Operationalizing" Excellence with ERM. Wesley Morgan Andrew Bent

Size: px

Start display at page:

Download "Operationalizing" Excellence with ERM. Wesley Morgan Andrew Bent"

Marion Leonard
5 years ago
Views:

1 Operationalizing" Excellence with ERM Wesley Morgan Andrew Bent

2 Presenters Wesley Morgan Case Team Leader, Wilson, Perumal and Company Andrew Bent Regional Risk Manager (North America), Sage Software Inc.

3 Presentation Objectives Describe the fundamentals of management systems Identify how management systems can be used to implement and strengthen ERM Discuss the practicalities of implementing a risk-based management system

4 Problem Statement Problem: When we use different approaches to managing risk throughout our organization, we add unnecessary complexity and decreases overall effectiveness Solution: Adopt a single, integrated approach to address risk management across the organization

5 Establishing the Risk Lens Our first step is establish the lens through which we are going to look at our risks: Internal: things we can directly control E.g. Maintenance strategy, management of change, culture External: things we can t control directly E.g. Evolving markets, currency fluctuations, natural disasters

6 Section 1: Overview of Management Systems

8 Every company is made of 3 fundamental components: They have processes That are carried out by people and technology 1 Processes 2 3 Equipment & Technology

9 There are two kinds of processes: Value Chain Processes are the core activities a company performs to deliver value to their customers These vary greatly between companies Management Processes are the activities necessary to support Value Chain Processes These are very similar between companies

10 Value Chain Processes Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Each part of the overall value chain process requires its own process, people and equipment How do you ensure that the processes, people and equipment perform as expected?

11 Clear Priorities Roles and Responsibilities Identify How PP&E may Fail Controls to Mitigate Failure Clear Communication Manage Changes to System Continuously Improve Value Chain/Management Processes Interaction Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Management System Processes Each management system process is designed to address how processes, people or equipment can fail in your value chain

12 What is a Management System? Management System: The set of management processes a company uses to manage its people, value chain processes, and assets to achieve a particular outcome, or set of outcomes.

13 Whether formal or informal, every company has a Management System Informal the company s management processes are not explicitly defined, documented, or purposefully managed Formal the company s management processes are defined, documented, and deliberately managed

14 Four reasons companies formally document management systems Communicate expectations Enable accountability Ensure consistency Continuously improve

15 There are many types of formal management systems

16 Implementing a single, integrated management system reduces overlap and improves performance Common Management System Approach Operational Excellence Management System Safety Environmental Quality Reliability Cost Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Key Controls Key Controls Key Controls Key Controls Key Controls Safety Quality Environmental Process Reliability Equipment Compliance Change Cost Key Controls Increased performance Accelerated learning Reduced cost and overhead

17 The foundations of an Operational Excellence Management System Key Value Drivers OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost

The Four Sources of Risk Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Any failure of the operation to

18 The Four Sources of Risk Example Value Chain Processes Acquire raw material Convert to finished goods Store finished goods Distribute finished goods Collect Payment Any failure of the operation to produce a good or service that meets the customers requirements is a result of 1 of 4 sources: 1. A person failed to do what they were expected to do. 2. A process failed to perform as expected 3. A piece of equipment failed to perform as expected 4. Un-managed change

19 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk OE is defined by measurable business performance across specific value drivers There are only four sources of risk for failure to perform against the value drivers Safety Environment Compliance Quality Productivity Yield Cost Processes Equipment Change

20 Each source of risk can be analyzed for the key causes of failure Expectations don t exist Unaware of expectation Expectations not communicated Expectations not enforced Unable to perform as expected Lack of knowledge Lack of talent Chooses not to perform as expected Lack of virtue Wrong incentive

21 Each source of risk can be analyzed for the key causes of failure Inadequate Design Inadequate Maintenance Strategy Equipment Improper Operations Process Unplanned Failure Personnel not allocated Inadequate execution of Maintenance Strategy Insufficient tools/materials

22 Each source of risk can be analyzed for the key causes of failure Process is not capable Process Process not in control Equipment Operating limits not defined MOC process not capable Change Change not identified MOC process not followed

