How to design and implement a risk management framework for Industry 4.0

This article was originally published 29 October 2019.

Industry 4.0, the fourth industrial revolution, is envisioned to be a utopia for business, where the Internet of Things (IoT) brings interconnectivity of the manufacturing industry through digitisation.

However, with disruption, comes uncertainty.

While the convergence and automation of an industry will create unparalleled efficiencies and knowledge, it also opens up a Pandora’s Box of risk across the whole value chain - requiring entire organisational cultures, systems and processes to consistently incorporate risk management frameworks to the ever-changing landscape, brought on by these new technologies.

From a commercial standpoint, risk mitigation will play a fundamental part in Industry 4.0’s value creation - the integrated value chain will impact Return on Investment (ROI) just as equally as bottom-line impact and top-line growth - due to increased durability of critical assets, rigorous compliance and quality. This will be driven by remote monitoring, predictive maintenance, transparency and automation. However, on the other side, emerging risks associated with technology, such as data integrity and protection, also need to be navigated.

Therefore, for manufacturers, it’s both the journey to this ‘utopia’ of value creation that needs to be carefully managed, as well continual management of emerging risks – all requiring dynamic and robust controls, and a culture that supports it.

While Australian small-to-medium manufacturers will be the key drivers of growth within the sector, their ability to identify and manage risks is less mature and this has potential to impact the industry’s viability. It is critical that middle market manufacturers employ an enterprise-wide risk management approach that aligns strategy, processes, technology, knowledge and people as part of the overall project management toward Industry 4.0, to remain competitive.

So how do middle market manufacturers design a framework that meets the requirements of Industry 4.0? In this article we highlight the top three things manufacturers need to know to design and implement an Industry 4.0-ready framework.

Top three things manufacturers need to know to design and implement an Industry 4.0-ready framework

1. Know your 4.0 risks and assess your appetite

Traditionally, manufacturers have a heightened number of risks due to the inherent operational factors that are the cogs of their business. These may be in the areas of process management, maintenance of their critical assets, operation methods and tools, technological factors, human factors and machine environments.

Risk is unavoidable, particularly when it comes to innovation and experimenting with new ideas. To implement Industry 4.0, manufacturers must accept a new level of risk. This shouldn’t be viewed in a negative light - the reality is, not accepting risk could hinder future prospects due to lagging behind – and carefully managing risk will ensure you meet your organisational objectives.

To ensure everyone is on the same page when it comes to risk, undertaking a risk appetite assessment and formalising it with a statement that everyone agrees on is critical. As it sounds, risk appetite assesses the level of risk you are prepared to accept for your business.

What main risks are involved with implementing Industry 4.0?

While some of these challenges intersect, when it comes to Industry 4.0, the top risks facing manufacturers are:

Cyber security

The integration of IT brings with it cyber risks due to both the infrastructure it’s associated with, as well as its by-products such as malware, spyware, data integrity and protection.

Data integrity includes loss of data integrity, and problems with available information - namely reliability. For example, to implement Artificial Intelligence (AI) there needs to be enough data for relevant ‘learning’ to occur throughout systems. Not having the right data could impede business decisions.

Data protection is probably one of the other biggest issues facing not only manufacturers, but all industries. Protecting data is critical. There are a number of regulatory risks that tie into data protection such as the Mandatory Data Breach in Australia, and GDPR in the European Union.

For manufacturers, securing networks is important. Assessment should look at your third parties to ensure their data is safe and their Internet of Things (IoT) assets are safe – particularly where they may be using old systems. The risks of opening up information flows and co-creation of value typified by Industry 4.0 opens up risks that need to be accommodated for, for example, data sharing.

You can assess your cyber readiness with our cyber insurance risk assessment where you will receive a free readiness report.

Economic, environmental and social risk

Social, economic and environmental impacts must also be accounted for in a risk framework. This ‘triple-bottom line’ needs to be looked at holistically. What affects one, has the opportunity to impact the other.

Manufacturers are clearly lagging behind other industries in their uptake of 4.0, because economically, the sheer cost of manufacturing machinery is high. This means they are using old and outdated operating systems. This brings up issues not only with the aforementioned cybersecurity, it also highlights the economic risks to undertake the transformation. Other economic risks include skills gaps and loss of workers with Industry 4.0 implementation. Furthermore, given the production processes attached to manufacturing, sustainability is a key risk. In theory, efficiency of resources linked to Industry 4.0 should increase sustainable practices and the triple-bottom line. However, many larger companies must now diarise how they are working towards key areas such as climate change.

The human factor

Although Industry 4.0 is driven by technology, there are key risks surrounding the connections between human and machine. Managing the risks associated with transformative technologies and the physical, such as data input error and skills gap to use machinery, is critical.

Furthermore, with any transformation, it’s common to see large change disrupting the culture of the firm. The risk associated with staff morale and outcomes of change need to be assessed. This risk should map the organisational structure, internal cultures, reporting lines, formal and informal communication and leadership. This will enable you to identify where internal resistance could occur and where corporate culture could be strengthened.

Business model disruption

Industry 4.0 brings with it disruption to business models. This includes changing relationship dynamics, due to emphasis on customer centricity. It also brings increased competition, due to new market entrants. New entrants may not even be manufacturing-oriented, but offer new ideas to solve manufacturing problems. Transformation may also give rise to a loss of core competencies, particularly in legacy businesses.

Not sure where to start with assessing your risks? Our new Manufacturing Resilience Review is designed to help manufacturing businesses assess key risks and their potential impact on the business. You can also invite colleagues to contribute to the review for richer results, and even benchmark your organisation’s results against other manufacturers, to drive actionable results.

2. Map your risks and build your framework

Now you know what you’re in for – how do you approach it?

Once you have considered your level of risk appetite, you must now map the risk across your business. This mapping will identify who or what the risks are, as well as the current controls in place and if they are effective. The idea is that you will identify gaps across your business and this will allow you to put new systems and processes in place to adapt and respond to risk. With any transformation, risk mapping should be iterative for greater coordination.

Convergence of technologies also operate within a complex system, therefore, it’s best to take a dynamic risk assessment which allows organisations to estimate the likelihood of risk overtime. It must take a strategic approach, in incremental stages, linked to organisational strategy and work on improving system performance.

Given the aforementioned Industry 4.0 risks, it is recommended manufacturers implement both an effective cyber risk management program to identify their unique risk profiles, and an overall risk framework and action plan. These should be formalised with policies and procedures that are lived and breathed within the organisation.

The core components of a good framework will:

  • Identify the most critical information, systems and processes to the business
  • Implement procedures to protect them
  • Pre-empt and identify risks by implementing a monitoring system to detect and alert to risks
  • Implement procedures to respond to risks as they happen
  • Check-points to monitor the effectiveness of the program.

3. Get your organisation on board

Lastly, once you formalise your risk strategies, your people – and your overarching culture - are critical to success. Effective governance across the whole organisation is required. Part of managing risk in your organisation is that it must be coordinated through strong leadership – which requires a top down approach, especially from the C-suite.

A major factor driving an industry 4.0 culture, is focusing on building a ‘security culture.’ It is imperative that socialisation of policies as well as creating awareness through regular communication and training is part of your transformation.

Overall, Industry 4.0 brings new risks that requires an enterprise-wide approach that includes an assessment of risk, formalised strategies, frameworks, policies and procedures and a socialisation process. At BDO, we can help you address all areas of risk, particularly when you are implementing Industry 4.0. If you require more assistance, contact a local BDO adviser today.