第五十四篇 Linking Quality Management and Risk Management
本帖最后由 小编D 于 2012-7-13 15:34 编辑
请对以下文章有翻译兴趣的组员留下你的预计完成时间和邮箱地址,以便小编登记翻译者信息以及文章最终完成时间
本文翻译:muddy533 校稿:ccsspp454
Linking Quality Management and Risk Management
将质量管理与风险管理联系起来
Shifting from a reactive approach of controlling variances, to proactively eliminating potential sources of failure
从控制不一致的起反作用的方法到前瞻性的消除失效的潜在原因。
Much has been written and discussed about “risk” being the future of “quality.” But what does this really mean, and how does it work?
很多人已经用文章讨论作为将来质量的风险,但是何为风险,风险是如何运行的呢?
Definitions of quality
质量的定义
Let’s us look at common working definitions of quality: zero defects, customer satisfaction, control of process variance, reliability, security, and fit for purpose. These are all objectives a quality program is aimed at satisfying. ISO 9000:2005—“Fundamentals and vocabulary for quality management systems” defines quality as the “degree to which a set of inherent characteristics fulfills requirements.”
让我们看看共同工作的质量定义——零缺陷、顾客满意、过程不良的控制、可靠性、安全以及达到目的。所有这些质量项目的目的都在于满意。ISO9000:2005——“质量管理体系的基础和术语”这样定义质量:一组固有属性满足要求的程度。
BusinessDictionary.com states this definition of quality: “In manufacturing, a measure of excellence or a state of being free from defects, deficiencies, and significant variations, brought about by the strict and consistent adherence to measurable and verifiable standards to achieve uniformity of output that satisfies specific customer or user requirements.” 在制造业中,衡量卓越或者远离瑕疵、缺陷、和重大变更,引起通过严格的和始终如一遵守可测量的和可检验的标准来实现输出的一致满足特殊客户满足和用户要求。
BusinessDictionary.com(网站域名)商业字典网站
In software development, functional quality and structural quality are two measures. The Consortium for IT Software Quality (CISQ), an independent organization founded by the Software Engineering Institute (SEI) at Carnegie Mellon University, and the Object Management Group (OMG), has defined five major desirable characteristics needed for a piece of software to provide business value: reliability, efficiency, security, maintainability and (adequate) size.
软件开发方面,职能性质量和结构性质量是两种不同的度量方法。IT软件质量协会(CISQ),一个由卡耐基梅龙隆大学软件工程学院独自成立的组织(SEI)和目标管理集团(OMG)设立的独立的组织,定义了一个软件提供商业价值所需要的五项主要特征:可靠性、效率、安全、可维护性及(足够的)目标管理集团定义了一款软件商业价值所具有的五项主要特征:可靠性、有效性、安全性、可维修性和(足够的)尺寸。
If we switch to a risk perspective, these common definitions of quality become: risk of defects, risk of customer dissatisfaction, risk of uncontrolled process variance, risk of product unreliability, risk of security breach, risk of lack of fitness. Or in other words, failure to achieve objectives.
如果我们引入风险观点,这些普遍的质量定义就变成了:缺陷的风险、顾客不满意的风险、不受控的过程不良的风险、产品不可靠的风险、不安全的风险以及缺乏符合性的风险。或者换句话说,不能达成目标。
Thus in the risk domain, the focus is not on the objectives per se, but on the risk to achieving the objectives. Risk management is applied to control the risks and enhance the likelihood of achieving the objectives. Risk can be looked at as a two-sided coin: opportunity or danger. Either way, the same approach can be used to manage risk.
因此在风险领域,关注点不在于目标本身,而是在于达成目标的风险。风险管理被用于控制风险并加强达成目标的可能性。风险可以被堪称硬币的两面:机会或危险。换句话说,可以用同样的方法来管理风险。
Another parallel between quality and risk is their respective focus. Quality had its Deming and his plan-do-check-act (PDCA) cycle. Greg Hutchins, an upcoming risk authority identifies the four Ps of risk: proactive-preventive-predictive-preemptive.
质量和风险之间的另一个相似性在于他们各自的关注点。质量有其戴明(著名的质量管理专家)及其PDCA循环(著名的质量管理方法)。克莱格 哈钦斯,一位风险管理的权威专家提出了风险管理的4P法则:前瞻性-预防性-预测性-抢先性。
Quality management and risk management
质量管理与风险管理
Let’s look further at the link between quality management and risk management.
