Skip to content

Successful quality management requires expert risk management

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD
Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Added to your Saved Content Go to my Saved Content
Colleagues Looking At Screen

My career path had a focus on risk and quality management, two subjects I am very fond of; they are an integral part of projects, small or large, throughout the life cycle. While risk management revolves around project objectives and focuses on the probability of achieving success criteria defined at the beginning of the project; quality management goals focus on improving, developing and testing processes with the aim of preventing defects.

Projects often report that senior managers fail to set project budgets at a level consistent with the necessary standards of quality, cost and delivery, with the inevitable result that too many projects are at risk and fail on at least one of these requirements. This is when risk management and quality management appear on the scene and challenge the principles and all actors in the process.

How would quality merge with risk management principles?

Purely by combining processes, policy and all supportive document. But the level of effort to integrate those two functions may be a huge task depending on the maturity and culture of the organisation. 

Managing risks, beyond the expected, creates an environment that encourages innovation which generates the excellence and performance of the projects. The quality risk management process will follow the cycle of assessing, controlling, communicating and reviewing risks to the quality throughout the project lifecycle. This robust process incorporates consideration of all the elements of risks and quality at a level of detail as per the client and regulators requirements.

So how should the quality and risk management process be implemented?

Revealing assumptions and reasonable sources of uncertainty enhances confidence in this output and/or helps identify its limitations. These could be included in the early process by responding to a series of criteria. The next step is to collect background information, documentation and/or dataset on the risk or opportunity identified. Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders. Ensure that these highlight potential consequences or causes for failure as well as the golden opportunities which will move the project forward. During the risk assessment three essential questions need to be raised:

  • What might go wrong?
  • What is the likelihood (probability) it will go wrong? (uncertainty)
  • What are the consequences (severity)?

In doing an effective risk assessment, the robustness of the data set become important because it determines the baseline and the quality of the output will assist in predicting the completion date and success of achieving the project. Data will therefore support the outcome and will be associated to the success criteria and quality control assessments.

Quality risk management could be undertaken by function teams formed by expert panels from quality, business development, engineering, regulators, supply chain, communication and marketing, and legal, in addition to individuals who are knowledgeable about the quality risk management process.

When it comes to decisions, responsibilities and accountability should be spread across the various functions on the project. This will ensure that the risk and quality management processes are defined, implemented and involve the adequate resources during the various phases.

The results of the quality risk management process should be appropriately communicated and documented. Risks can be communicated at any stage during the quality-risk management process. The report may include information in relation to the existing risks/opportunities, nature, form, probability, severity, acceptability, control, mitigation and other aspects of risks. The format may vary depending on the audience and its purpose.

Audit is an important point of connection between risk management and quality management. Any quality management regime will involve an audit programme. Drawing up the audit programme should reflect an assessment of risk, and the programme should be formally approved at board level in case the board are aware of extra risks that need to be covered. For all types of projects, there is a need to understand the risks appetite when in quest of achieving objectives and reaching the desired level of reward.

Experience teaches that the more successful portfolio, programme and project embed best practice holistically, not just in one specific area. Instituting an enterprise-wide strategy breaks down long established silos separating functions or area of the organisation and currently this can be a significant change in corporate culture.


Risk management should be an ongoing part of the quality management process; a mechanism to review or monitor events should be implemented. The results of the risk management process should be reviewed on a regular basis during the project life cycle and once a risk-quality management process has been initiated, the process should be rolled out to the various projects to reduce the impact of these risks. Whether these risk or opportunities events are planned (e.g. results of delay in programme, supply chain and materials management, inspections on site, audits, change control) or unplanned (e.g, root cause from failure investigations, poor quality control).

Risk-based thinking ensures risk is considered from the beginning and throughout the process approach, and makes proactive action part of strategic planning. Remember that risk is often thought of only in the negative sense but can also identify opportunities. By taking a risk-based approach to quality management projects are: more proactive than purely reactive, prevent or reduce undesired effects, and therefore promote continuous improvement.

You may also be interested in:

Image: sfio cracho/


Join the conversation!

Log in to post a comment, or create an account if you don't have one already.