12 Strongly Recommended Tasks for Your Risk-Based Thinking / Approach That Will Pass All Audits and Improve Your Business

12 Risked Based Thinking Approach to Pass All Your Audits Concentric ISO ConsultantsHow should manufacturers manage risks on endless challenges to product and process requirements? ISO 9001:2015 is bringing to the overall market; product and service providers, the concept of risk-based thinking / approach with the intention to create the culture of prevention and make it a habit.

Within medical devices, pharmaceutical products, automotive components, and aerospace systems manufacturers there are some product and process requirements which technical acceptance levels are challenging to reach and have been becoming continuously more restrictive for multiple reasons. Some specific examples are the Sterility Assurance Level (SAL) in the medical industries and the Cleanliness Level (CL) in automotive and aerospace. Both requirements are related to contamination.

Different in nature, the medical / pharmaceutical industry deals with biological microorganisms while automotive / aerospace deals with microscopic debris. However, both are very similar from the target standpoint. ZERO is the ideal, unattainable goal; therefore very restrictive acceptance levels are required, standardized, and regulated at the edge of the available knowledge and technology. All around it’s a thousandth fraction of a unit in terms of probability of occurrence or actual mass (ANSI/AAMI ST 67 and ISO/TC 198/WG15 to be released).

Risk management techniques are not new and are standardized by ISO 31000 (General) and ISO 14971 (Application to Medical Devices). So what is the importance of the new concept for risk-based thinking / approach? It is to diligently pursue the more restrictive acceptance levels preparing the way for new products that can make people's life even better. And there is no magic formula other than real, hard work.

The risk-based thinking / approach suggests some "easy to state but difficult to execute" tasks for during a risk assessment:

1. Focus on the intended use of the product.

2. Bring knowledgeable professionals to the assessment (risk assessment itself) and the actual product and actual processes.

3. List of all the known risks to all interested parties: patient, service providers, operators, and estimate the degree of effects.

4. Gather all knowledge about the risks and the likelihood of occurrence.

5. Ensure capable methods of measurement of biological contamination or cleanliness level.

6. Select reliable methods of risk evaluation.

7. Prioritize the risks: rank them according to what is acceptable and what is not.

8. Maximize the availability of suitable manners to eliminate, avoid, reduce or mitigate the risks.

9. Define the validation process for risk mitigation.

10. Ensure comprehensive, detailed, and complete assessments of the designed or implemented manufacturing process. Recognition of the biological and physical limitations for further improvement.

11. Ensure the effectiveness of all actions taken.

12. Ensure there is a robust control plan to sustain the intended process and product performance.

The risk-based thinking / approach is not new to the standards, but in the new ISO Standards revision, it is structured so that it is better incorporated. How is your organization approaching risk assessments? Leave a comment and let us know what best practices you are looking to implement.

If you have any questions or need help in implementing a risk-based approach, Concentric has a solution that will get your organization on the right track to passing your next audit with flying colors.

Lean Healthcare: Standard Work is Not So Standard

Lean Healthcare Standard Work is Not So StandardIn lean healthcare, it’s amazing how often standard work is missing. Observe the workers and note the variability of the processes. One shift does a task a certain way or an individual has developed their own technique; this variability in healthcare at times is seen as a badge of pride and honor. There are areas in healthcare where individuality can shine but in many areas, standard work should be imperative. One example of process variability that should have a healthcare facility concerned would be the sterilization/instrument decontamination area. If this area cannot produce a written standard work, then the instrument cleaning process more than likely is only as good as the last trainer. That should concern the surgeon as well as the whole operating room staff. Things as easy as labeling blood vials could use a standard work. Do you circle the date or write the date? Does the collector put three initials or just two? I bet most would say that’s all common sense, but do a Gemba and observe the variation. If there is a lot of variation in the simple but important tasks of labeling vials, then it can be assumed variation exists at some magnitude for the more difficult tasks of the decontamination process. Maybe its time to evaluate or start creating standard work. So how does the standard work get developed? One way is to research best practices.

  1. Write the standard work: By putting it in writing, it is more likely to become the standard and remain the standard.
  2. Train to standard work: No more as good as the last trainer. It’s the standard!
  3. Post it: You do not want, “out of sight, out of mind.”
  4. Audit: It enforces, “It’s the standard.”

Have the staff and subject matter experts involved from the start, writing the standard work. Communicating the “why” is paramount when developing and sustaining the standard work. Minimizing process variability which leads to process predictability is great for the patient, the provider and the payer.

Once the variability is gone, then true continuous process improvement can start.

Concentric has SMEs in Quality Healthcare so if you are looking for a healthcare quality assessment or training in lean in healthcare please feel free to reach out and see how we can help.

Risk-Based Thinking with ISO 9001:2015

Risk Based Thinking with ISO 9001 2015, AS9100, riskIts projected that starting late 2015 many organizations (thru the quality professional) face the prospect of installing a risk management process into their ISO 9001:2015 quality management system. There are several questions to be answered: [bulletlist]

  • What is risk-based thinking?
  • How extensive does it have to be?
  • How much more work will this be?
  • Could I do this quick enough?
  • How do I get started?


How extensive does it have to be?

Risk-based thinking will be new for ISO 9001:2015. In the aerospace industry, risk-based thinking has been required as a part of the AS-series of standards for years. The federal government and NASA also have standards addressing risk management. The AS9100 standard does not specify how to implement a risk management process.

How much more work will this be?

Actually, risk-based thinking could prove to be a very valuable process for your company. Risk entails a probability and impact of a loss or gain. Some useful risk publications include:


  • ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk.
  • (Sept, 2012). NIST Special Publication 800-30 revision 1: Guide for conducting risk assessments.
  • Project Management Institute. (2013). A guide to the project management body of knowledge (PMBOK Guide
  • Prichard, C., & Tate, K. (2013). The risk management memory jogger.
  • ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.
  • ISO/IEC 31010:2009, Risk management – Risk assessment techniques focuses on risk assessment.


Can I do this quick enough?

Get started now! There have been some articles on risk-based thinking in Quality Progress (ASQ magazine). See Palmes, P. (Sept 2014). “A new look: 15 things you must know about the upcoming ISO 9001 revision”. Also, there are opportunities to network with experts through ASQ section meetings and through webinars.

How do I get started?

Seek advice from your Registrar about how they are directing their auditors to assess risk. You may want to write a new risk management procedure containing the concepts and body for a risk-based thinking process. It should follow the steps of the standard you want to use, such as NIST SP80-31. (The NIST standard and NASA procedures/ standards are free to the public.)

There will be more blogs on details of risk-based thinking to follow. Of course, Concentric is in place to be the external resource for you to succeed in implementing a good risk-based thinking process. For Glenn's full article register for our upcoming ISO 9001:2015 Forum - January Webinar. You can get update on all the changes including risk-based thinking. Register online here.

7-Day Quality Challenge: Win a Ticket to ASQ Charleston's Lowcountry Quality Conference

ASQ Charleston is hosting the Lowcountry Quality Conference on April 24th & 25th and we are proud to be participating this year (You can get more information on the conference here). With all the excitement around the conference for all the great speakers and fun tours, we want to give away a FREE ticket to the conference to one lucky person. Lowcountry Quality Conference

So, here's what we're doing. It's a 7-Day Quality Challenge! And the details are:

Prize One Ticket the Lowcountry Quality Conference April 24-25, 2014 (A $179 Value)

Logistics One question a day. One entry per correct answer. You can answer over any platform – Blog Comment, Email reply, Twitter with #LCQ2014, Facebook Comment or LinkedIn Comment. Play along from Friday, April 4th to Thursday, April 10th. We'll announce the winner on Friday, April 11th. Happy Weekend!

