Steinbeis experts provide support with ISOcompatible risk and opportunity management
ProTec, based in Würselen west of Cologne, is not just one of those standard, medium-sized B2B traders of industrial supplies – it’s an innovative developer and producer of customized, one-off solutions. The firm supplies markets such as machinery, plant, and vehicle construction and its long-term plan is to enter processing and business systems based on the concept of Industry 4.0 value creation, across a variety of sectors of industry. ProTec has had a certified, integrated quality and environmental management system in place for years, based on the requirements of both ISO standard 9001 and standard 14001. These standards were overhauled in 2015, so now they also have to cover risks and opportunities. To help with this challenging requirement, the firm turned to the support of the Steinbeis Transfer Center for Risk Management.
To make ISO-compatible risk and opportunity management more transparent for ProTec’s big clients, the Steinbeis experts worked with the company to categorize risks and opportunities relating to two ISO topics: quality and the environment. To do this, they focused on a categorization method used by the Institute of Public Auditors in Germany (the IDW), based on its auditing standard PS 981. This IDW standard is well established in stock-holding companies for managing risk across entire corporations. Because of ProTec’s legal form, it is not required to test its risk and opportunity management according to IDW standards and certification is only carried out according to ISO standards in any areas affected by standards. Apart from looking at the classic areas of quality and environmental factors, integrated management also involves addressing the big topic of safety, covering aspects such as health and safety at work, product safety, information and data security, and data protection. This does not necessarily have to be carried out according to ISO standards. Instead, a firm can introduce binding national and international statutory systems and rulebooks, which also include the European CE label.
The Steinbeis experts introduced a system to classify the values adhered to at ProTec, based on the categories used for the IDW auditing standard for risk management. These categories apply to any topics or fields that are managed systematically and they make many of the topics much easier to manage.
- The “cultural” category details risks stemming from any rules used to assign responsibility for company values, delegation, and how responsibilities are monitored. Risks are managed by systematically implementing a code of conduct, which reflects the simplified management of governance.
- In the “regulatory” category, any risks are captured that could result from insufficient compliance to external legal systems or in-house rulebooks. These risks are managed by systematically managing compliance. The main focus here lies in unconditionally adhering to contracts with clients and thus quality and legal stipulations relating to environmental protection, data protection, and workforce protection.
- The “strategic” category covers risks stemming from defects and breakdowns in the processes used to manage all kinds of values.
- In the “operative” category, risks are captured such as classic mistakes in quality management, typically reflected in products failing to conform to customer requirements, but also circumstances that may have a negative impact on the company’s environmental performance.
- The “financial” category covers all risks that could have a negative financial impact on budgets and the cost of quality, environmental, and safety management. These are thus part of company-wide financial risks.
These five categories address factors that are already implicitly covered by most ISO standards when it comes to the requirements of management systems. ProTec uses innovation management for both its products and its processes, as well as the systems it uses in management, with a particular focus on the quality of systems. The transparency that ProTec has now achieved in terms of integrated management means that it now adheres to current and future requirements regarding its management of governance and compliance. Furthermore, the firm is making good progress toward managing 4.0 solutions, with the aim of adding new value. And last but not least, the classic product- and process-related disciplines pertinent to quality, the environment, and safety remain a central feature of the firm’s management system and the five new categories have made them more innovative and entrepreneurial.