让我们进一步探讨质量管理与风险管理之间的关系。
Quality management can be thought of as the process of designing and executing products and services effectively, efficiently, and economically. In this context, effectiveness primarily involves the ability of the products and services to meet or exceed customers’ expectations, while efficiency involves the ability to provide products and services without wasting any resources. Economics involves the ability to generate requisite revenues from the process so that the organization can be sustained.
质量管理可被想象成有效地、质量管理可被看做是设计和完成产品和有效性的服务,有效性和经济性。在这样的背景下,有效性主要包含了产品和服务满足或超越顾客期望的能力,而效率则涉及在不浪费任何资源的情况下提供产品和服务的能力,经济性则包含了由过程产生的要求的收入的能力,只有如此,组织才能持续发展。
Risk management is the process of identifying, addressing, prioritizing, and eliminating potential sources of failure to achieve objectives. Applying risk management means being proactive, preventive, predictive, and preemptive. Risk asks the question, “What if?” and looks at likelihood and consequences to determine which of the what-ifs are significant and need to be addressed.
风险管理是识别、定位、排序并消除不能达成目标的根源的过程,采用风险管理意味着前瞻性-预防性-预测性-抢先性。风险会问这样的问题:“万一……怎么办?”,并关注发生的可能性及后果以确定哪个“万一”是重要的并需要解决的。
If we look at process quality, we see that objective gaps imply higher deltas in the process, which means higher risk: more variances, or higher variation, leads to less uniformity in product or service. By reducing the risk of deltas, we reduce objective gaps and variation, and increase process quality.
我们再看看过程质量,会发现在过程中目标差异显示了更高的偏差,这意味着更高的风险:更大的偏差和更高的变异,导致了产品和服务的更低的符合性。为了降低偏差的风险,我们降低目标差异和变异,并提高过程质量。
What is risk management?
什么是风险管理?
Most definitions of risk management cover the entire enterprise. For example, the Committee of Sponsoring Organizations (COSO) defines risk management as: “A process affected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
风险管理的大部分定义涵盖了整个企业。比如发起人委员会(COSO)这样定义风险:风险管理是一个过程,实体的董事会、管理人员和其他人员,应用于战略实施并贯穿于企业当中,旨在识别可能会影响主体的潜在事项,管理风险以使其在主体的风险容量之内,并为主体的目标的实现提供合理的保证。
In ISO 31000:2009—“Risk management—Principles and guidelines on implementation,” risk is defined as the “effect of uncertainty on objectives,” and risk management as something that “aids decision making by taking account of uncertainty and its effect on achieving objectives and assessing the need for any actions.”
ISO31000:2009——风险管理——实施的原则和指南中,风险被定义为“目标不确定性的效果”,风险管理如同那些考通过不确定性的辅助决策和达到目标的效果和任何措施必要性的评价。
For our purposes, we restrict risk to be in the operations domain and not the finance domain. Financial risk management typically focuses on hedging costs, fluctuations in currencies, and insurance.
就我们的目的而言,我们限定的风险是经营领域而非财务领域。典型的财务风险管理关注边际成本、财务风险管理典型的关注套现保值成本、货币的波动和保险。
There are three main types of operational risks:
经营风险:
Enterprise risk—Risk related to the operation of a business, execution strategy, systemic issues, and material issues
企业风险——与一项业务运行、战略执行、物料事件。
Project risk—Risk related to the planning and delivery of a product or service, and of not being able to meet project “triple constraints,” i.e., scope/quality, schedule, and cost, including technology and other factors
项目风险——与产品或服务的交付及策划有关的风险,以及不能满足项目“三项限制”的风险,比如范围/质量,时间表和成本,包括技术和其他因素。
Process risk—Risk relating directly to planning and delivery of a product or service and of not being able to meet process stability, process capability, and continuous improvement—meaning the inability to achieve consistent outcomes
过程风险——直接跟产品或服务的策划和交付有关的风险,以及不能满足过程稳定性、过程能力和持续改进的风险,这意味着没有能力获得持续的结果。
To ensure consistency of approach to risk management, standards and models have been and are continuing to be developed. Standards provide the following benefits:
为保证风险管理方法的一致性,标准和模型已经建立并得到了持续改进。标准提供以下的好处:
Some risk-based standards include: ISO 28000, which addresses supply chain security; ISO 27000, for IT security; ISO 22000 for food safety; the FAA Safety Management System, and AS 9100 for aerospace.
