Operationalizing" Excellence with ERM. Wesley Morgan Andrew Bent
|
|
- Marion Leonard
- 5 years ago
- Views:
Transcription
1 Operationalizing" Excellence with ERM Wesley Morgan Andrew Bent
2 Presenters Wesley Morgan Case Team Leader, Wilson, Perumal and Company Andrew Bent Regional Risk Manager (North America), Sage Software Inc.
3 Presentation Objectives Describe the fundamentals of management systems Identify how management systems can be used to implement and strengthen ERM Discuss the practicalities of implementing a risk-based management system
4 Problem Statement Problem: When we use different approaches to managing risk throughout our organization, we add unnecessary complexity and decreases overall effectiveness Solution: Adopt a single, integrated approach to address risk management across the organization
5 Establishing the Risk Lens Our first step is establish the lens through which we are going to look at our risks: Internal: things we can directly control E.g. Maintenance strategy, management of change, culture External: things we can t control directly E.g. Evolving markets, currency fluctuations, natural disasters
6 Section 1: Overview of Management Systems
7
8 Every company is made of 3 fundamental components: They have processes That are carried out by people and technology 1 Processes 2 3 Equipment & Technology
9 There are two kinds of processes: Value Chain Processes are the core activities a company performs to deliver value to their customers These vary greatly between companies Management Processes are the activities necessary to support Value Chain Processes These are very similar between companies
10 Value Chain Processes Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Each part of the overall value chain process requires its own process, people and equipment How do you ensure that the processes, people and equipment perform as expected?
11 Clear Priorities Roles and Responsibilities Identify How PP&E may Fail Controls to Mitigate Failure Clear Communication Manage Changes to System Continuously Improve Value Chain/Management Processes Interaction Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Management System Processes Each management system process is designed to address how processes, people or equipment can fail in your value chain
12 What is a Management System? Management System: The set of management processes a company uses to manage its people, value chain processes, and assets to achieve a particular outcome, or set of outcomes.
13 Whether formal or informal, every company has a Management System Informal the company s management processes are not explicitly defined, documented, or purposefully managed Formal the company s management processes are defined, documented, and deliberately managed
14 Four reasons companies formally document management systems Communicate expectations Enable accountability Ensure consistency Continuously improve
15 There are many types of formal management systems
16 Implementing a single, integrated management system reduces overlap and improves performance Common Management System Approach Operational Excellence Management System Safety Environmental Quality Reliability Cost Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Key Controls Key Controls Key Controls Key Controls Key Controls Safety Quality Environmental Process Reliability Equipment Compliance Change Cost Key Controls Increased performance Accelerated learning Reduced cost and overhead
17 The foundations of an Operational Excellence Management System Key Value Drivers OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost
18 The Four Sources of Risk Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Any failure of the operation to produce a good or service that meets the customers requirements is a result of 1 of 4 sources: 1. A person failed to do what they were expected to do. 2. A process failed to perform as expected 3. A piece of equipment failed to perform as expected 4. Un-managed change
19 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk OE is defined by measurable business performance across specific value drivers There are only four sources of risk for failure to perform against the value drivers Safety Environment Compliance Quality Productivity Yield Cost Processes Equipment Change
20 Each source of risk can be analyzed for the key causes of failure Expectations don t exist Unaware of expectation Expectations not communicated Expectations not enforced Unable to perform as expected Lack of knowledge Lack of talent Chooses not to perform as expected Lack of virtue Wrong incentive
21 Each source of risk can be analyzed for the key causes of failure Inadequate Design Inadequate Maintenance Strategy Equipment Improper Operations Process Unplanned Failure Personnel not allocated Inadequate execution of Maintenance Strategy Insufficient tools/materials
