Editor's Note: "Rebalancing Quality Priorities" is a three-part series describing a new approach to quality management from a customer and risk management perspective that involves the entire organization. This is part 2. Also see part 1, "Rebalancing Quality Priorities" and part 3, "Transforming Quality Culture."

Today's top companies succeeded at meeting the challenges of the previous decade, such as reaching global customers, building global supply chains, cutting costs, and building buzz. But what will be the challenges of the next decade? Recent events -- from a worldwide economic crisis to a Europe-wide cloud of volcanic ash -- suggests that success will come from effectively responding to uncertain or unpredictable events. Tomorrow's leaders will be distinguished by their risk management-and many will address risk management through the quality function.

Traditionally, quality has been about managing risks in production processes. (What if a raw material contains impurities, a machine breaks down or an operator stops paying attention?) But in today's globally connected world, the risks are bigger, more difficult to predict and potentially more devastating. (What if a new LCC supplier fails to understand product specifications, a media firestorm enrages customers or an unforeseen bizarre event has unforeseeably bizarre consequences?) Such broader questions still boil down to providing customers with quality.

Given the 2008 financial industry crisis was due in large part to ineffective risk management, several industry experts have studied the events leading up to the crisis and have asked the question: what risk management practices should have been in place? We believe the quality function can also benefit from this analysis through application of these best practices in a broader context. Consider the following application of risk management tenets for the banking industry [Seven Tenets of Risk Management in the Banking Industry] to quality:

  1. Capture All Risks Comprehensively: Organizations need to constantly monitor multiple information sources and develop metrics and processes that will provide greater transparency regarding future risks from poor quality. There are essentially two main sources of risk: risks associated with products already in the hands of customers, and potential risks from products under development. Risks from existing products must be detected rapidly by seeking early warning signs from sources such as repair data and blog comments. Ideally, sophisticated analytical tools can apply customized criteria to automatically detect potential problems. Then the company must respond quickly, seeking to understand and eliminate root causes. On the other hand, to prevent risks in development, companies must focus on managing quality risks across all key product development functions before any issues reach the customer. Best-practice tools, methodologies, and processes that make quality risks transparent -such as virtual testing and integration management-should be applied to all internal and external stakeholders (i.e., suppliers). All quality issues unearthed from the detection and prevention processes need to be systemically captured, resolved, and fed into subsequent risk management activities. Such risk prevention is further enhanced by fully integrating the risk management system from product development to total lifecycle management, so that risk for the entire enterprise is governed by one process and one data source.
  2. Quantify and Communicate Risk Exposure: How are you measuring the cost of poor quality? You can't focus solely on tangible costs such increased warranty - you must also include issues such as loss of brand equity from negative media exposure. One lesson of the 2008 financial crisis should be that too many companies fail to properly quantify risks-and that this failure can have potentially severe implications on prioritization and decision-making. The financial industry is responding by looking to new approaches to risk quantification such as Extreme Value Theory and other statistical methods that have been used in the insurance industry to evaluate the costs of severe events. All industries should apply such methods to valuing the potential costs of severe quality events. Once quantified, risk exposure needs to be communicated to the levels of the organization that can take appropriate action. This communication may require built-in processes to prevent stakeholders from hiding certain issues in order to protect individual or departmental reputations. But such prevention is essential, because full transparency to the potential risks of poor quality is the critical factor to enable successful risk management.
  3. Determine Alternative Mitigation Actions and Decision-Making Guidelines: Ultimately, once the organization has gained transparency to potential problems and quantified their costs, it must make decisions on how to manage (or, ideally, prevent) a crisis and determine appropriate mitigation actions. Although lower-risk issues should be resolved as part of standard processes, extreme risks require closer scrutiny and more significant reaction from executive management. Leadership may need to weigh investments in improved prevention capabilities, enhanced processes for detection/elimination of quality issues, or both. Given the recent headlines, more and more proactive businesses are developing detailed guidelines for crisis management -- including crises arising from quality issues that put brand reputation at risk -- further supplementing the guidelines with training for executives on the proper handling of government and media representatives. In fact, this may prove to be the one area of quality excellence that Toyota failed to achieve. Toyota built its deservedly stellar reputation for quality based on its ability to prevent defects. The company's prevention was so good that it seemingly never needed to develop industry-leading processes for responding to a high-risk quality defect. So when an incredibly rare problem of this magnitude occurred, Toyota's processes apparently worked too slowly to adequately respond and prevent damage to its quality image.

Ultimately, the quality function can take action based on these principles to ensure optimal processes for preventing quality defects as well as detecting and responding to problems that do occur. Where does your company stand on quality risk management? The answer to this question may be the most significant contributor to the answer to our previous question: where are you susceptible to quality issues. A crisis is an expensive way to come to such a realization. Based on our experience with a variety of industries from automotive to financial services, the better approach might be a proactive examination of quality processes and procedures to ensure effective risk management.

Joachim Ebert is a partner with A.T. Kearney based in Dallas. He can be reached at joachim.ebert@atkearney.com. Vijay Natarajan is a principal with A.T. Kearney. Andrew Newsom and David Qu are managers.