Timeline Now: Get Excited! Friday, April 4th: We will announce, email, post, give you the first Quality trivia question. Then a new question each day after that until Thursday, April 10th. Friday, April 11th: We will announce the winner April 24th-25th: Enjoy the Lowcountry Quality Conference

The theme this year for ASQ Charleston's Lowcountry Quality Conference is Quality in Practice. This year the conference will include great speakers, workshops, exhibitors and 3 VIP Tours. The tours will be of the Clemson Wind Power Turbine Testing Cell, Charleston Water Systems Treatment Facility and Carnival Fantasy Cruise Ship.

You can check out all the details at the conference website.

Writing a Nonconformance (NCR)

NCR can find broken processes and really help with profit improvement "A problem well stated is a problem half solved." - Charles F. Kettering, American Inventor & Social Philosopher

The first step in solving a problem is to ensure you fully understand what the problem actually is. I regularly see horrible examples of this in practice inside some of the companies I work with. One classic example was in Atlanta, GA a few years ago. Here is the scenario...

Operations Manager: "What the h@!! is going on? Logistics has dropped the ball again! Our #1 line is down because they can't get their heads out of their a$$e$ and keep up with ordering the resin we need. This is our biggest customer!"

The scenario, at least in the mind of the Operations Manager, was that the Jack-Wagons working over in the Logistics Department simply couldn't count. I didn't buy it. In this case, as in most cases where suppositions seem a bit unlikely, I decided to do something I typically do during an audit - walk the audit trail by following the process upstream. This seems like such an obvious move... 1. There's a problem. 2. Walk the trail to find out the source. 3. Ask questions and "show me, show me, show me". HOWEVER, in many organizations, the minute an employee crosses the line into another department he/she is outside of their home turf. A defensive culture will likely breed a departmental approach (staying in your own neighborhood) versus a process approach. If you are not familiar with the process approach, you can learn more about this methodology here from a March 2011 post.

After walking the trail and crossing the territorial boundaries of Production into Scheduling and on to Logistics, I was able to trace back the material in the ERP system with the status "On Hand" and location "Op 120" -  which was the Molding Operations where I had started my hunt. After circling back around to the Operations Manager and hearing another string of Logistics bashing, I started to do some real snooping in the surrounding areas.

Standing at what I'd like to call the base camp of "Mount Unknown Product", I rolled up my sleeves like a eager bidder on Storage Wars and sifted through stacks of components, raw materials and residual miscellaneous. No luck there, although I noted the lack of control and visited that area later in the audit. After asking several questions of several Molding Operators, one of the ladies jumped in with "Oh yeah, that's probably that skid over there in the corner." Sure enough, the skid we were looking for was off in the corner with a simple 2"x2" yellow sticky label on it marked "BAD PRODUCT".

After pointing out to the Operations Manager that the source of the problem was likely one of his team members as opposed to those fools in Logistics, I asked him to consider a better solution. I then pointed out how I would be writing a Nonconformance Report for this finding, and how my nonconformance statement would clearly define the problem at hand. I jokingly stated, "If you want, I can write this NCR in a similar way as that sticky note? I can simply write 'Bad Process' and let you try to remember what I actually meant." He didn't think it was funny.

There were several missing links to the materials and inventory control process I observed during this audit; none that included someone coming to work deliberately trying to screw things up. Links that were obviously broken were the identification of product, controlling suspect or known nonconforming product, use of approved documentation and recording the instance of a nonconformity. An important transactional control was also missing, which was the signal used to notify Logistics that the parts were now unavailable. That signal should have been an ERP move from "Op 120" to "Op 120 Hold". That move to Op 120 Hold would have signaled the Logistics group to order another batch of components in order to keep the customer's order moving forward.

At the end of the day, the use of a simple 1-page Nonconformance Report (NCR) that forces the Originator to follow a simple process checklist (i.e. Yes/No - Did you move product out of IN PROCESS into a PRODUCT HOLD Operations?) may have prevented a late shipment. By the way, the company's poorest performing KPI (key process indicator) was "% On Time Delivery". This KPI was also tied to their variable compensation profit sharing process.

Nonconformance Report (NCR)

Here is an example of a simple NCR Form that may be useful in improving YOUR bonus payout. Click on the image to launch the product and view the PDF or download the native version. Who would have thought a simple form could make your customer and your wallet happier?


Jim Blog Signature

To Grow, You Must Get Out Of The Way

About this time each year, I do a lot of reflecting on things gone right and things gone wrong over the past 365.25 days… or so. Today was no different. Actually, it was much more intense than years past. The reason, I suspect, is due to the amount of downtime I had during this holiday break or the burning desire to… get back to work. Huh? While at my office on my first day back, I kicked off the new year by giving last year’s resolution one more pull of the trigger - which was to “take time to celebrate the positive moments, the small accomplishments and just let BE”. (I completely stink at doing this. My approach is more along the lines of “Ok… you did it, but you’re miles behind where you should be on the next goal.” All the while, I realize how stupid it is to stay motivated going into the next project when you already feel like you’re way behind where you should be. Truth is I could easily list off WAY more failures in the past year than I could accomplishments. Don’t judge... I’m working on it.)

Reflecting on 2013

Anyway... as a means of narrowing down the self-fulfilling “Atah Boys” I intended on giving myself for the sake of making the year 2013 happy, I actually challenged myself to look back at the last 10 years and recall an accomplishment that is still alive and kicking today. The most obvious subjects were my two beautiful daughters, Mady & Katelyn. In an attempt to challenge myself a bit more, I spent some time brainstorming ideas using the parameters of “fun” and “sustainable”. Besides, those who know me know that I frequently use the phrase “It’s hard to kill a kid”. Let’s just say that choosing my kids as my reflective kudos would have been the easy way out, hence the mental move onward.

Using the parameters “fun” and “sustainable”, the first accomplishment to come to mind was an outdoor music festival that I founded nearly 10 years ago called the “Greenstock Music Festival”. Although the original name and concept was a little different than what it has become today, Greenstock still continues to bring quality entertainment, camping, music, outdoor sports and innovation to hundreds of event-goers each year; with an eco-friendly and environmentally “off the grid” twist. (Note: that the first adjective used here was “quality”.) This high-quality annual event still thrives today in the backwoods of Brown Country, Indiana - bigger and better than it ever could if I were still at the helm. 2014 marks it’s 10th anniversary.

The smartest thing I did for Greenstock, the most important step in this accomplishment, was to get out of the way.

To grow, personally or professionally, you need to have an exit plan.

I will never forget the bittersweet moment on my last Saturday evening of the festival in mid-August 2009. I love this little festival. My baby. However, trying to run a music festival that you live 700 miles from is something I wouldn’t recommend to anyone. In now my second year visiting the festival, traveling all the way from Charleston, I knew this was either the last night of a 5-year festival or the moment I needed to trust my baby in the hands of others. I hated to see the festival, and all of that work that dozens of us had put into it each year, come to an end simply because I had moved. On the other hand, my ego had trouble processing the thought of someone else raising my baby. What if they fail and blame it on me? What if the new parents are better at raising my baby than I am? What if I’m not even missed? What if they succeed and forget about all of the blisters, backaches and late-nights that have paved the way?

After much thought, and a greater interest in the festival living on rather than dying at the hands of my own ego, I introduced my partner, the Proprietor of the festival grounds, to the next family. The next family was a team of band members and management that I knew, without a doubt, would take my baby to the next level. At the moment of making the introduction from one party to the next, I realized two things. First, my real passion in life is not only putting things together that make people’s lives better, but putting people together in an organic and completely unselfish way. I absolutely love making connections. I’m a matchmaker, no doubt about it. The second realization was the feeling I had after making the connection. It was much more like breaking up with a girlfriend, introducing her to the new kid in town, and then sitting back while they make out for the first time. Damn that was hard!

