The Growth of Risk Management

by Greg Hutchins and Dick Gould

The quality profession and ASQ were very successful during the l980s and ’90s. ASQ surged ahead in membership, national prominence and public policy influence. The Society and its members saw the development of ISO 9000, ISO 14000, the Malcolm Baldrige National Quality Award, lean, Six Sigma and many other innovative methods.

During this time, the quality profession advocated that “everyone is responsible for quality.” This came to pass, and we are now faced with questions about what the role of a quality professional is when everyone in an organization is responsible.

Outsourcing is also a major issue for the quality profession. Here’s an example. A few years ago, a major federal agency conducted an Office of Management and Budget study to determine whether its quality assurance and quality control functions were inherently governmental. The answer was no.

So, the agency integrated many quality responsibilities into the engineering function and outsourced the rest. This process is occurring in many governmental and private sector companies as quality is no longer considered a core function.

Status of Quality

Dispersion of responsibility and outsourcing seem to have stalled quality passion and engagement. Quality no longer plays a prominent role in competitive or strategic discussions. ASQ has lost membership. ISO 9000:2000 transition numbers are relatively low. Energy level at many ASQ local sectional meetings is flagging. Many quality consultants have seen a significant decrease in their ISO 9000 and other quality consulting business.

The question now is what the next step in the evolution of quality as a discipline will be. We believe it will be risk management—the one topic that keeps senior management awake at nights, both in the private and public sectors.

The bottom line for quality professionals is they should reframe their definition of quality around risk, add value to their employers by offering risk management solutions and develop career core competencies in this area. Fortunately, quality professionals can still retain their careers and knowledge equity by rebranding and retooling their knowledge base and capabilities. But, let’s first look at why risk management is so critical.

Management Decision Making

As recently as 10 years ago, high quality was the primary competitive differentiator for companies. But things changed. Product and service quality became uniformly high. High quality became the entry level for global competition and lost its status as a value added differentiator.

Next, low price became the competitive differentiator as more companies started outsourcing noncore activities to places such as Indonesia and South America and later to China and India. As more companies achieved low price and similar quality levels, the competitiveness differentiator moved to the total cost of ownership of a product.

In other words, organizations
optimized the total life cycle cost of a product or service to remain competitive. Again, the competitive differentiator had changed.

Sept. 11, 2001, was epochal in how it changed society as well as business decision making. Fear of terrorism and personal safety came to the forefront.

This fear was accompanied by a sustained recession. The internet bubble burst, and NASDAQ lost trillions of dollars in market capitalization. Major companies went into massive tailspins because of financial fraud.

Uncertainty forced companies to look at risk management to plan, control and execute business processes. Also, the likelihood and consequences of catastrophic events became higher, so there was much more discussion on how to anticipate and even prevent them. Risk management has now become the competitiveness differentiator.

Risk and Quality

Fortunately for those of us in the quality profession, risk management and quality management are closely aligned. Three definitions of risk and their quality solutions follow:

  1. Risk definition: The possibility an event will occur and adversely affect the achievement of objectives.1

    Quality solution: Product quality control has always been focused on defining, controlling and segregating product nonconformance. Sampling techniques, sampling tables, acceptable quality levels and confidence levels are all product risk based techniques.

  2. Risk definition: Uncertainty of outcome results from either a positive opportunity or a negative threat. It is the combination of likelihood and impact, including perceived importance of a positive and negative event, which may involve a hazard, improvement or new opportunity.2

    Quality solution: ISO 9000 and ISO 14000 are system based quality assurance mechanisms that minimize variability, create opportunities for improvement and ensure companies meet business and environmental objectives.

  3. Risk definition: A situation or circumstance that creates uncertainties about achieving program objectives.3

    Quality solution: Six Sigma and its derivative techniques, such as design for Six Sigma, are executed to determine the critical characteristics, minimize variability and improve performance.

Variability Control

Another connection between risk and quality is illustrated in Figure 1 (p. 73). As quality professionals, we all recognize the two bell shaped curves centered in the middle of a specification target or business objective.

In much the same way, the essence of risk management is controlling variability from an objective, target, specification or standard.

Expressed another way, risk management is all about anticipating, controlling and mitigating assignable and common cause variation, process instability, out of control processes and inability to meet requirements, which result in nonconforming products, uncertainty and chaotic business conditions.

Reliability has always been considered a critical product quality attribute. Reliability metrics, such as mean time between failures and mean time to first failure, are probabilistic risk concepts.

The Six Sigma DMAIC methodology to define, measure, analyze, improve and control is fundamentally a risk management methodology.

Risk and risk management are the next evolution in quality and quality management. If we want to impact senior management decision making and enhance our employability, we need to adopt the risk management point of view.


  1. Enterprise Risk Management Framework, Committee of Sponsoring Organizations of the Treadway Commission, www.erm.coso.org, 2003.
  2. Public Spending and Services, HM Treasury (United Kingdom), www.hm-treasury.gov.uk, 2003.
  3. Incorporating Risk in the Programmatic Decision Making Process: A Case Study, Federal Aviation Administration, www.incose-wma.org/docs/chapter/Jun03PgmPresentationPaper1.doc, 2002, p. 6.

GREG HUTCHINS is an engineering principal with Quality Plus Engineering and Lean SCM in Portland, OR. The author of Value Added Auditing, from which much of the material in this article is excerpted (see www.valueaddedauditing.com for more information), Hutchins is a member of ASQ.

RICHARD A. GOULD is a risk management and supply management program manager with Quality Plus Engineering. He earned bachelor’s degrees in liberal arts and industrial management from Vanguard University of Southern California in Costa Mesa and Northwestern University in Boston. Gould is an ASQ Fellow, past chair of the Society’s Customer-Supplier Division and a cerified quality engineer, quality auditor and quality manager.

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers