Risk Management (RM) is the process of identifying, quantifying, evaluating and managing the exposure to all kinds of dangers, damages or losses faced by an organization in pursuit of its objectives. Part of Risk Management is to coordinate, assign resources and take the appropriate measure to reduce, minimize, monitor, and control the probability and/or impact of unfortunate events, or to maximize the benefits of an investment or an action.
Assessing Threats and Opportunities
We are all exposed to threats and opportunities that can either prevent us from achieving a specific goal or, in the case of opportunities, help us meet them in an effective way. Assessing, managing and mitigating losses is a process carried out by every organization whether they are conscious about it or not. However, this process is not always carried out in the best possible way. In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.
Risk Management considers the identification of two types of events: negative events which are classified as risks and positive events which are classified as opportunities. This process involves the following actions:
- Understanding of the current situation (the context of the organization).
- Identify the types of risk and opportunities an organization is exposed to.
- Measure the potential risks/opportunities in terms of likelihood and magnitude of impact.
- Define actions to respond in order to avoid or minimize damage or maximize the benefits of opportunities.
- Monitor the progress of the actions.
Risk Management also involves having a plan in place in order to get things back to normal as quickly as possible if something bad does occur.
The benefits that a successful risk management may bring to an organization include:
- Compliance to legal requirements or other requirements.
- Assurance and enhanced decision-making.
- Improve the efficiency of an organization’s processes.
- Increases the effectiveness of actions taken within a project.
- Efficacy of the strategy of an organization.
Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes.
Managing risk effectively helps organizations perform well in an uncertain environment and not giving due importance to risk can result in severe consequences for organizations as well as individuals.
There are many standards and regulations that address Risk Management, some of these are:
- ISO 31000:2018, Risk management – Principles and guidelines.
- ISO 14971:2000 Medical devices — Application of risk
- Management to medical devices
- ISO 17776:2000 Petroleum and natural gas industries — Offshore production installation — Guidelines on tools and techniques for hazard identification and risk assessment
- CSA Q 850:1997 Risk Management Guidelines for Decision Makers
- JIS Q 2001:2001 Guidelines for development and implementation of risk management system
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.