Redundancy between Process risks and Process Performance indicators

Ragnarok

Involved In Discussions
#1
Hi

We have a process document that contains the following tabs :

* process risks
*process Opportunities
*Process performance indicators and targets

my problem is I am not sure we don't have a redundancy between the process risks and process performance indicators and targets tabs

I mean , if i select for the support process ,"Risk of having response time not according to SLA" ,and current likelihood is 15% , impact is High , and i want to REDUCE the likelihood of the risk to less than 10% ,

Should i then mention that one of my process performance indicators is number of cases outside sla and set a target for it in the "Performance indicators and targets" tab?

I feel it's redundant and needlessly complicating things ...but i would like other opinions

Thanks for the help
 
Elsmar Forum Sponsor

Mark Meer

Trusted Information Resource
#2
If the objectives/performance-indicators derive from risk assessments, then I don't see there's a problem with documenting the way you've described.

A couple comments though:

1. Curious: How do you arrive at such a specific likelihood ("15%") for risk? How would you know if the likelihood has decreased to 10%?

2. Wouldn't a better performance indicator be specified in terms of the rate at which response times meet/exceed SLA requirements?

Risks always involve estimates, but your performance-indicators should reflect ACTUAL collected data.
 

qualprod

Trusted Information Resource
#3
I don't see the need to mix kpis.
For the case of the the risk, treated directly, if you detected a risk in one in a process, act on it, put to work mitigation plans to minimize the risk.
Do not measure the performance of the risk, measure the performance of the processes.
Into the MR sessions, revise status of risks and effectiveness.
Hope this helps
 

Mark Meer

Trusted Information Resource
#4
I don't see the need to mix kpis.
For the case of the the risk, treated directly, if you detected a risk in one in a process, act on it, put to work mitigation plans to minimize the risk.
Do not measure the performance of the risk, measure the performance of the processes.
Agree with the "Do not measure the performance of the risk, measure the performance of the processes" statement.

...but as far as not relating risk & kpis at all, I could certainly see cases where you'd want to.
It may be beneficial to select certain indicators to support risk assessments, or monitor the effectiveness of risk controls.
 

Ragnarok

Involved In Discussions
#5
Well we are doing like this:

we grade our likelihood of risk : 1=<10% occurence,2=10-30%,3=31-50...etc

we then do a rating of impact: 1=no impact ,2=minor impact,=moderate impact

Seriousness of risk=Likelihood * impact

in 2017, 15% of our cases were out of SLA

so in the case of SLA , likelihood=2 , Impact =4 ...so seriousness of risk =8

We want to reduce the likelihood to <10% so EXPECTED risk after control actions is 4 ,(likelihood 1* Impact 4)

This allows us to verify that our actions are effective or not
 

Mark Meer

Trusted Information Resource
#6
So, to summarize, you:

1. Evaluate risk (based on estimates derived from current available data)
2. Assign/implement controls (to reduce risk by reducing likelihood of occurrence)
3. Re-evaluate risk (based on how much you anticipate the controls reducing likelihood)
4. Set performance-indicators that would be necessary to verify the the controls are as effective as anticipated.
5. Proceed to gather data
6. Analyse data as a measure of how effective the risk controls are.
7. Re-assess risk based on data analysis

Sounds good to me. I don't see that there's unnecessary redundancy...
 

qualprod

Trusted Information Resource
#7
Well , maybe to assign a % of compliment, say at least the 80 % of risk were treated effective, ok sounds good.
 

isolytical

Involved In Discussions
#8
IMHO, you are correct a 'redundancy' seems to exist. To me the PPI/target is the mitigation and/or measure for the mitigation.
Perhaps too much is placed into the SLA - which may be limited to targets.

A risk exists in failure to meet a process objective. So an internal document identifying process objectives, as failures, may remove redundancy.
 

Ragnarok

Involved In Discussions
#9
IMHO, you are correct a 'redundancy' seems to exist. To me the PPI/target is the mitigation and/or measure for the mitigation.
Perhaps too much is placed into the SLA - which may be limited to targets.

A risk exists in failure to meet a process objective. So an internal document identifying process objectives, as failures, may remove redundancy.
Can you please give an example of what that internal document would contain ? any example would do

Thanks
 

isolytical

Involved In Discussions
#10
What I can do and keep within my established constraints is this.
Very generally, before letting an SLA a/o contract an internal document exists to define the SLA a/o contract (sub) processes. It identifies opportunities, risks, and failures in those (sub) processes. It quantifies operational risks with an aim to develop responses, mitigations, or accept, as is risk. The overall risk impact on service provision results when purposely applied.
In the original question, risk applied to targets, rather than to processes. And, the results were not expressed in terms that management understands.
The importance of understanding the above-described process rises above viewing a completed document.
 
