Risk management integrated into Q-World

"The ISO 9001:2015 standard requires a systematic process to anticipate risks and opportunities (...) and, if necessary, to integrate them into the QMS system," said René Wasmer, deputy managing director of SQS, in a recently published interview. According to the unanimous assessment of risk management specialists from academia and practice, the existing tools, ranging from simple Excel solutions to (departmentally) specialised software, do not meet the criteria for effective risk management. There is often a lack of efficiency, versatility, reporting and communication.

What's different about Improve?

"Our new Improve module integrates risk management into quality management," explains Synprovis CEO Hubert Geisseler. The tried-and-tested CIP web software thus makes it possible to link the existing 16 input masks and modules with the topic of risk management. New stand-alone solutions or new applications to cope with the ISO 9001:2015 standard are no longer necessary thanks to the integrative Improve approach. Improve addresses all risks on the same interface, whether they are strategic, operational, technical or financial. Risk specifications take place exclusively within the tool. "Only one platform instead of several non-congruent individual solutions makes risk management fast and transparent," comments Pirmin Stalder, lead software developer at Synprovis.

Simplicity in the 4 rhythm

The consistent structure "record, decide, complete, improve" makes the CIP software user-friendly across all topics, from recording to effectiveness control. This fourfold structure is a common thread throughout Improve and can also be found in the new Risk Management module (see figure):

1) Identification & Analysis The responsible notifier assigns an event or a potentiality to a (company-specific formulated) risk category and a risk area. He describes the risk and notes possible causes.

2) Evaluation & Classification The risk is assessed according to the classic "probability of occurrence/loss potential" matrix for an actual value and a target value. In addition, the risk strategy is defined here and suitable early warning indicators are named.

3) Risk management measures Assignment of measures to persons and deadlines. This may sound banal, but in reality it is crucial for success. Without explicit responsibilities, no one is accountable, "risk of shipping"!

4) Monitoring Is again assigned to a person who reassesses the original assessment, including the measures, in the spirit of the cycle. It should be noted that the four steps do not follow a rigid chronology. In particular, steps 3 and 4, measures and monitoring, run in parallel.

Transparent at all times

Improve also provides users with a complete overview of risk management, in contrast to Excel solutions or software-supported isolated applications. Coordination problems between locations, divisions or departments of a company are eliminated thanks to the mapping of all risk topics on one platform. With Improve, it is impossible for an identified and recorded risk to be "forgotten" or "disappear in a drawer" under the operational pressure on employees: the risk management measures and their monitoring, i.e. steps 3 and 4 of the module, automatically appear in Improve's list of open work. Ensuring transparency and traceability at all times is of great practical value, especially for corporate structures with branches, subsidiaries or affiliates.

Reports at the touch of a button

"With Improve, there are no data graveyards," says software developer Pirmin Stalder. Timely outputs of all required report forms, especially the management report, can be created at the push of a button. "Effort and time savings compared to isolated applications are enormous," adds CEO Geisseler. This refers in particular to the graphical evaluation of the risk portfolios. Graphs created can be exported into reports and further processed in the simplest way. To simplify day-to-day work, the graphics created in the tool are consistently linked to the original reports - a click on a specific visualized risk is enough to make the history and origin visible.

Conclusion

For ISO 9001 certified SMEs, Improve's Risk Management module, tested with pilot customers, is a highly flexible solution. Well structured and usable for all business risks, the software integrates risk management into the overall context of quality management and CIP. The tool requires clear responsibilities for risks and their elimination and avoids any loss of information. The self-explanatory web software also impresses with its unique simplicity at the front end and thus also with short introduction and training times.