If you'll indulge me, here's one more post based on Greenlight Guru's "Risk Management True Quality Summit Series." Don't worry, I'm not going to summarize all the talks! But this one neatly pulled together two topics that we have discussed here at some length: risk and problem-solving. So I thought it deserved a mention.
Besides, the presenter—Peter Sebelius, of Medical Device HQ—was a lot of fun. He was voluble, energetic, enthusiastic ... and full of closely-reasoned arguments why some of the big authorities in his field are doing it all wrong. Delightful to listen to.*
We all know that the reason to identify risks is so that we can control and manage them: eliminate them if possible, or at least mitigate them if not. Sebelius's point is that you can't control a risk effectively until you understand it, and that means among other things understanding where it comes from.
What's unusual is the idea of doing a root-cause analysis on something that hasn't happened yet. We've talked fairly extensively about root causes before now (see the thread that started here and continued for a month or more) but always as a way to determine what caused a particular failure. In the case of an identified risk, the failure hasn't happened yet.
But you can still ask, "How does it happen that we are facing this risk in the first place?" If you can find a cause and correct it, there's a chance the risk will disappear. And that means we have eliminated it, which is what we want.
Sebelius gave a concrete example, which makes all this theory a lot clearer.
Suppose we are setting up the manufacturing line for a new product, and we find that part of the assembly involves two screws. These screws are different lengths, and if you mix them up you create a situation that could cause customer harm. So we need to eliminate (or at least reduce) the risk of getting them mixed up. Common approaches in manufacturing would include asking the operators to double-check the screws before inserting them (even though we know that "double-check your work" is one of the least effective ways to improve quality).
But Sebelius asks, "Why are we trying to solve this problem in the first place?" He argues that the root cause of the risk is that the product design was stupid to begin with. If the risk of harm from mixing up the screws really was that serious, any competent designer would make it impossible to mix them up. This might mean, for example:
- Redesign the product so the screws can be the same length, and there is nothing to mix up.
- Give the screws different diameters as well as different lengths, so it is physically impossible to put either one in the wrong hole.
- Eliminate one screw, and hold the parts together in another way.
- Eliminate both screws.
This is what he means by introducing root-cause analysis into risk management: figure out how it comes to be that you have to address this risk in the first place.
Does this mean that all risks should be addressed in design? Sebelius argues that a lot of them can be addressed there, and if you can address a risk in design that's the best place. But he also points out that the real world generally doesn't fall into the same neat categories we use in our documentation; so in practice the same risk might have to be listed (and addressed) in several phases during the product lifecycle.
There were a lot of other valuable points in the talk as well—including an explanation why chairs have four legs and not three**—but the concept of applying root cause analysis to risk management was absolutely worth getting up early for.***
__________
* He reminded me of someone I know, but never mind that. 😀
** Mathematically speaking, it is enough to anchor three points to fix a structure's position in space. So why don't chairs have three legs? The answer is that some do, but most have four. The fourth leg is a risk-control measure, to protect you in case one of the other legs breaks unexpectedly, or you set down the chair on an uneven surface.
*** Each morning the sessions started at 9:00am Eastern Time, and this talk was the first one of the day. But I'm on the West Coast, so for me it started at 6:00am. It was still 100% worth it!