Risk and Quality Integration



By Steve Ford

Colorado, USA




This paper establishes practical guidelines regarding how and why to integrate risk management and quality management at a program level. Specifically, precise points of integration regarding plans, tools, controls, and various similar facets of both risk and quality management are explored. Furthermore, the necessity of integrating risk and quality management at the program level, to include possible adverse outcomes due to a lack of integration, are addressed. Finally, the specific roles and responsibilities of key stakeholders regarding the successful integration of risk and quality at the program level are denoted.

Specific Points of Integration

The purpose of the risk management process is to ensure that risk management activities are standardized, thorough, and conducted at the appropriate level and time (PMI, 2017b). Risk management planning will provide a framework of potential opportunities and threats, along with strategies to capture opportunities and mitigate threats throughout the life of the program (Kerzner, 2013). The purpose of the quality management plan is to describe how quality objectives will be attained through specific procedures, policies, and activities (PMI, 2017b). Quality management planning also provides a thorough review of resources, processes, and activities required to achieve quality objectives and stimulates program and project personnel to perform an in-depth review of quality, both philosophically and quantitatively (Kerzner, 2013).

Risk and quality management share multiple points of integration (PMI, 2017a). At the strategic level, the project management plan includes both a quality management plan and risk management plan. Neither of these plans is created in a vacuum, and they are therefore considered with respect to the other when created. Specific to the risk management plan, “risk is initially addressed during project planning by shaping the project strategy” (PMI, 2017, p. 398). In other words, initial risk assessment generally consists of large-picture risk identification, with particular attention paid to stakeholder risk tolerances of individual project risks (risks that impact a project objective) and overall project risks (risks that impact the project as a whole) (Pritchard, 2015; PMI, 2017b). These risks include potential challenges in consistently meeting quality standards and objectives. Quality standards are generally contractually stipulated quality acceptance protocols while quality objectives are the organizational adopted quality goals (for example, a manufacturing quality standard for a widget may be 10mm +/- .25mm contractually, while the organization adopts a quality objective of 10mm +/- .1mm). If an initial risk management exercise is intended to drive overall project strategy, and quality management is inherently included in risk identification, the bottom line at the strategic level is that risk management and quality management are irrevocably inseparable.

At the tactical level, risk management is most easily identifiable by its most visible artifact, the risk register (PMI, 2017a). The risk register lists program risks, risk analysis results, and risk responses in a standard format. The register is updated at all periodic risk meetings and is generally linked to the work breakdown structure (WBS) at the work package level (Prichard, 2015). The quality management plan, at the tactical level, is also an iterative process, with updated quality standards, objectives, quality assurance protocols, and quality control procedures linked to the WBS at the work package level. In other words, line managers and employees would most likely encounter both risk analysis and quality information together when examining a specific work package. Typically, work package information will include hyperlinks to the relevant risk register and quality management plan excerpts applicable to the work package in question. Practically speaking, line personnel and line managers can examine a work package and click on the appropriate box to review associated work package risks (threats and mitigation strategies, opportunities and capture strategies) and quality concerns (standards and objectives). An example of a work package is provided in Figure 1. Risk management and quality management are, therefore, intertwined at both the strategic and tactical levels.

Figure 1. An example of a work package (Litten, 2017)

It is also important to stress that PMI (2017) identifies both risk management and quality management as iterative processes that repeatedly occur throughout the program or project in question. In other words, a program or project manager should be conducting both risk and quality management processes and sub-processes regularly to identify emerging risks, ensure the risk management plan is fully applicable and current, confirm risk thresholds remain the same, review quality assurance and quality control documentation, review the appropriateness of quality objectives, and otherwise verify that both the risk and quality processes are working within tolerance (PMI, 2017). Also, administrative tasks such as updating the risk register, risk meetings minutes, quality management plan, or other appropriate documentation must be accomplished either during or immediately after meetings.


To read entire paper, click here



How to cite this paper: Ford, S. (2019). Risk and Quality Integration; PM World Journal, Vol. VIII, Issue IX, October.  Available online at https://pmworldlibrary.net/wp-content/uploads/2019/10/pmwj86-Oct2019-Ford-risk-and-quality-integration.pdf



About the Author

Steve Ford

Colorado, USA




Steve Ford holds a BS from the US Air Force Academy (2004), an MS in Space Studies from the University of North Dakota (2009), and is currently in the Doctorate of Management – Project Management program at Colorado Technical University (2021). Steve is currently the managing member of Advanced Applied Project Management Solutions (LLC), a project management consultant firm. He holds numerous project management-related qualifications, including Project Management Professional (PMP), Lean Six Sigma Black Belt Professional, Project Management- Lean Process Certified, Lean Supply Chain Management Certified, and Lean Culture Certified. He has more than 18 years of aerospace and construction experience in project management.  He can be contacted at steve@aapms.net