一些基于风险的标准包括:ISO28000,致力于供应链安全;ISO27000,致力于IT安全;ISO22000,致力于食品安全;FAA是安全管理体系;AS9100是航空宇宙。
The critical elements of risk management identified in ISO 31000 are:
ISO31000中识别的风险管理关键要素包括:
Risk identification—Identifies the sources of risk, risk events, and their potential consequences
风险识别——识别风险的来源、风险事项及他们潜在的后果
Risk analysis—Analyzes the causes and source of the risks and the likelihood that they will occur
风险分析——分析风险产生的原因及发生的可能性
Risk evaluation—Determines whether risks need to be addressed and treated
风险评估——确定是否需要处理和解决风险
Risk treatment—Determines strategies and tactics to mitigate or control risks
风险处理——确定战略或策略来减轻或控制风险
Further, ISO states that risk management should “ensure that organizations have an appropriate response to the risks affecting them.” Risk management should thus “help avoid ineffective and inefficient responses to risk that can unnecessarily prevent legitimate activities and/or distort resource allocation.” And, to be effective within an organization, risk management should be “an integrated part of the organization’s overall governance, management, reporting processes, policies, philosophy and culture.”
此外,ISO进一步陈述了风险管理应当“确保组织有一个适当的方法对影响他们的风险做出响应”。因此风险管理应当“有助于防止无效果且效率不高的风险响应,这样的风险响应对于预防非法的活动和/或不合理的配置资源没有必要。”而且,为了确保在组织内有效,风险管理应当“是组织整个控制、管理、报告过程、政策、哲学及文化的有机组成部分。”
The ISO risk management process involves “applying logical and systematic methods” for:
ISO风险管理过程包括“为以下活动采用逻辑的和系统的方法”:
• Communication and consultation throughout the process
• 在整个过程中沟通与咨询
• Establishing the context
• 创建氛围
• Identifying, analyzing, evaluating and treating risk associated with any activity, process, function, project, product, service, or asset
• 识别、分析、评估及处理与任何活动、过程、职能、项目、产品、服务或资产有关的风险
• Monitoring and reviewing risk
•监视和评估风险
• Recording and reporting the results appropriately
• 适当地记录和报告结果
Why is risk proactive, preventive, predictive, and preemptive?
为什么风险是前瞻性、预防性、预测性、抢先性的呢?
Risk assessment is proactive in that a formal analysis is undertaken to identify, rate, and address risk. This involves risk identification (predicting and listing possible risks) then risk analysis (rating them as to seriousness). Seriousness is determined by looking at the likelihood of occurrence and the resulting consequences. There are several risk analysis techniques available, but they fall into two camps: qualitative and quantitative.
风险分析具有前瞻性在于:对风险进行正式的分析会用来识别、分级并处理风险。这包括风险识别(预测并列出可能的风险),然后进行风险分析(对风险的严重程度进行分级)。严重程度根据发生的可能性及其结果来确定,有多种可用的风险分析技术,分为两类:定量的和定性的
Qualitative analysis relies on subject-matter experts who rate both likelihood and consequence of potential risks using a gradated scale, e.g., 1–5, or high/medium/low, or using a “heat map.” Likelihood and consequence are recorded in a two-dimensional grid.
定性的分析依赖于项目专家,他用分级数据范围对潜在风险的可能性和结果。比如1~5,或高/中/低,或使用一个“热度图”。可能性和结果会记录在一个二维的表格中。
Quantitative analysis relies on using numerical values or scores because this is felt to be a more objective method. Historical or scientific data on the process or activity is used to determine values. This method requires an understanding of probability; for cases where data are available, removes some uncertainty.
定量的分析采用数值或分值进行计量,定量分析依赖于数值或分值,因为这被认为是一个更为客观的方法。过程的历史数据或者科学数据被用来确定数值。这种方法要求对概率有一定的了解,在数据已知的情况下,去掉一些不确定性。
Using either approach, highly likely risks with high consequences obviously must be taken seriously.
不管使用哪种方法,具有严重后果的发生几率大的高风险就要认真对待了。
Once the serious risks are determined, they can be consciously dealt with. By applying mitigation steps, the risks can be prevented, preempted, or reduced in impact. You can accept risk, avoid risk (by stopping the risky activity), reduce risk (by reducing likelihood consequence or both), or share risk (pool, outsource the activity, insure against the risk). A key point to note is that this process represents a conscious effort, which by its nature must be visible to management.
一旦确定了严重的风险,他们就会被有意识的处理掉了。通过采用降低风险的步骤,这些风险就能够被预防、抢先处理了,或减轻其产生的影响。你可以接受风险、避免风险(通过阻止有风险的活动的发生)、降低风险(通过降低风险及其结果发生的可能性),或者分散风险(风险池、外包活动,通过保险来分散风险)。一个需要注意的关键点是这个过程代表了有意识的努力,从本质上说,需要注意的关键点就是过程代表着有意识结果,这个结果的管理本质是可以目视的。
Summary总结
We have looked at the link between quality and risk and the basic elements of risk management and operational risk. By changing your perspective to view quality as a risk function, you can shift from a largely reactive approach of measuring and controlling variances, to proactively identifying, addressing, prioritizing, and eliminating potential sources of failure.
在本文中,经营风险。通过改变你的质量视角,通过改变你的风险功能的质量视觉,你可以很大程度上从测量和变异控制消极的方法,转变为具有前瞻性的识别、解决、优先排序并降低潜在的失效的来源。
ABOUT THE AUTHOR作者简介
Ed Perkins爱德华 伯金斯
Ed Perkins is a practicing risk engineer with Quality + Engineering, a Portland, Oregon-based engineering consulting company. Q+E provides governance, risk, auditing and compliance services, and is the developer of the Certified Enterprise Risk Manager certificate training program. Q+E is developing an online resource site for learning about risk and risk-based decision making
爱德华伯金斯是波兰俄勒冈州一家工程咨询公司的一位实战型的质量和工程风险工程师。Q+E提供管理、风险、审核及一致性服务,并且是经认证的风险管理经理人这个培训项目的开发者。Q+E为需要学习风险及基于风险的决策的人员开发了一项在线的资源网站。
请对以下文章有翻译兴趣的组员留下你的预计完成时间和邮箱地址,以便小编登记翻译者信息以及文章最终完成时间
本文翻译:muddy533 校稿:ccsspp454
Linking Quality Management and Risk Management
将质量管理与风险管理联系起来
Shifting from a reactive approach of controlling variances, to proactively eliminating potential sources of failure
从控制不一致的起反作用的方法到前瞻性的消除失效的潜在原因。
Much has been written and discussed about “risk” being the future of “quality.” But what does this really mean, and how does it work?
很多人已经用文章讨论作为将来质量的风险,但是何为风险,风险是如何运行的呢?
Definitions of quality
质量的定义
Let’s us look at common working definitions of quality: zero defects, customer satisfaction, control of process variance, reliability, security, and fit for purpose. These are all objectives a quality program is aimed at satisfying. ISO 9000:2005—“Fundamentals and vocabulary for quality management systems” defines quality as the “degree to which a set of inherent characteristics fulfills requirements.”
让我们看看共同工作的质量定义——零缺陷、顾客满意、过程不良的控制、可靠性、安全以及达到目的。所有这些质量项目的目的都在于满意。ISO9000:2005——“质量管理体系的基础和术语”这样定义质量:一组固有属性满足要求的程度。
BusinessDictionary.com states this definition of quality: “In manufacturing, a measure of excellence or a state of being free from defects, deficiencies, and significant variations, brought about by the strict and consistent adherence to measurable and verifiable standards to achieve uniformity of output that satisfies specific customer or user requirements.” 在制造业中,衡量卓越或者远离瑕疵、缺陷、和重大变更,引起通过严格的和始终如一遵守可测量的和可检验的标准来实现输出的一致满足特殊客户满足和用户要求。
BusinessDictionary.com(网站域名)商业字典网站
In software development, functional quality and structural quality are two measures. The Consortium for IT Software Quality (CISQ), an independent organization founded by the Software Engineering Institute (SEI) at Carnegie Mellon University, and the Object Management Group (OMG), has defined five major desirable characteristics needed for a piece of software to provide business value: reliability, efficiency, security, maintainability and (adequate) size.
软件开发方面,职能性质量和结构性质量是两种不同的度量方法。IT软件质量协会(CISQ),一个由卡耐基梅龙隆大学软件工程学院独自成立的组织(SEI)和目标管理集团(OMG)设立的独立的组织,定义了一个软件提供商业价值所需要的五项主要特征:可靠性、效率、安全、可维护性及(足够的)目标管理集团定义了一款软件商业价值所具有的五项主要特征:可靠性、有效性、安全性、可维修性和(足够的)尺寸。
If we switch to a risk perspective, these common definitions of quality become: risk of defects, risk of customer dissatisfaction, risk of uncontrolled process variance, risk of product unreliability, risk of security breach, risk of lack of fitness. Or in other words, failure to achieve objectives.
如果我们引入风险观点,这些普遍的质量定义就变成了:缺陷的风险、顾客不满意的风险、不受控的过程不良的风险、产品不可靠的风险、不安全的风险以及缺乏符合性的风险。或者换句话说,不能达成目标。
Thus in the risk domain, the focus is not on the objectives per se, but on the risk to achieving the objectives. Risk management is applied to control the risks and enhance the likelihood of achieving the objectives. Risk can be looked at as a two-sided coin: opportunity or danger. Either way, the same approach can be used to manage risk.
因此在风险领域,关注点不在于目标本身,而是在于达成目标的风险。风险管理被用于控制风险并加强达成目标的可能性。风险可以被堪称硬币的两面:机会或危险。换句话说,可以用同样的方法来管理风险。
Another parallel between quality and risk is their respective focus. Quality had its Deming and his plan-do-check-act (PDCA) cycle. Greg Hutchins, an upcoming risk authority identifies the four Ps of risk: proactive-preventive-predictive-preemptive.
质量和风险之间的另一个相似性在于他们各自的关注点。质量有其戴明(著名的质量管理专家)及其PDCA循环(著名的质量管理方法)。克莱格 哈钦斯,一位风险管理的权威专家提出了风险管理的4P法则:前瞻性-预防性-预测性-抢先性。
Quality management and risk management
质量管理与风险管理
Let’s look further at the link between quality management and risk management.
让我们进一步探讨质量管理与风险管理之间的关系。
Quality management can be thought of as the process of designing and executing products and services effectively, efficiently, and economically. In this context, effectiveness primarily involves the ability of the products and services to meet or exceed customers’ expectations, while efficiency involves the ability to provide products and services without wasting any resources. Economics involves the ability to generate requisite revenues from the process so that the organization can be sustained.
质量管理可被想象成有效地、质量管理可被看做是设计和完成产品和有效性的服务,有效性和经济性。在这样的背景下,有效性主要包含了产品和服务满足或超越顾客期望的能力,而效率则涉及在不浪费任何资源的情况下提供产品和服务的能力,经济性则包含了由过程产生的要求的收入的能力,只有如此,组织才能持续发展。
Risk management is the process of identifying, addressing, prioritizing, and eliminating potential sources of failure to achieve objectives. Applying risk management means being proactive, preventive, predictive, and preemptive. Risk asks the question, “What if?” and looks at likelihood and consequences to determine which of the what-ifs are significant and need to be addressed.
风险管理是识别、定位、排序并消除不能达成目标的根源的过程,采用风险管理意味着前瞻性-预防性-预测性-抢先性。风险会问这样的问题:“万一……怎么办?”,并关注发生的可能性及后果以确定哪个“万一”是重要的并需要解决的。
If we look at process quality, we see that objective gaps imply higher deltas in the process, which means higher risk: more variances, or higher variation, leads to less uniformity in product or service. By reducing the risk of deltas, we reduce objective gaps and variation, and increase process quality.
我们再看看过程质量,会发现在过程中目标差异显示了更高的偏差,这意味着更高的风险:更大的偏差和更高的变异,导致了产品和服务的更低的符合性。为了降低偏差的风险,我们降低目标差异和变异,并提高过程质量。
What is risk management?
什么是风险管理?
Most definitions of risk management cover the entire enterprise. For example, the Committee of Sponsoring Organizations (COSO) defines risk management as: “A process affected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
风险管理的大部分定义涵盖了整个企业。比如发起人委员会(COSO)这样定义风险:风险管理是一个过程,实体的董事会、管理人员和其他人员,应用于战略实施并贯穿于企业当中,旨在识别可能会影响主体的潜在事项,管理风险以使其在主体的风险容量之内,并为主体的目标的实现提供合理的保证。
In ISO 31000:2009—“Risk management—Principles and guidelines on implementation,” risk is defined as the “effect of uncertainty on objectives,” and risk management as something that “aids decision making by taking account of uncertainty and its effect on achieving objectives and assessing the need for any actions.”
ISO31000:2009——风险管理——实施的原则和指南中,风险被定义为“目标不确定性的效果”,风险管理如同那些考通过不确定性的辅助决策和达到目标的效果和任何措施必要性的评价。
For our purposes, we restrict risk to be in the operations domain and not the finance domain. Financial risk management typically focuses on hedging costs, fluctuations in currencies, and insurance.
就我们的目的而言,我们限定的风险是经营领域而非财务领域。典型的财务风险管理关注边际成本、财务风险管理典型的关注套现保值成本、货币的波动和保险。
There are three main types of operational risks:
经营风险:
Enterprise risk—Risk related to the operation of a business, execution strategy, systemic issues, and material issues
企业风险——与一项业务运行、战略执行、物料事件。
Project risk—Risk related to the planning and delivery of a product or service, and of not being able to meet project “triple constraints,” i.e., scope/quality, schedule, and cost, including technology and other factors
项目风险——与产品或服务的交付及策划有关的风险,以及不能满足项目“三项限制”的风险,比如范围/质量,时间表和成本,包括技术和其他因素。
Process risk—Risk relating directly to planning and delivery of a product or service and of not being able to meet process stability, process capability, and continuous improvement—meaning the inability to achieve consistent outcomes
过程风险——直接跟产品或服务的策划和交付有关的风险,以及不能满足过程稳定性、过程能力和持续改进的风险,这意味着没有能力获得持续的结果。
To ensure consistency of approach to risk management, standards and models have been and are continuing to be developed. Standards provide the following benefits:
为保证风险管理方法的一致性,标准和模型已经建立并得到了持续改进。标准提供以下的好处:
- Reference for risk management processes
- 风险管理过程的参考
- Define consensus and best practices
- 定义的共识和最佳实践
- Define frameworks to guide and support risk decision process
- 定义框架来指导和支持风险决策过程
- Provide common vocabulary to discuss and compare risk processes
- 提供普遍接受的术语来讨论并比较风险过程
Some risk-based standards include: ISO 28000, which addresses supply chain security; ISO 27000, for IT security; ISO 22000 for food safety; the FAA Safety Management System, and AS 9100 for aerospace.
一些基于风险的标准包括:ISO28000,致力于供应链安全;ISO27000,致力于IT安全;ISO22000,致力于食品安全;FAA是安全管理体系;AS9100是航空宇宙。
The critical elements of risk management identified in ISO 31000 are:
ISO31000中识别的风险管理关键要素包括:
Risk identification—Identifies the sources of risk, risk events, and their potential consequences
风险识别——识别风险的来源、风险事项及他们潜在的后果
Risk analysis—Analyzes the causes and source of the risks and the likelihood that they will occur
风险分析——分析风险产生的原因及发生的可能性
Risk evaluation—Determines whether risks need to be addressed and treated
风险评估——确定是否需要处理和解决风险
Risk treatment—Determines strategies and tactics to mitigate or control risks
风险处理——确定战略或策略来减轻或控制风险
Further, ISO states that risk management should “ensure that organizations have an appropriate response to the risks affecting them.” Risk management should thus “help avoid ineffective and inefficient responses to risk that can unnecessarily prevent legitimate activities and/or distort resource allocation.” And, to be effective within an organization, risk management should be “an integrated part of the organization’s overall governance, management, reporting processes, policies, philosophy and culture.”
此外,ISO进一步陈述了风险管理应当“确保组织有一个适当的方法对影响他们的风险做出响应”。因此风险管理应当“有助于防止无效果且效率不高的风险响应,这样的风险响应对于预防非法的活动和/或不合理的配置资源没有必要。”而且,为了确保在组织内有效,风险管理应当“是组织整个控制、管理、报告过程、政策、哲学及文化的有机组成部分。”
The ISO risk management process involves “applying logical and systematic methods” for:
ISO风险管理过程包括“为以下活动采用逻辑的和系统的方法”:
• Communication and consultation throughout the process
• 在整个过程中沟通与咨询
• Establishing the context
• 创建氛围
• Identifying, analyzing, evaluating and treating risk associated with any activity, process, function, project, product, service, or asset
• 识别、分析、评估及处理与任何活动、过程、职能、项目、产品、服务或资产有关的风险
• Monitoring and reviewing risk
•监视和评估风险
• Recording and reporting the results appropriately
• 适当地记录和报告结果
Why is risk proactive, preventive, predictive, and preemptive?
