Navigating VUCA and BANI: Building Quality Systems for a Chaotic World

The quality management landscape has always been a battlefield of competing priorities, but today’s environment demands more than just compliance-it requires systems that thrive in chaos. For years, frameworks like VUCA (Volatility, Uncertainty, Complexity, Ambiguity) have dominated discussions about organizational resilience. But as the world fractures into what Jamais Cascio terms a BANI reality (Brittle, Anxious, Non-linear, Incomprehensible), our quality systems must evolve beyond 20th-century industrial thinking. Drawing from my decade of dissecting quality systems on Investigations of a Dog, let’s explore how these frameworks can inform modern quality management systems (QMS) and drive maturity.

VUCA: A Checklist, Not a Crutch

VUCA entered the lexicon as a military term, but its adoption by businesses has been fraught with misuse. As I’ve argued before, treating VUCA as a single concept is a recipe for poor decisions. Each component demands distinct strategies:

Volatility ≠ Complexity

Volatility-rapid, unpredictable shifts-calls for adaptive processes. Think of commodity markets where prices swing wildly. In pharma, this mirrors supply chain disruptions. The solution isn’t tighter controls but modular systems that allow quick pivots without compromising quality. My post on operational stability highlights how mature systems balance flexibility with consistency.

Ambiguity ≠ Uncertainty

Ambiguity-the “gray zones” where cause-effect relationships blur-is where traditional QMS often stumble. As I noted in Dealing with Emotional Ambivalence, ambiguity aversion leads to over-standardization. Instead, build experimentation loops into your QMS. For example, use small-scale trials to test contamination controls before full implementation.

BANI: The New Reality Check

Cascio’s BANI framework isn’t just an update to VUCA-it’s a wake-up call. Let’s break it down through a QMS lens:

Brittle Systems Break Without Warning

The FDA’s Quality Management Maturity (QMM) program emphasizes that mature systems withstand shocks. But brittleness lurks in overly optimized processes. Consider a validation program that relies on a single supplier: efficient, yes, but one disruption collapses the entire workflow. My maturity model analysis shows that redundancy and diversification are non-negotiable in brittle environments.

Anxiety Demands Psychological Safety

Anxiety isn’t just an individual burden, it’s systemic. In regulated industries, fear of audits often drives document hoarding rather than genuine improvement. The key lies in cultural excellence, where psychological safety allows teams to report near-misses without blame.

Non-Linear Cause-Effect Upends Root Cause Analysis

Traditional CAPA assumes linearity: find the root cause, apply a fix. But in a non-linear world, minor deviations cascade unpredictably. We need to think more holistically about problem solving.

Incomprehensibility Requires Humility

When even experts can’t grasp full system interactions, transparency becomes strategic. Adopt open-book quality metrics to share real-time data across departments. Cross-functional reviews expose blind spots.

Building a BANI-Ready QMS

From Documents to Living Systems

Traditional QMS drown in documents that “gather dust” (Documents and the Heart of the Quality System). Instead, model your QMS as a self-adapting organism:

Use digital twins to simulate disruptions
Embed risk-based decision trees in SOPs
Replace annual reviews with continuous maturity assessments

Maturity Models as Navigation Tools

A maturity model framework maps five stages from reactive to anticipatory. Utilizing a Maturity model for quality planning help prepare for what might happen.

Operational Stability as the Keystone

The House of Quality model positions operational stability as the bridge between culture and excellence. In BANI’s brittle world, stability isn’t rigidity-it’s dynamic equilibrium. For example, a plant might maintain ±1% humidity control not by tightening specs but by diversifying HVAC suppliers and using real-time IoT alerts.

The Path Forward

VUCA taught us to expect chaos; BANI forces us to surrender the illusion of control. For quality leaders, this means:

Resist checklist thinking: VUCA’s four elements aren’t boxes to tick but lenses to sharpen focus.
Embrace productive anxiety: As I wrote in Ambiguity, discomfort drives innovation when channeled into structured experimentation.
Invest in sensemaking: Tools like Quality Function Deployment help teams contextualize fragmented data.

The future belongs to quality systems that don’t just survive chaos but harness it. As Cascio reminds us, the goal isn’t to predict the storm but to learn to dance in the rain.

For deeper dives into these concepts, explore my series on VUCA and Quality Systems.

