Featured

ISO 9001: Using the FMEA Tool to Manage Opportunities

Alessio Aliani 30 July 2018

The 2015 revision of ISO 9001 introduced several changes and new aspects that represent a real challenge for quality professionals.

Clause 0.3.3 of the document specifies that a structured way of thinking to address risks and opportunities is essential for ensuring an effective quality management system, as it allows improving results achievable through it and preventing potential negative effects. In paragraph 0.1, it explains that having an attitude focused on identifying risks and opportunities enables an organization to determine which factors might affect its processes and quality system, causing them to deviate from expected results, and allows for early preventive actions that minimize potential negative effects and make the most of the opportunities that arise.

This is the first time in the history of quality that we face a new perspective: training ourselves to seize opportunities and leverage them to our advantage. In ISO 9001:2015, there are many points where risks are mentioned, and others where both risks and opportunities are discussed. To name just a few:

Paragraph 0.1 c – referring to managing risks and opportunities associated with the context and objectives;
Paragraph 0.3.3 – specifying how an organization needs to plan and implement necessary actions to manage risks and opportunities, and how the approach to risks and opportunities establishes a foundation for increasing the efficiency of the system;
Paragraph 5.1.2 b – reminding how risks and opportunities can affect the conformity of products and services;
Paragraph 6.1 – referring to actions to manage risks and opportunities;
Paragraph 6.1.2 – explaining that the actions taken to manage risks and opportunities must be appropriate to the potential impact they may have, and that options for risk management include actions to avoid risks, but also activities aimed at assuming the risk to pursue an associated opportunity;
Paragraph A.1 – reminding to consider the nature of the identified risks and opportunities.

This shows us not only the importance of managing risks within the requirements of ISO 9001:2015, but also that risks and opportunities must be managed in the same way because opportunities are simply a positive version of risks. So, let’s explore which methodology can be followed to meet these requirements effectively for the organization. The standard establishes a fundamental concept: risk is simply the effect of uncertainty, and this uncertainty can have both positive and negative consequences. We also know that uncertainty is considered normal in a complex and dynamic scenario like today’s work environment.

The standard further specifies that opportunities can arise either from a particularly favorable situation or as a result of achieving an objective (for example, by developing new products, reducing waste, or improving productivity, new customers can be attracted, even if this was not the primary goal). Following a suggestion in Chapter 5 of ISO 31000:2009, we can set up the risk management process to be:

An integral part of management;
Culturally absorbed by individuals in daily practices;
Tailored to the business of the adopting organization.

ISO 31000 also defines the activities in the risk determination process:

Communication and consultation;
Context determination;
Risk identification;
Analysis;
Evaluation;
Management;
Monitoring the situation and its periodic review.

If we consider an opportunity as the positive part of a risk, these suggestions provide valuable insights for managing opportunities. Among all the tools we can use for this purpose (such as HAZOP, HACCP, APR, RCM, etc.), one universal tool is the FMEA (Failure Mode and Effects Analysis).

For a small organization, the steps to identify and seize opportunities are:

Gather the necessary people around the table;
Analyze risks and opportunities related to objectives;
Consider the needs and expectations of stakeholders;
Define necessary actions.

A larger organization will need a more structured approach and a formal process to adopt a risk-based thinking approach, such as FMEA, stripping it of its purely negative connotation and using it to manage potential opportunities. The core concepts of FMEA are:

Risk and opportunity management within an organization should be carried out through its processes;
Risks and opportunities are identified using process indicators;
A rigorous analysis is conducted based on modes, effects, and causes;
The causes and risk modes are found within the process, while effects are identified in the external environment, making them detectable by interested parties;
Risk evaluation is carried out through three parameters: severity, probability of occurrence, and the possibility of early detection of the risk;
The priority for risk management is calculated to understand where to start addressing them;
Periodic reviews of risks are required, and they should always be monitored.

Those familiar with FMEA often ask the classic question: “What could go wrong?”. To use this methodology to manage opportunities, let’s ask different questions, such as:

“What could happen that would help me?”
“What can I do to ensure this happens?”
“How can I make the most of this opportunity?”

To maximize FMEA in a positive form that can identify potential opportunities, it is advisable to:

Conduct multidisciplinary work within a group of 4-6 people;
Ensure that the group includes representatives from the relevant areas and stakeholders in the analysis;
Ensure participants have substantial experience regarding the process being analyzed;
If participants are not FMEA experts, ensure the presence of a specialist to guide the discussion;
Have the group’s work led by the area manager or process owner;
Provide all necessary information to carry out the work (at a minimum, ensuring clarity about the context in which the organization operates and a strategic vision of what needs to be achieved).

At this level, the tools we can use for the purpose include:

The business plan;
A map of the organization’s macro processes;
SWOT analysis;
Porter’s Five Forces analysis;
Balanced Scorecard;
Contingency plan;
Marketing studies.

The more information is provided to the working group to establish solid foundations for the FMEA, the more likely it is that the actions taken will not only identify and manage risks but also highlight any opportunities. In any FMEA, it is crucial to define the scope and purpose of the work early on, including:

Determining which processes to analyze and which interfaces;
Gathering all the necessary process information, in the detail needed for the analysis;
Analyzing process indicators;
Verifying with process stakeholders what their expectations are regarding the analysis.

For this purpose, the following tools can also be used:

Process turtle diagram for the processes being analyzed;
Process activity flowchart;
Process indicators;
Action plan to improve processes;
Any documented information needed to analyze the processes.

The operational work will proceed as follows:

List process indicators;
Determine which risks and opportunities might arise from these processes and how;
Identify the effects of each risk and opportunity (considering the perspectives of customers and stakeholders and any impact on mandatory or regulatory requirements);
Accurately define the severity level of a risk (or positivity of an opportunity), its probability of occurrence, and the probability of detecting it on time. Then, prioritize risks and opportunities for analysis;
List the actions to take to manage risks and seize opportunities and, for each action, establish a responsible party and a deadline for implementation.

This process should be repeated for each indicator. Risks and opportunities can be identified through:

Brainstorming;
6-3-5 methodology;
Ishikawa diagram;
Mind maps, but in any case, strive to think positively about each event to transform a risk into an opportunity.

For this application of FMEA to be effective, it is essential to focus on two points:

The senior management is responsible for the FMEA process for determining risks and opportunities, which includes selecting and allocating the necessary resources and supporting the working group by removing any obstacles it may encounter;
Recognize that this type of FMEA is a “living” document and, therefore, the analysis must be reviewed when the process or context changes, when a new risk or opportunity arises, and at least annually to keep it up to date.

ISO 9001: Using the FMEA Tool to Manage Opportunities

Get the best quote

PAS 24000 Certification: Building Responsible and Sustainable Supply Chains

Gender Equality Certification UNI PdR 125: A Strategic Integration into Corporate Systems

IlSole24Ore Special: Showcasing Excellence, ACSQ: Certifying for Growth

ISO 45001: Using Virtual Signals for Workplace Safety

Gender Equality: Obligation or Opportunity for Companies?

The Most Widely Used Tools in Quality Management

ISO 14001: balancing compliance with requirements and financial needs

ISO 45001: Added Value for Corporate Sustainability

The ISO 14001 Standard and CO2 Emission Reduction

Active Listening to Enhance Customer Satisfaction

Contacts

Policies

What you can do

Download Area