Risk Management – Is your approach Holistic?
‘Risk’ is a term which has varied attributes and significance depending upon which industry/business we are talking about. Often, there is ambiguity on what constitutes a risk and hence the risk perceived by a LoB (Line of Business) Manager is often not in sync with the other managers. Even if risks are properly identified and defined in an organization, in most cases individual LoB managers end up managing their own risks, often not interconnected with other risks. This lack of holistic approach of risk management and mitigation finally results in incoherent reporting to Senior Management, which could seldom form real basis for any prompt decision-making and mitigation actions.
Through this blog, I would like to focus on Risks in Manufacturing Industry. Based on my understanding, risks are broadly classified under below 3 categories.
- Governance & Compliance
- Supply Chain & Market
In manufacturing industry, CFOs (Chief Financial Officer) and hence CIOs often focus too much on risk # 1 & 2 above while ignoring or perceiving risk #3 being relatively less significant. Consequently, a CEO’s mind and vision also gets largely influenced by this, till the time a COO (Chief Operating Officer) or CRO (Chief Risk officer; an evolving role in Industry) convinces him/her for the focus and investment in mitigating the operational risks, which is equally significant, if not less.
As I described in my earlier blog below, why in today’s world of highly competitive businesses, it is more than ever important to focus on reducing your ‘unrealized costs’ to stay ahead in the curve. The core of this idea can be substantiated only through concepts of holistic Risk Management.
An approach of PSM (Process Safety Management) suggest that you should deploy IT systems such that processes don’t sit in silos; fulfilling only the purpose of a LoB manager. They should rather talk to each other, leverage each other’s data for better and real-time insights. Following prominent processes comes to my mind, which if deployed with holistic view, would go long way in achieving Operational Excellence. SAP as a leading ERP player, already has very robust solutions for these processes and a smart System Integrator/Consultant would also architect the IT-OT (Information Technology- Operational Technology) Integration concepts around these, to pull required data from other Manufacturing systems and make it even more effective.
- Incident Management: Broaden the scope of incident recording by also involving events of process disruptions, product quality deviations, critical equipment malfunction/breakdown, security breaches, environmental releases, behavior based safety observations, non-compliance of safety policies etc. Also, perform all unscheduled inspections, assessments here and come up with risks & recommendations as output
- Audit Management: Plan & Perform all ISO 19011 auditing requirements here. This should include all internal/external auditing covering all LoB including audits of HSE, Mechanical Integrity, Quality Management, Risk Assurance, Security etc., and come up with CAPA (corrective/preventive actions) as output
- Risk Assessment: Collect all risks from Work Area & Job Risk assessments, Incident/Inspection recording, Audit findings, Changes etc, and come up with mitigating actions.
- Worker Safety Management: Produce dynamic ‘Safety Plan’ depending upon the type of job, area, equipment, nearby jobs, people involved, tools & tackles used, PPEs etc. This Safety plan should be used in Job Safety Analysis of Permit systems.
- MoC (Management of Change): Manage requirement for all changes centrally (temporary/permanent related to people, process & technology) in MoC solution, and do follow-up risk assessments in EHSM Solution.
- Work Permit Management: Assess risk profiles of assets & work areas, evaluate dynamic safety instructions, and safely execute all identified maintenance jobs through EAM- WCM. Use this component also for better contractor/resources/tools management to increase the wrench time. Integrate the permits system with Operational e-Log book for single source of truth in shift changeovers.
- GRC (Governance, Risk & Compliance): Push all the derived risks from above processes to GRC solutions for finally achieving Enterprise level view of risks along with already derived Supply chain & Market risks.
- Common Action Tracking (Universal Worklist): Push all derived CAPA & recommendations through worklist to the person responsible. Utilize SAP HR/HCM Organization structure to classify the action status per LoB/Department/Area Owner to increase accountability through KPI/Analytics.
Imagine, Senior Management’s Dashboard is getting updated daily morning with real-time visibility of all above attributes of operational risks alongside other enterprise risks. Won’t he/she be better equipped to take right decisions in an efficient manner?
So, are you as Consultant/System Integrator creating value for your clients by proposing risk mitigation with holistic approach? Or, are you as manufacturer’s IT team asking your IT/ERP partners for how to help your business in achieving operational excellence by mitigating risks through best-in-class deployment of IT/ERP systems? THINK over it……. 🙂
As always, your comments and feedback are welcome. I look forward to it.
you should may be start a career as book writer.... 😎 Congratulation for this really very good lecture. Very good explanation.
I hope that lot of managers read this and may be check potential approaches to optimize the existing IT landscape (or they will then enlarge the IT landscape)
As discussed in many other threads: IT manager (and others) try to bring people "closer" together and to therefore optimize the internal organisation. They do have good reasons to look for optimization (as the world gets "smaller" and demands fromoutside getting higher)
But not all of these managers do have a really long term approach using SAP.
I would assume that you will not find many SAP customers who really use any of the SAP solutions as integrated as they could (and therefore tehy can not profit from the many integration options)
Some topics as mentioned by you are discussed rarely (e.g. Audit Management; GRC etc.) E.g. Track and Trace as well is not discussed often. The new "MoC" approach seems as well not very common.
Even using EHS classic. never have seen a SAP customer using the existing EHS workflow.
The challenge is: combine effective/efficient data management and processes using SAP.
Especially in the area of EHS: effective data management is the success factor. But without considering "overall "E2E processes this is not suffcient.
More and more solutions as: Sustainability Performance Management Software | Sustainability | SAP
are of interest for management.
Thanks for your nice words about my writing and blogging!! 😀
A prospective publisher might ask me to write stories for Animation movies, instead of technical books, as I probably build more castles in the air than on ground 😉
I also hope that besides consultants/system integrator, this blog is read by IT Managers as well. As you rightly said that many SAP customers don't even think on this holistic/integrated approach, forget about implementing it. I believe, it the equal responsibility of the concerned consultants/system integrator to advice & propose to their customers to create real 'Value' through their work, rather than just deploying systems which most often than not serves as 'System of records' only.
I see customers are increasingly getting aware of this aspect of their 'Value Realization' and nowadays asking 'value creation' in place of merely project milestones. For record, I myself have accomplished part of what I proposed in my blog with my previous clients, and let me tell you the business gains are immense.
I am creating a risk assessment report structure in BW system.
Risk assessment structure components:
1) Risk Assessment Type
5) Job Status
6) JOB STEPS (Text)
I couldn't extract "Job Steps" from the Job master data. It's necessary for my risk assessment report. But I'm not finding it in the existing fields.
Which field can I extract it from? or How can I add it to my report structure?