Greenstock ImageToday, I not only remembered that moment 1237 days ago as if it was yesterday, but I also recalled that I had taken a picture of the very moment. I may have seen that photo one other time, but it was sitting there waiting for me today. Until today, I haven’t shared this very emotional moment with anyone. Looking at that picture, remembering that very moment, once again brought intense feelings that can only be described as bittersweet.

So what did all of this teach me today? And how is this story relevant to the New Year, or my profession as a quality expert? To me, this moment is a reminder that to grow - either personally or as an organization - you need to have an exit plan. You need to continue to work yourself out of a job. You need to understand when to get the hell out of the way. Regardless of how important you think your skills or knowledge might be if you’re not moving forward then you’re likely moving backwards. Whether your responsibilities are a festival, climbing the corporate ladder or working your way through academia, you need to ask yourself… how long do you really want to repeat the same day over and over again? Groundhog Day anyone?

In this New Year, and in the words of the great Kenny Rogers, I pledge to improve myself, my company and others around me by knowing when to hold ‘em and knowing when to fold ‘em. Although Kenny was here first… as a Quality professional, I feel compelled to lend more credence to lessons that are accompanied by acronyms (that’s a whole other blog). One of the simplest principles I’ve learned in my professional career is known as “The A.C.E. Principle". In order to improve effectively, you must remember A, C and E or "ADD, CHANGE and ELIMINATE”. In 2014, I challenge you to focus on the “E”. In order to realize the true value of your contributions, you must ask yourself to step aside in order to evaluate the true quality of your work. Leave a comment and let us know what are you going to eliminate in 2014?

All the best in 2014!


Jim Blog Signature

p.s. Interested in more advice on having the best year ever? Check out a previous blog for more tips in making 2014 awesome.

And the Winner is...

Congratulations Glenda Montgomery of Charleston, SC!

Glenda Montgomery


Glenda Montgomery Quality Assurance/Continuous Improvement/Certified Six Sigma Master Black Belt/Project Management Professional Charleston, SC




Thank you everyone for following and submitting answers! We had a great time getting all the answers and hearing from everyone. Here are all the questions and answers:

1. Why can’t investigators start root cause analysis steps for the missing Malaysian Flight 370? The problem has not yet be defined... or identified. You have to know what the problem is before finding a root cause(s).

2. What does PDSA mean? Plan, Do, Study, Act

3. Which two international standards does ISO 19011 support? ISO 9000 Quality Management and ISO 14000 Environmental Management

4. ISO/TS 16949 is frequently referred to as “TS”. What does TS mean in TS 16949? Technical Standard

5. What does FMEA mean? Failure Mode and Effects Analysis

6. Complete this sentence. “A problem well stated is a problem half _____ .” - Charles F. Kettering Solved

7. Which SC-based automotive OEM just announced a $1 billion investment in expanding? BMW. You can read about here.

The Charleston Section of ASQ (American Society for Quality) will hold its annual quality conference on April 24th & 25th. The Lowcountry Quality Conference is a fun, local, 3-day event aimed at improving the quality of your products and/or services. The conference consists of a blend of technical workshops, 3 options for an in-depth tour of some of the best of Charleston, social networking events, and talks from some of the most profound quality practitioners in the world. This year features a dozen talks and/or workshops, 3 VIP Tours at the new Clemson SCE&G Wind Power Turbine Testing facility, Charleston Water Systems Treatment facility and Carnival Fantasy tour & luncheon. The Keynote will be given by Dr. George Benson, President of the College of Charleston and long-time quality supporter through his membership on the board of directors of The Foundation for the Malcolm Baldrige National Quality Award. This year's theme is Quality in Practice and will give attendees an opportunity to learn how quality practices can improve their organizations bottom line.

For more information about attending any portion of this years Lowcountry Quality Conference, visit or call 843.469.8279.