为什么风险是前瞻性、预防性、预测性、抢先性的呢?
Risk assessment is proactive in that a formal analysis is undertaken to identify, rate, and address risk. This involves risk identification (predicting and listing possible risks) then risk analysis (rating them as to seriousness). Seriousness is determined by looking at the likelihood of occurrence and the resulting consequences. There are several risk analysis techniques available, but they fall into two camps: qualitative and quantitative.
风险分析具有前瞻性在于:对风险进行正式的分析会用来识别、分级并处理风险。这包括风险识别(预测并列出可能的风险),然后进行风险分析(对风险的严重程度进行分级)。严重程度根据发生的可能性及其结果来确定,有多种可用的风险分析技术,分为两类:定量的和定性的
Qualitative analysis relies on subject-matter experts who rate both likelihood and consequence of potential risks using a gradated scale, e.g., 1–5, or high/medium/low, or using a “heat map.” Likelihood and consequence are recorded in a two-dimensional grid.
定性的分析依赖于项目专家,他用分级数据范围对潜在风险的可能性和结果。比如1~5,或高/中/低,或使用一个“热度图”。可能性和结果会记录在一个二维的表格中。
Quantitative analysis relies on using numerical values or scores because this is felt to be a more objective method. Historical or scientific data on the process or activity is used to determine values. This method requires an understanding of probability; for cases where data are available, removes some uncertainty.
定量的分析采用数值或分值进行计量,定量分析依赖于数值或分值,因为这被认为是一个更为客观的方法。过程的历史数据或者科学数据被用来确定数值。这种方法要求对概率有一定的了解,在数据已知的情况下,去掉一些不确定性。
Using either approach, highly likely risks with high consequences obviously must be taken seriously.
不管使用哪种方法,具有严重后果的发生几率大的高风险就要认真对待了。
Once the serious risks are determined, they can be consciously dealt with. By applying mitigation steps, the risks can be prevented, preempted, or reduced in impact. You can accept risk, avoid risk (by stopping the risky activity), reduce risk (by reducing likelihood consequence or both), or share risk (pool, outsource the activity, insure against the risk). A key point to note is that this process represents a conscious effort, which by its nature must be visible to management.
一旦确定了严重的风险,他们就会被有意识的处理掉了。通过采用降低风险的步骤,这些风险就能够被预防、抢先处理了,或减轻其产生的影响。你可以接受风险、避免风险(通过阻止有风险的活动的发生)、降低风险(通过降低风险及其结果发生的可能性),或者分散风险(风险池、外包活动,通过保险来分散风险)。一个需要注意的关键点是这个过程代表了有意识的努力,从本质上说,需要注意的关键点就是过程代表着有意识结果,这个结果的管理本质是可以目视的。
Summary总结
We have looked at the link between quality and risk and the basic elements of risk management and operational risk. By changing your perspective to view quality as a risk function, you can shift from a largely reactive approach of measuring and controlling variances, to proactively identifying, addressing, prioritizing, and eliminating potential sources of failure.
在本文中,经营风险。通过改变你的质量视角,通过改变你的风险功能的质量视觉,你可以很大程度上从测量和变异控制消极的方法,转变为具有前瞻性的识别、解决、优先排序并降低潜在的失效的来源。
ABOUT THE AUTHOR作者简介
Ed Perkins爱德华 伯金斯
Ed Perkins is a practicing risk engineer with Quality + Engineering, a Portland, Oregon-based engineering consulting company. Q+E provides governance, risk, auditing and compliance services, and is the developer of the Certified Enterprise Risk Manager certificate training program. Q+E is developing an online resource site for learning about risk and risk-based decision making
爱德华伯金斯是波兰俄勒冈州一家工程咨询公司的一位实战型的质量和工程风险工程师。Q+E提供管理、风险、审核及一致性服务,并且是经认证的风险管理经理人这个培训项目的开发者。Q+E为需要学习风险及基于风险的决策的人员开发了一项在线的资源网站。
没有找到相关结果
已邀请:
RSS Feed
10 个回复
ccsspp454 (威望:6) (吉林 白城) 生物医药 经理 - 质量管理
赞同来自: