A
Alan Cotterell
Dear Andy, I feel I should persevere and explain the concept of operational risk management a little bit further.
As I have said before the major risk areas in any industrial process are - quality, safety, environment, security.
If you consider the situation which exists in a hospital casualty ward, where a nurse is receiving patients - she should provide a quality service to patients. In the situation where some drunk cuts loose in the ward and attacks her or patients, you have a loss of quality of service, you have a health and safety problem, you might have environmental problems (if enough blood is spilt), you certainly have a security problem.
The risks are related and there are tradeoffs between them, which are affected by the risk controls you introduce.
Any quality system procedure should cover all eventualities.
Consider the situation where a nuclear reactor is in operation. Procedures might be aimed at maintaining electricity supply, but shouldn't they also cover workplace safety (safe handling of isotopes), environment (control of isotopes so that they are not released), security (protection of isotpes from terrorists).
In most cases a policy statement reflected in procedures is sufficient to control these risks.
I suggest management manuals should have four policy areas but only procedures which define the process in the workplace, and not separate quality, safety, environmental protection and security procedures.
It's a matter of doing the job right first time, i.e. getting an output which satisfies the customer - a quality/safe/nonpolluting product produced in a safe, nonpolluting secure workplace.
In the nuclear reactor case I am a stakeholder. There has been a proposal to set up a reactor in Indonesia in the next ten years. The culture in that country is not very democratic, and I suggest that this gives a certainty of incidents occurring. The controls for quality, safety, environment and security in reactors are procedural and depend on people doing the right thing, it's just not going to happen in Indonesia, we'll get another Chenobyl.
So Darwin will not be a good place to live.
I don't really care whether you have a problem selling quality systems to organisations, the point is their operational risk must be appropriately managed, and it's a matter of controlling the risks to a level tolerable to all stakeholders.
Best Regards, Al
As I have said before the major risk areas in any industrial process are - quality, safety, environment, security.
If you consider the situation which exists in a hospital casualty ward, where a nurse is receiving patients - she should provide a quality service to patients. In the situation where some drunk cuts loose in the ward and attacks her or patients, you have a loss of quality of service, you have a health and safety problem, you might have environmental problems (if enough blood is spilt), you certainly have a security problem.
The risks are related and there are tradeoffs between them, which are affected by the risk controls you introduce.
Any quality system procedure should cover all eventualities.
Consider the situation where a nuclear reactor is in operation. Procedures might be aimed at maintaining electricity supply, but shouldn't they also cover workplace safety (safe handling of isotopes), environment (control of isotopes so that they are not released), security (protection of isotpes from terrorists).
In most cases a policy statement reflected in procedures is sufficient to control these risks.
I suggest management manuals should have four policy areas but only procedures which define the process in the workplace, and not separate quality, safety, environmental protection and security procedures.
It's a matter of doing the job right first time, i.e. getting an output which satisfies the customer - a quality/safe/nonpolluting product produced in a safe, nonpolluting secure workplace.
In the nuclear reactor case I am a stakeholder. There has been a proposal to set up a reactor in Indonesia in the next ten years. The culture in that country is not very democratic, and I suggest that this gives a certainty of incidents occurring. The controls for quality, safety, environment and security in reactors are procedural and depend on people doing the right thing, it's just not going to happen in Indonesia, we'll get another Chenobyl.
So Darwin will not be a good place to live.
I don't really care whether you have a problem selling quality systems to organisations, the point is their operational risk must be appropriately managed, and it's a matter of controlling the risks to a level tolerable to all stakeholders.
Best Regards, Al