Redundancy between Process risks and Process Performance indicators

Ragnarok

Involved In Discussions
Hi

We have a process document that contains the following tabs :

* process risks
*process Opportunities
*Process performance indicators and targets

my problem is I am not sure we don't have a redundancy between the process risks and process performance indicators and targets tabs

I mean , if i select for the support process ,"Risk of having response time not according to SLA" ,and current likelihood is 15% , impact is High , and i want to REDUCE the likelihood of the risk to less than 10% ,

Should i then mention that one of my process performance indicators is number of cases outside sla and set a target for it in the "Performance indicators and targets" tab?

I feel it's redundant and needlessly complicating things ...but i would like other opinions

Thanks for the help
 

Mark Meer

Trusted Information Resource
If the objectives/performance-indicators derive from risk assessments, then I don't see there's a problem with documenting the way you've described.

A couple comments though:

1. Curious: How do you arrive at such a specific likelihood ("15%") for risk? How would you know if the likelihood has decreased to 10%?

2. Wouldn't a better performance indicator be specified in terms of the rate at which response times meet/exceed SLA requirements?

Risks always involve estimates, but your performance-indicators should reflect ACTUAL collected data.
 

qualprod

Trusted Information Resource
I don't see the need to mix kpis.
For the case of the the risk, treated directly, if you detected a risk in one in a process, act on it, put to work mitigation plans to minimize the risk.
Do not measure the performance of the risk, measure the performance of the processes.
Into the MR sessions, revise status of risks and effectiveness.
Hope this helps
 

Mark Meer

Trusted Information Resource
I don't see the need to mix kpis.
For the case of the the risk, treated directly, if you detected a risk in one in a process, act on it, put to work mitigation plans to minimize the risk.
Do not measure the performance of the risk, measure the performance of the processes.

Agree with the "Do not measure the performance of the risk, measure the performance of the processes" statement.

...but as far as not relating risk & kpis at all, I could certainly see cases where you'd want to.
It may be beneficial to select certain indicators to support risk assessments, or monitor the effectiveness of risk controls.
 

Ragnarok

Involved In Discussions
Well we are doing like this:

we grade our likelihood of risk : 1=<10% occurence,2=10-30%,3=31-50...etc

we then do a rating of impact: 1=no impact ,2=minor impact,=moderate impact

Seriousness of risk=Likelihood * impact

in 2017, 15% of our cases were out of SLA

so in the case of SLA , likelihood=2 , Impact =4 ...so seriousness of risk =8

We want to reduce the likelihood to <10% so EXPECTED risk after control actions is 4 ,(likelihood 1* Impact 4)

This allows us to verify that our actions are effective or not
 

Mark Meer

Trusted Information Resource
So, to summarize, you:

1. Evaluate risk (based on estimates derived from current available data)
2. Assign/implement controls (to reduce risk by reducing likelihood of occurrence)
3. Re-evaluate risk (based on how much you anticipate the controls reducing likelihood)
4. Set performance-indicators that would be necessary to verify the the controls are as effective as anticipated.
5. Proceed to gather data
6. Analyse data as a measure of how effective the risk controls are.
7. Re-assess risk based on data analysis

Sounds good to me. I don't see that there's unnecessary redundancy...
 

qualprod

Trusted Information Resource
Well , maybe to assign a % of compliment, say at least the 80 % of risk were treated effective, ok sounds good.
 

isolytical

Involved In Discussions
IMHO, you are correct a 'redundancy' seems to exist. To me the PPI/target is the mitigation and/or measure for the mitigation.
Perhaps too much is placed into the SLA - which may be limited to targets.

A risk exists in failure to meet a process objective. So an internal document identifying process objectives, as failures, may remove redundancy.
 

Ragnarok

Involved In Discussions
IMHO, you are correct a 'redundancy' seems to exist. To me the PPI/target is the mitigation and/or measure for the mitigation.
Perhaps too much is placed into the SLA - which may be limited to targets.

A risk exists in failure to meet a process objective. So an internal document identifying process objectives, as failures, may remove redundancy.

Can you please give an example of what that internal document would contain ? any example would do

Thanks
 

isolytical

Involved In Discussions
What I can do and keep within my established constraints is this.
Very generally, before letting an SLA a/o contract an internal document exists to define the SLA a/o contract (sub) processes. It identifies opportunities, risks, and failures in those (sub) processes. It quantifies operational risks with an aim to develop responses, mitigations, or accept, as is risk. The overall risk impact on service provision results when purposely applied.
In the original question, risk applied to targets, rather than to processes. And, the results were not expressed in terms that management understands.
The importance of understanding the above-described process rises above viewing a completed document.
 
Top Bottom