23 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable MOC inadequate

24 If Causes of Failure are consistent, necessary Key Controls must be too Expectations don t exist Key Controls Ops/maintenance procedures/policies/standard work Unaware of expectation Expectations not communicated Shift meetings/turnover/passdown Expectations not enforced Audits/assessments, org structure, performance management Unable to perform as expected Lack of knowledge Lack of talent Training/certification Selection process Chooses not to perform as expected Lack of virtue Wrong incentive Culture, selection process Compensation strategy, performance management

25 If Causes of Failure are consistent, necessary Key Controls must be too Inadequate Design Engineering Disciplines Inadequate Maintenance Strategy Criticality Ranking, FMEA, RCM Equipment Improper Operations Equipment Unplanned Failure Personnel not allocated Gatekeeping, Scheduling Inadequate execution of Maintenance Strategy Insufficient tools/materials Planning, Parts Kitting, Parts Strategy 25

26 If Causes of Failure are consistent, necessary Key Controls must be too Process is not capable Process Engineering (LEAN Six Sigma Tools) Process Process is not in control Process Operating limits not defined Process FMEA, Process Control Plan MOC process not capable Management of Change Program Change MOC process not followed 26

27 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure Specific Key Controls OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable The set of Key Controls necessary to prevent failures is also the same Examples Vision/Procedures Training/Certification Performance Mgmt Engineering Disciplines Planning/Scheduling MOC Process Culture Organization Structure MOC inadequate Process Control Plan FMEA

28 Key Controls can be grouped into similar Elements to reduce complexity Process Hazard Analysis Failure Modes Effects Analysis Risk Registers Element 3 Risk Identification

29 The 7 essential Elements of an Operational Excellence Mgmt System Leadership Employee accountability Risk identification Leaders articulate a clear vision of Operational Excellence and create a culture of Operational Discipline Processes are in place to ensure employee s are properly incentivized and know what they are accountable Risks are identified, assessed, and prioritized for processes and equipment Risk mitigation Knowledge sharing Management of change Continuous improvement Controls are put in place to mitigate the identified risks Communication and training systems are in place to share knowledge about the risks and their controls Processes are in place to management changes of people, processes, and equipment All processes are measured, verified, and continuously approved

The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure Specific Key Controls OEMS Elements OE is defined by

against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack

Examples Vision/Procedures Training/Certification Performance Mgmt Engineering Disciplines Planning/Scheduling MOC Process Culture Organization Structure Process Control Plan Key

30 The foundations of an Operational Excellence Management System Key Value Drivers Four Sources of Risk Common Causes of Failure Specific Key Controls OEMS Elements OE is defined by measurable business performance across specific value drivers Safety Environment Compliance Quality Productivity Yield Cost There are only four sources of risk for failure to perform against the value drivers Processes Equipment Change The four sources of risk tend to fail for the same reasons regardless of the type of operation Examples Expectations don t exist Lack of knowledge Wrong incentives Equipment not capable Personnel not allocated Process not capable MOC inadequate The set of Key Controls necessary to prevent failures is also the same Examples Vision/Procedures Training/Certification Performance Mgmt Engineering Disciplines Planning/Scheduling MOC Process Culture Organization Structure Process Control Plan Key controls are organized into Elements to facilitate implementation and management Leadership Employee Accountability Risk ID Risk Mitigation Knowledge Sharing Management of Change Continuous Improvement FMEA

Thinking back to our overlapping processes example Common Management System Approach Operational Excellence Management System Safety Environmental Quality Reliability Cost Process Equipment Change

31 Thinking back to our overlapping processes example Common Management System Approach Operational Excellence Management System Safety Environmental Quality Reliability Cost Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Process Equipment Change Key Controls Key Controls Key Controls Key Controls Key Controls Safety Quality Environmental Process Reliability Equipment Compliance Change Cost Key Controls Increased performance Accelerated learning Reduced cost and overhead

must stay in its own lane Each process must cover the minimum

32 How we prevent overlap, duplication, confliction, etc. MECE: Mutually Exclusive, Collectively Exhaustive Each process must stay in its own lane Each process must cover the minimum requirements necessary to control for the risks associated with that process Example:

33 Example Framework with Elements 4.4. Spare Parts Strategy: A formal process shall be in place for identifying, managing, and storing critical spare parts and materials The process shall identify the criticality of the spare parts Spare parts shall be inventoried and managed to ensure availability The cost of the spare parts shall be tracked and managed 4.5. Procedures and Standard Work: A formal process shall be in place for developing, documenting, communicating and storing written instructions for administrative controls as well as critical and routine processes Procedures and Standard Work shall exist for high-risk routine tasks, taking into account abnormal conditions and emergency situations Procedures shall be managed by a document control policy Procedures shall be easily accessible Procedures and standard work shall clearly define or reference the specified operating limits for all equipment operation in accordance with 3.4: Operating Limits, as required Procedures and standard work shall clearly define or reference the specified operating limits for all equipment operation in accordance with 3.4: Operating Limits, as required 4.6. Capital Project Management: A formal process shall be in place for selecting, approving, planning, executing, and evaluating capital projects and installing design controls with the objective of ensuring safe, high quality projects are delivered on time and on budget The process shall be a staged process that will require periodic reviews to verify that the project can be executed safely, will meet quality expectations, and will be delivered on time and on budget

34 A management system is more than a Framework Framework Governance Standards Audits Gap ID/Closure Metrics Management Review The underlying processes and documents supporting the framework are equally important in the ultimate effectiveness of the MS

35 A management system provides a structured approach to managing the business Roles & Responsibilities

36 Section 2: Integration with ERM

38 Common ERM Attributes RIMS RMM ATTRIBUTE ISO OCEG RED BOOK BS COSO FERMA SOLVENCY II ERM-based approach X X X X X X ERM Process Management X X X X X X Risk Appetite Management X X X X X X Root Cause Discipline X X X Uncovering Risks X X X X X X Performance Management X X X X X Business Resiliency & Sustainability X X X

39 ERM Attributes MS Alignment ERM Based Approach: Provides standard expectations for leaders Defines accountability and responsibility Helps to shape organizational culture ERM Process Management Provides a single RM process approach (i.e. ISO31000, COSO etc) Defines how local leaders should approach risks, but doesn t bind them

40 ERM Attributes MS Alignment Risk Appetite Management: Requires organizational to set risk appetite and tolerance boundaries Provides a common risk go/no-go bar for all of the organization s operational entities Provides a construct for discussing opportunity exploitation

41 ERM Attributes MS Alignment Root Cause Discipline: Good root cause analysis is a fundamental requirement in identifying the right controls Risk disciplines (including H&S, Process Safety) often have the experience to lead this for the organization Increase efficiency by layering the same control in multiple places where the failure can occur

42 ERM Attributes MS Alignment Uncovering Risks: Build risk ID, assessment, treatment and monitoring into multiple standards Management review process provides the process for systematic risk management Performance Management Leverage management system performance monitoring and reporting to integrate KRIs

43 ERM Attributes MS Alignment Business Resiliency & Sustainability: MS provides key information for EM and BC planning (i.e. process criticality) Standards-based approach is flexible enough to apply to multiple scenarios MS also provides details and direction on leadership accountability, communication, legal and regulatory management

44 Section 3: Implementation Experience

45 Experience - Timeline Don t rush the process: It has taken at least twice as long as originally planned in both organizations Proper design, develop, and deploy should be ~1 year Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Initial set of processes Second set of processes Phase 1 - Design Phase 2 - Develop Phase 3 - Deploy Third set of processes Subsequent Development & Implementation

46 Experience - Timeline Don t rush the process: It has taken at least twice as long as originally planned in both organizations Proper design, develop, and deploy should be ~1 year Time spent in element definition, standard development saves a lot of angst later Making it simple takes a lot of hard work up front Majority of the time comes from stakeholder collaboration, review, feedback Everyone wants a say

47 Experience Writing Standards Translating existing standards: Either internal or external will need to be translated to meet the broader purpose Be cautious of unintended consequences As early as possible figure out what you will break, and decide what is positive, what is negative, and if the risk of change is acceptable Majority of the time comes from stakeholder collaboration, review, feedback Everyone wants a say but not everyone is an expert This is the importance of establishing solid governance early on

48 Experience - Leadership Must be visible, constant during development: Regular senior leadership displays of support show this is not flavor of the month Must be involved in prioritization Development and implementation priorities should be aligned with strategic priorities Must be prepared to enforce conformance No point in having a system if the boss is the worst offender for not following it

49 Section 4 Questions?

50 Contact Information: Wesley Morgan: Andrew Bent: