need to rearchitect their data to move it out of silos to enable Intelligent Operations.
As patterns emerge and threats manifest, Intelligent Operations delivers a mechanism for proactively addressing risk. Full maturity comes as a performance management framework is put into place. Performance management provides a risk integrity window into real-time threats with an overarching MOC function to ensure that critical threats are identified and addressed proactively. Performance management is a complex topic that forms another of the core elements of Intelligent Operations we will discuss in a future article.
How do we create a framework for managing risk?
Conclusion
Risk identification and management is crucial for an organization to survive. There are many risks to manage on a daily basis from an operational and compliance perspective. If risks exceed the risk integrity window, they become losses or incidents. Intelligent Operations takes Risk Management to the next level. Companies can perform at higher level without compromising the brand or privilege to operate. After all, risk is inherent in all manufacturing. The question is, are we able to manage risk at a level that is acceptable to society, while maximizing profitability.
In our next article, we will discuss Engineering Content Management to wrap up the Foundation for and how it holistically informs Intelligent Operations.