Thread starter Similar threads Forum Replies Date
x-files Necessary or Unnecessary Redundancy in Procedures ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
R Redundancy in PFD and Control Plans? APQP and PPAP 3
K Joint approval between OEM and Manufacturer on Design Documents ISO 13485:2016 - Medical Device Quality Management Systems 4
C Is my software an accessory? Telecommunication between HCP and patients EU Medical Device Regulations 10
K Verify Software Architecture - supporting interfaces between items IEC 62304 - Medical Device Software Life Cycle Processes 2
E ASTM F2118 - Fatigue testing of bone cement - Changes between the 2003 and the 2014? Other Medical Device Related Standards 1
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R What's the major difference between Green Belt and Black Belt in term of training and project Six Sigma 3
DuncanGibbons How is the arrangement between Design and Production organisation envisaged? EASA and JAA Aviation Standards and Requirements 4
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
T Difference between a subcontractor and a supplier ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
K %GRR was between 10-30% so we have to have a "backup plan" per auditor IATF 16949 - Automotive Quality Systems Standard 15
H Difference between Stainless Steel 316 ASTM F899 and ASTM A276 Other Medical Device Related Standards 3
A Exact terms for a plating failure and difference between rejection rate and failure rate Manufacturing and Related Processes 9
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
M Difference between MSA and MSE? General Measurement Device and Calibration Topics 1
gramps What is the difference between discrete and continuous variables? Problem Solving, Root Cause Fault and Failure Analysis 5
R Plea for advice on transitioning between Notified Bodies (label updates) Medical Device and FDA Regulations and Standards News 1
M Measuring FIM (TIR) - Two inside diameters - Conflicting readings between inspectors Manufacturing and Related Processes 1
JoCam Difference between Approval and Registration - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 2
S Difference between EU-MDR Annex IX and the Annex-combo X&XI EU Medical Device Regulations 2
T ISO 17025:2017 Clause 4.2.2 - The difference between "be notified" and "be informed" ISO 17025 related Discussions 4
Jimmy123 What is the difference between Error Proofing and Controls? ISO/IATF 16949 - Control Plans FMEA and Control Plans 16
DuncanGibbons Clear differences between ISO 13485 and AS 9100D requirements ISO 13485:2016 - Medical Device Quality Management Systems 10
H What is different between PED certificate and CPR certificate? Manufacturing and Related Processes 2
B Angle between two surfaces Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
D Variation between Faro Arms Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
K Differences between Manufacturing Process Audit & Layered Process Audit Lean in Manufacturing and Service Industries 4
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
C IEC 60601-1-8, difference between table 4 and annex D IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
D Reorganizing responsibilities between management teams and Employees in them ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A Compatibility between MDD and MDR devices EU Medical Device Regulations 7
Q How should I analyze measurement correlation between me and customer? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 12
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
A What is the difference between Basic UDI-DI and UDI-DI? EU Medical Device Regulations 6
T Something between a manual and a procedure? Document Control Systems, Procedures, Forms and Templates 9
Q What is the difference between AS9100D 9.3.2.f and 9.3.3.a AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
S Differences in CB expectations between the US and Europe Registrars and Notified Bodies 3
Ahang Separation between secondary circuit and accessible parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
M Aluminum - What is the difference between 6061-T6 and 6061-T651 (both per ASTM B211)? Manufacturing and Related Processes 4
G Comparing Gauge Blocks - Translating the calibration between the master set and the QA set General Measurement Device and Calibration Topics 2
R The alignments and contradiction in Quality Engineering and management between the Automotive and Aerospace industry AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
F IEC 62304 - Segregation and communication between software items IEC 62304 - Medical Device Software Life Cycle Processes 1
E Discussion between co-worker on tolerance and uncertainty and how to apply it. Thoughts? 17025 ISO 17025 related Discussions 1
L Comparison matrix between IATF 16949:2016 to ISO 12207, ISO 9001 and Automotive SPICE IATF 16949 - Automotive Quality Systems Standard 3
M Applicability of IEC 60950-1 Table K2 - Minimum clearances between circuits Various Other Specifications, Standards, and related Requirements 0
J Deciding between Professional Use or Lay Person IVD Test - Human fecal stool specimens Other Medical Device and Orthopedic Related Topics 1
S Is there any connection between PFMEA and Acceptance Plan FMEA and Control Plans 1
D Link between FMEA, flow chart and control plan FMEA and Control Plans 10
M What are the differences between "Process Flowchart form" and "Process Flow Diagram form"? IATF 16949 - Automotive Quality Systems Standard 4

Similar threads

Top Bottom