1) The document proposes a systemic modeling approach for risk assessment and aligning IT resources according to ISO 9001:2015.
2) It involves modeling an organization as a system of processes, context elements, and resources, and identifying risks that can occur in the relationships between these elements.
3) A software prototype is described that can store information about processes, inputs/outputs, and risks, and help manage the complexity of this systemic modeling approach.
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
1. 1
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources AlignmentCSAP
Integrating the context and the processes into a systemic whole
in order to address risk assessment and other issues
in an ISO 9001 Management System
Panagiotis Papaioannou
EYDAP S.A., Department of Informatics University of Piraeus, HSSS
p.papaioannou@gmail.com
13th HSSS National & International Conference
2-3 June 2017, Sparta, Greece
Systemic Organizational Excellence
Systemic Modeling and Relations Thinking
for Risk Assessment and IT Resources Alignment
2. 2
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Process Approach
A Process
Inputs Outputs
Transformation
Inputs Process OutputsSuppliers Customers
The SIPOC model
3. 3
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Process Interdependence
Process Process
Process
Process
Process Process
Process
A process map
4. 4
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
ISO Management Systems - Annex SL
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
5. Leadership
6. Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
7. Support
8. Operation
9. Performance evaluation
10. Improvement
5. 5
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Annex SL ISO 9001:2015
2 key challenges
• Context of the organization
• Risk assessment
Risk identification
• Context
• Resources
• Processes
Process approach Risk-based thinking Plan-Do-Check-Act
Quality Management System
6. 6
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Risk assessment techniques
Brainstorming
Structured or semi-structured interviews
Preliminary hazard analysis (PHA)
Hazard and operability study (HAZOP)
Hazard analysis and critical control points (HACCP)
Structured What If Technique (SWIFT)
Failure mode and effects analysis (FMEA)
Cause and consequence analysis
Cause-and-effect analysis
Layer protection analysis (LOPA)
Human reliability analysis (HRA)
Reliability centered maintenance
Bayesian statistics and Bayes nets
Consequence/probability matrix
Cost/benefit analysis
Multi-criteria decision analysis (MCDA)
Delphi method
Checklist
FN curve
Business impact analysis
Root cause analysis
Risk index
Decision tree
Bow tie analysis
Markov analysis
Fault tree analysis
Event tree analysis
Toxicity assessment
Scenario analysis
Sneak circuit analysis
Monte Carlo simulation
ISO/IEC 31010 - Annex B - 31 risk assessment techniques
7. 7
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
A Systemic Methodology for Risk Assessment
Context
ResourcesProcesses
The organization is a system which combines
• Context
• Processes
• Resources
The approach is based on the relations
between the elements of that system
Relations attributes:
• Availability
• Quality
• Uncertainty
8. 8
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Modeling with DCSYM* – a brief introduction
Relations types
c C communication
g G general interaction or influence
u U purposeful action
p P potential conflict
d D distorted communication
δ Δ distorted purposeful communication
System
Individual
communication
c
CONTROL
C
Relations:
*DCSYM : Design and Control Systemic Methodology Assimakopoulos, N., & Theocharopoulos, I. (2009).
9. 9
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Modeling with DCSYM* – an example
*DCSYM : Design and Control Systemic Methodology Assimakopoulos, N., & Theocharopoulos, I. (2009).
10. 10
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
The systemic point of view :: Organization as a system of processes
a system can be defined as a set of interacting agents (purposeful persons) which
produce a space with a well-defined boundary
11. 11
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Modeling Processes, Environment and Resources with DCSYM
The greater system
12. 12
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Relations and Risk
Relations is where Risk events take place
= Risk event
The greater system
13. 13
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
= Risk event
Relations and Risk - Focus on a process
14. 14
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Focus on a process :: Example on Process 1
= Risk event
Risk events catalog
includes:
• Stakeholders’
expectations
• Legal Req.
• Input from customer
• Resources
— Availability
— Quality
• Organizational values
15. 15
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Focus on the Relations
Relation’s attributes Leads to
Risk identification Risk assessment
Information
transformation
evaluation
IT assessment
Business-IT alignment
16. 16
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
A s/w application prototype to organize all these data
A SW prototype
• Database
• User interface
Processes, context elements, inputs/outputs, connections between them
17. 17
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype :: Database Scheme
18. 18
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype – User Interface :: A Process as a SIPOC model
19. 19
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype – User Interface :: Matching Supplier Output to Process Input
20. 20
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype – User Interface :: Matching Process Output to Supplier Input
21. 21
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype – User Interface :: List of Risks
22. 22
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
S/W prototype – User Interface :: A Risk Record
23. 23
Systemic Modeling and Relations Thinking for Risk Assessment and IT Resources Alignment
Conclusions
Thank you
• Process approach
• ISO Management Systems
• Annex SL ( a common high level structure)
• Application: ISO 9001:2015
• 2 Challenges: Context, Risk assessment
• A systemic representation for context, processes, resources
• Risk as an attribute of the relations between system elements
• Information Transformation as an attribute of the relations between
system elements
• A s/w system to manage the complexity