point
Suresh .V. Menon

Principal Consultant

Digital Stream Consulting

Risk Management In A Six Sigma Project

 

In this article we are describing on how to identify and prioritize the risk when selecting a Six Sigma Project. You can use the templates from the Statistical Software Minitab & Quality Companionfree trial version for 30 days or Licensed Version which are frequently used by the Six Sigma Consultant.

Each time a project is undertaken, it is accompanied by risk. Many organizations fail to adequately consider this aspect of a project until it surfaces.

However, risk can be identified in advance and steps taken to manage it properly. This chapter will discuss the concept of risk and the tools available for successfully managing it.

The Components of risk management

The major components of any risk management program include the following key areas as defined by the Project Management Institute:

•        Risk management planning. According to Turk (2008), “The Risk Management Plan presents the strategy and ground rules, defines the stakeholders, sets the objectives of the program, defines the process and organization structure, and presents roles and responsibilities. It may contain the templates for documentation associated with the program. . . . The plan should also present requirements for prioritizing and closing the risks.”

  • Risk identification. Identify as many risk factors as possible. Initially, the team will be a good source for identifying risks. However, if a failure mode and effects analysis (FMEA) has been conducted, it is an excellent starting point.

What is a risk factor? A risk factor must describe the risk event clearly and concisely in a manner similar to the way the “potential failure mode” or “potential cause” columns in FMEA documents are completed. Table 6.1 provides a useful starting point for identifying various types of risk. Often it is useful to categorize risks in a meaningful way. For example, risk might be categorized as: schedule, budget, technical, quality, personnel, and so on. Categorization can bring additional insight into the risk management process, as it is possible that a risk strategy that applies to a particular risk event could apply to more than one event in the same category.

  • Risk assessment. This is usually taken as a combination of the probability of the risk occurring and the impact of the risk. Taken together, they are considered the severity of the risk. The risk assessment may be conducted in matrix form with one axis labelledprobability and other labelledimpact. Each axis is divided into low, medium, and high categories, yielding nine boxes. This concept is  illustrated

 

 

 

 

Table 1.0 Potential types and forms of risk that could affect an organization.

Legal action

Noncompliance with regulatory requirements

Environmental violations

Customer errors

Customer payment delinquencies and  non-payment

Supplier errors

Raw material defects

Subcontractor non-conformance

Errors and omissions 

Financial investments (unexpected or  unacceptable yield)

Failed projects or inadequate return on  investment from projects

Product liability

Employee wrongdoing

Sabotage

Accidents

Catastrophic loss

Civil unrest or terrorist attack

 Damage from military action or political upheaval

Vandalism

Product obsolescence

Inadequate or omitted controls (over  processes, finances, employees, suppliers,  subcontractors, and so on)

Inattention to danger signals from controls 

Illegal or unethical behaviour on the part 

Disqualification for certifications, licenses,

of management

permits

Unwanted buyout/takeover of organization

 Unexpected death, disability, or departure of key personnel

 

  • Risk response planning. Generally, there are four ways to manage or respond to risk. They are: avoidance, transfer, monitoring, and mitigation. Avoidance refers to the practice of eliminating the risk factor. For example, falling back on a tried and-true software package rather than introduce a new, flashier, but relatively unproven version. Transfer refers to moving the risk to another party or individual and allowing them to assume the risk responsibility. For example, contract a construction job to an outside contractor rather than have it completed by in-house personnel. Another example, though simple, would be buying insurance. Monitoring refers to continuing to observe low risks where the cost of mitigation or avoidance is too high.

 

 

 

 

 

Example: - A proposed Lean Six Sigma project is aimed at improving quality to attract one or two new customers. The project will cost $3M. Previous experience indicates that the probability of getting customer A is between 60% and 70%, and the probability of getting customer B is between 10% and 20%. The probability of getting both A and B is between 5% and 10%. One way to analyse this problem is to make two tables, one for the worst case and the other for the best case, as shown in Table 1.2

Assuming the data are correct, the project will improve profit of the enterprise by between $1M and $2.5M.

Table 1.2 Example of quantifying risk.

 

 

 

 

 

Worst case

 

Best case

 

 

 

 

Profit ×           

          

          

Profit ×          

Outcome           

 

Profit ($M)  

Probability          

Probability

Profit ($M)

Probability

Probability

A only

 

2.00

0.60

1.20

2.00

0.70

1.40

B only

 

2.00

0.10

0.20

2.00

0.20

0.40

A and B

 

7.00

0.05

0.35

7.00

0.10

0.70

None

 

(3.00)

0.25

(0.75)

(3.00)

0.00

0.00

 

 

Expected profit =

1.00

Expected profit =

2.50

 

 

Further to conclude you have to take into account all the risks associated in the Project and take specific steps as mentioned in the paper, you can also brainstorm with process owners, heads of departments of an organization to prioritize risks.