Q9 (r1) Risk Management Draft

Q9 (r1) starts with all the same sections on scope and purpose. There are slight differences in ordering in scope, mainly because of the new sections below, but there isn’t much substantially different.

4.1 Responsibilities

This is the first major change with added paragraphs on subjectivity, which basically admits that it exists and everyone should be aware of that. This is the first major change that should be addressed in the quality system “All participants involved with quality risk management activities should acknowledge, anticipate, and address the potential for subjectivity.”

Aligned with that requirement is a third bullet for decision-makers: “assure that subjectivity in quality risk management activities is controlled and minimised, to facilitate scientifically robust risk-based decision making.”

Solid additions, if a bit high level. A topic of some interest on this blog, recognizing the impact of subjectivity is critical to truly developing good risk management.

Expect to start getting questions on how you acknowledge, anticipate and address subjectivity. It will take a few years for this to work its way through the various inspectorates after approval, but it will. There are various ways to crack this, but it will require both training and tools to make it happen. It also reinforces the need for well-trained facilitators.

5.1 Formality in Quality Risk Management

“The degree of rigor and formality of quality risk management should reflect available knowledge and be commensurate with the complexity and/ or criticality of the issue to be addressed.”

That statement in Q9 has long been a nugget of long debate, so it is good to see section 5.1 added to give guidance on how to implement it, utilizing 3 axis:

Uncertainty: This draft of Q9 utilizes a fairly simple definition of uncertainty and needs to be better aligned to ISO 31000. This is where I am going to definitely submit comments. Taking a straight knowledge management approach and defining uncertainty solely on lack of knowledge misses the other element of uncertainty that are important.
Importance: This was probably the critical determination folks applied to formality in the past.
Complexity: Not much said on complexity, which is worrisome because this is a tough one to truly analyze. It requires system thinking, and a ot of folks really get complicated and complex confused.

This section is important, the industry needs it as too many companies have primitive risk management approaches because they shoe-horn everything into a one size fits all level of formality and thus either go overboard or do not go far enough. But as written this draft of Q9 is a boon to consultants.

We then go on to get just how much effort should go into higher formality versus lower level of formality which boils down to higher formality is more stand alone and lower formality happens within another aspect of the quality system.

5.2 Risk-based Decision Making

Another new section, definitely designed to align to ISO 9001-2015 thinking. Based on the level of formality we are given three types with the first two covering separate risk management activities and the third being rule-based in procedures.

6. INTEGRATION OF QUALITY RISK MANAGEMENT INTO INDUSTRY AND REGULATORY OPERATIONS

Section 6 gets new subsection “The role of Quality Risk Management in addressing Product Availability Risks,” “Manufacturing Process Variation and State of Control (internal and external),” “Manufacturing Facilities,” “Oversight of Outsourced Activities and Suppliers.” These new subsections expand on what used to be solely a list of bullet points and provide some points to consider in their topic area. They are also good things to make sure risk management is built into if not already there.

Overall Thoughts

The ICH members did exactly what they told us they were going to do, and pretty much nothing else. I do not think they dealt with the issues deeply and definitively enough, and have added a whole lot of ambiguity into the guidance. which is better than being silent on the topic, but I’m hoping for a lot more.

Subjectivity, uncertainty, and formality are critical topics. Hopefully your risk management program is already taking these into account.

I’m hoping we will also see a quick revision of the PIC/S “Assessment of Quality Risk Management Implementation” to align to these concepts.

Understanding How to Organize Process

Process drives the work we do. We can evaluate processes on two axis – complexity and strategy – that help us decide the best way to manage and improve the processes.

Process complexity and dynamics are what types of tasks are involved in the process. Is it a simple, repetitive procedure with a few rules for handling cases outside of normal operation? Or is it a complex procedure with lots of decision points and special case rules? Think of this like driving somewhere. Driving to your local grocery is a simple procedure, with few possibilities of exceptions. Driving across the country has a ton of variables and dynamism to it.

While complexity can help drive the decision to automate, I strongly recommend that when thinking about it don’t ask if it can be automated, only ask what would be involved if a human were to do the job or how it is done with current technologies. Starting with the answer of automation leads to automation for automation’s sake, and that is a waste.

Dynamics is how much the process changes – some change rarely while others change rapidly to keep pace in response to changes in product or external factors (such as regulations).

Strategic importance asks about the value the process contributes to meeting requirements. Is the process a core competency, or an enabling process that needs to be accomplished to ensure that you can do something else that meets the core requirements? Needless to say, one company’s strategic process is another company’s routine process, which is why more and more we are looking at organizations as ecosystems.

Processes are in a hierarchy, and we use levels to describe the subdivision of processes. We’ve discussed the difference between process, procedure and task. At the process level we usually have the high-level process, the architecture level, which are the big things an organization does (e.g. research, manufacture, distribute), mid-level processes that are more discrete activities (e.g. perform a clinical study) to even more discrete processes (e.g. launch a study) which usually have several levels (e.g. select sites, manage TMF) to finally procedure and task.

Level of Process	Includes	Key Ways to Address
High-Level Process	How key objectives are met, highly cross functional	Organization design. System Design
Mid-level Process	How a specific set of departments do their major work blocks	Process Improvement
Low-level process	How individuals conduct their work in sub-blocks	Knowledge management, task analysis, training

Levels of Process

To truly get to this level of understanding of process, we need to understand just what our process is, which is where tools like the SIPOC or Process Scope diagram can come in handy.

To understand a process we want to understand six major aspects: Output, Input, Enablers, Controls, Process Flow, People.

Complex and Complicated as Tools for Process Understanding

Simple processes usually follow a consistent, well-defined sequence of steps with clearly defined rules. Each step or task can be precisely defined, and the sequence lacks branches or exceptions.

More complicated processes involve branches and exceptions, usually draw on many rules, and tend to be slightly less defined. Complicated processes require more initiative on the part of human performers.

Complex processes are ones that require a high level of initiative and creativity from people. These processes rapidly change and evolve as time passes. Successful performance usually requires a connection to an evolving body of knowledge. They are highly creative and have a large degree of unpredictability. Most complex processes are viewed at the system level.

Sources

Benedict, T. et al. BPM CBOK Version 4.0: Guide to the Business Process Management Common Body of Knowledge. ABMP International, 2019.
Harmon, Paul. Business Process Change. Morgan Kaufmann, 2019.
Nuland, Y. and Duffy, G. Validating a Best Practice. Productivity Press, 2020

Process and procedure complexity

People are at the heart of any organization. They set the organization’s goals, they manage it, they deal with suppliers and customers and they work together to produce results.

We manage this by processes. Process are on a continuum by how complicated and complex they are. Simpler jobs can be reliably done by following procedure. More complex ones require the ability to analyze a situation – using established rules – and decide which of several alternative paths to follow. In even more complex cases they analyze, diagnose, design, redesign, program, plan or schedule. In some cases, they create new products, processes and new ways of being. Very complex jobs require individuals who can analyze and solve very complex problems.

These complex, knowledge driven processes get difficult to provide as work-as-prescribed. The work involves thought and creativity, and finding the right balance is a continual balancing act of knowledge management.

Complex and Complicated – Time to Break it Down

Complex and Complicated

I went and did it. I now have a song on complex and complicated. A rap anthem to a subject I hold so dear. I bought this through Fiverr from Burtonm6, who was a joy to work with.

Lyrics below

Complicated and complex

these words are not synonyms/

people often misunderstand

i can break down for you

lets begin

problems that are complicated

gotta check how they originated/

from causes that can be addressed

piece by piece

individually distinguished/

yea

hope that you get the idea

cause and effect is linear

when we’re dealing with complicated

there’s more so listen here

learn the difference

ah yea we got to

I’m here to help yes i got you

remember

every input always has a proportionate output

now its time we move on to complex

lets learn what its about and how its so different

it deals with many causes that cant be distinguished

as individual

because it all intersects

and we must address as an entire system

and if you try to solve it then its not a one and done

it might require to be systematically managed

a multi-functional structure

hard to fully understand it

richly inter-related

they changes in unexpected ways

as they all interact

now lets us talk about the constraints

when its complicated

then its one structure

one function

due to their environment

being delimited

no fronting

complex systems are open

yes thats for sure

cuz its difficult to know where they end

or where they will go

systems in place

to separate is impossible

it was difficult to see the differences

but now you know

aye

complex and complicated

they are not the same

time to break it down so that you can understand

helps decision making

when you’re analytical

whether complicated or complex

now you know

aye