By Joan Martino
With the increased attention on food safety throughout the supply chain, it’s no wonder that a careful and meaningful risk assessment is part of a food safety management system. Risk may be as simple as the proverbial “if / then” scenario:
If I don’t keep proper temperature control, then the food will spoil. Or, if I by-pass the routine maintenance on the packaging line, then I’ll have more reworked products.
So what if we add a number to that “if /then” scenario? In the first example you might apply a simple cost value to the spoiled food that must get thrown out—and don’t forget the additional production costs for replacing it.If something has a medium or moderate risk level does this mean it is tolerable? In the second scenario, which is more common, the rejected product that the customer has returned is not encountered until sometime down the road and the costs associated must take into account: material waste, labor, lost sales, customer refunds, internal investigations, your performance rating and ultimately a loss of trust in your ability to deliver quality products….what does that cost?
The US Food Safety Modernization Act is mandating that preventive controls (for food safety) must go beyond Good Manufacturing Practices (GMPs) and Hazard Analysis Critical Control Points (HACCP) to include risk-based preventive controls. A research report entitled “Managing Risk In The Global Supply Chain,” (University of Tennessee) notes that 90 percent of the firms studied did not formally quantify risk when sourcing production. The research goes on to point out that the number one risk among those surveyed was quality.
A simple framework can make the task easier and provide valuable information toward strategic business decisions. Here is a simple framework to get you started with the context of a Risk Management Plan:
Determine how risk will be managed and what tools and techniques will be utilized to support the process. This is also the area where you may define your evaluation criteria and acceptance criteria. Since this area may be industry specific it is important to bring the expertise within different departments together to consolidate the options. Identify the team that will be responsible and what their specific roles are in relation to the risk management plan.
This is where your team, experts and advisors come together and brainstorm in an effort to identify all the things that could go wrong. You may wish to set some boundaries with categories and priorities based on your customers. Broad categories may include:
For each risk identified, an assessment should be conducted. You are measuring the likelihood /probability of its occurrence and what impact/severity it may have. There are many ways of setting this up using scales and scores and outcome ranges, or indexes and matrices to plot results. Risk analysis may be qualitative (more subjective or categorized) or quantitative (numerical or statistical).
For example; if something has a medium or moderate risk level does this mean it is tolerable? Additional consideration is necessary when defining what the specific levels of analysis mean when they are applied to the assessment. Remember – a matrix is a tool to help you quantify the results. A risk management team with expertise in the business will need to interpret the results and make decisions for business improvement.
Once you have determined the top risks it is important to have a methodology to mitigate or suppress the risk. There are many ways to mitigate risk and often these solutions come with a cost. It is necessary to assess and plan proactively as the cost of dealing with a risk after it has occurred is usually much greater. How much do you need? This is the million dollar question. An effective strategy to determine this is to incorporate Failure Mode and Effect Analysis (FMEA) utilizing three factors to prioritize risk:
Beyond mitigation it is also necessary to think about contingency planning. When all else fails, what is plan B? This is especially important for disasters or risks that have a devastating effect.
This is a complex topic area, obviously, and the implications for businesses, large and small, can be huge. The important thing to remember is that it is never too late to start implementing a risk assessment and minimization program and there are companies out there that specialize in this. You don’t have to do it alone! But you really do need to do it.
About the Author
Joan Martino is CEO of Quality Supply Chain, a company that provides simplified solutions to address regulatory compliance, supply chain initiatives and audit requirements for multiple industry sectors including food manufacturers, hospitality, retail, warehousing, packaging and equipment suppliers. She has also helped many leading US and Canadian companies integrate their systems with HACCP and GFSI requirements.
To have more articles like this emailed to your inbox, become a GFSR Member today!