22 Each source of risk can be analyzed for the key causes of failure Process is not capable Process Process not in control Equipment Operating limits not defined MOC process not capable Change Change not identified MOC process not followed
23 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable MOC inadequate
24 If Causes of Failure are consistent, necessary Key Controls must be too Expectations don t exist Key Controls Ops/maintenance procedures/policies/standard work Unaware of expectation Expectations not communicated Shift meetings/turnover/passdown Expectations not enforced Audits/assessments, org structure, performance management Unable to perform as expected Lack of knowledge Lack of talent Training/certification Selection process Chooses not to perform as expected Lack of virtue Wrong incentive Culture, selection process Compensation strategy, performance management
25 If Causes of Failure are consistent, necessary Key Controls must be too Inadequate Design Engineering Disciplines Inadequate Maintenance Strategy Criticality Ranking, FMEA, RCM Equipment Improper Operations Equipment Unplanned Failure Personnel not allocated Gatekeeping, Scheduling Inadequate execution of Maintenance Strategy Insufficient tools/materials Planning, Parts Kitting, Parts Strategy 25
26 If Causes of Failure are consistent, necessary Key Controls must be too Process is not capable Process Engineering (LEAN Six Sigma Tools) Process Process is not in control Process Operating limits not defined Process FMEA, Process Control Plan MOC process not capable Management of Change Program Change MOC process not followed 26
27 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure Specific Key Controls OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable The set of Key Controls necessary to prevent failures is also the same Examples Vision/Procedures Training/Certification Performance Mgmt Engineering Disciplines Planning/Scheduling MOC Process Culture Organization Structure MOC inadequate Process Control Plan FMEA
28 Key Controls can be grouped into similar Elements to reduce complexity Process Hazard Analysis Failure Modes Effects Analysis Risk Registers Element 3 Risk Identification
29 The 7 essential Elements of an Operational Excellence Mgmt System Leadership Employee accountability Risk identification Leaders articulate a clear vision of Operational Excellence and create a culture of Operational Discipline Processes are in place to ensure employee s are properly incentivized and know what they are accountable Risks are identified, assessed, and prioritized for processes and equipment Risk mitigation Knowledge sharing Management of change Continuous improvement Controls are put in place to mitigate the identified risks Communication and training systems are in place to share knowledge about the risks and their controls Processes are in place to management changes of people, processes, and equipment All processes are measured, verified, and continuously approved
30 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure Specific Key Controls OEMS Elements OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable MOC inadequate The set of Key Controls necessary to prevent failures is also the same Examples Vision/Procedures Training/Certification Performance Mgmt Engineering Disciplines Planning/Scheduling MOC Process Culture Organization Structure Process Control Plan Key controls are organized into Elements to facilitate implementation and management Leadership Employee Accountability Risk ID Risk Mitigation Knowledge Sharing Management of Change Continuous Improvement FMEA
31 Thinking back to our overlapping processes example Common Management System Approach Operational Excellence Management System Safety Environmental Quality Reliability Cost Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Key Controls Key Controls Key Controls Key Controls Key Controls Safety Quality Environmental Process Reliability Equipment Compliance Change Cost Key Controls Increased performance Accelerated learning Reduced cost and overhead
32 How we prevent overlap, duplication, confliction, etc. MECE: Mutually Exclusive, Collectively Exhaustive Each process must stay in its own lane Each process must cover the minimum requirements necessary to control for the risks associated with that process Example:
33 Example Framework with Elements 4.4. Spare Parts Strategy: A formal process shall be in place for identifying, managing, and storing critical spare parts and materials The process shall identify the criticality of the spare parts Spare parts shall be inventoried and managed to ensure availability The cost of the spare parts shall be tracked and managed 4.5. Procedures and Standard Work: A formal process shall be in place for developing, documenting, communicating and storing written instructions for administrative controls as well as critical and routine processes Procedures and Standard Work shall exist for high-risk routine tasks, taking into account abnormal conditions and emergency situations Procedures shall be managed by a document control policy Procedures shall be easily accessible Procedures and standard work shall clearly define or reference the specified operating limits for all equipment operation in accordance with 3.4: Operating Limits, as required Procedures and standard work shall clearly define or reference the specified operating limits for all equipment operation in accordance with 3.4: Operating Limits, as required 4.6. Capital Project Management: A formal process shall be in place for selecting, approving, planning, executing, and evaluating capital projects and installing design controls with the objective of ensuring safe, high quality projects are delivered on time and on budget The process shall be a staged process that will require periodic reviews to verify that the project can be executed safely, will meet quality expectations, and will be delivered on time and on budget
34 A management system is more than a Framework Framework Governance Standards Audits Gap ID/Closure Metrics Management Review The underlying processes and documents supporting the framework are equally important in the ultimate effectiveness of the MS
35 A management system provides a structured approach to managing the business Roles & Responsibilities
36 Section 2: Integration with ERM
37
38 Common ERM Attributes RIMS RMM ATTRIBUTE ISO OCEG RED BOOK BS COSO FERMA SOLVENCY II ERM-based approach X X X X X X ERM Process Management X X X X X X Risk Appetite Management X X X X X X Root Cause Discipline X X X Uncovering Risks X X X X X X Performance Management X X X X X Business Resiliency & Sustainability X X X
39 ERM Attributes MS Alignment ERM Based Approach: Provides standard expectations for leaders Defines accountability and responsibility Helps to shape organizational culture ERM Process Management Provides a single RM process approach (i.e. ISO31000, COSO etc) Defines how local leaders should approach risks, but doesn t bind them
40 ERM Attributes MS Alignment Risk Appetite Management: Requires organizational to set risk appetite and tolerance boundaries Provides a common risk go/no-go bar for all of the organization s operational entities Provides a construct for discussing opportunity exploitation
41 ERM Attributes MS Alignment Root Cause Discipline: Good root cause analysis is a fundamental requirement in identifying the right controls Risk disciplines (including H&S, Process Safety) often have the experience to lead this for the organization Increase efficiency by layering the same control in multiple places where the failure can occur
42 ERM Attributes MS Alignment Uncovering Risks: Build risk ID, assessment, treatment and monitoring into multiple standards Management review process provides the process for systematic risk management Performance Management Leverage management system performance monitoring and reporting to integrate KRIs
43 ERM Attributes MS Alignment Business Resiliency & Sustainability: MS provides key information for EM and BC planning (i.e. process criticality) Standards-based approach is flexible enough to apply to multiple scenarios MS also provides details and direction on leadership accountability, communication, legal and regulatory management
44 Section 3: Implementation Experience
45 Experience - Timeline Don t rush the process: It has taken at least twice as long as originally planned in both organizations Proper design, develop, and deploy should be ~1 year Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Initial set of processes Second set of processes Phase 1 - Design Phase 2 - Develop Phase 3 - Deploy Third set of processes Subsequent Development & Implementation
46 Experience - Timeline Don t rush the process: It has taken at least twice as long as originally planned in both organizations Proper design, develop, and deploy should be ~1 year Time spent in element definition, standard development saves a lot of angst later Making it simple takes a lot of hard work up front Majority of the time comes from stakeholder collaboration, review, feedback Everyone wants a say
47 Experience Writing Standards Translating existing standards: Either internal or external will need to be translated to meet the broader purpose Be cautious of unintended consequences As early as possible figure out what you will break, and decide what is positive, what is negative, and if the risk of change is acceptable Majority of the time comes from stakeholder collaboration, review, feedback Everyone wants a say but not everyone is an expert This is the importance of establishing solid governance early on
48 Experience - Leadership Must be visible, constant during development: Regular senior leadership displays of support show this is not flavor of the month Must be involved in prioritization Development and implementation priorities should be aligned with strategic priorities Must be prepared to enforce conformance No point in having a system if the boss is the worst offender for not following it
49 Section 4 Questions?
50 Contact Information: Wesley Morgan: Andrew Bent: