Tags Posts tagged with "risk"

risk

by -
Risk Management in Your Organization - ISOUpdate.com

Risk Management (RM) is the process of identifying, quantifying, evaluating and managing the exposure to all kinds of dangers, damages or losses faced by an organization in pursuit of its objectives. Part of Risk Management is to coordinate, assign resources and take the appropriate measure to reduce, minimize, monitor, and control the probability and/or impact of unfortunate events, or to maximize the benefits of an investment or an action.


Assessing Threats and Opportunities

We are all exposed to threats and opportunities that can either prevent us from achieving a specific goal or, in the case of opportunities, help us meet them in an effective way. Assessing, managing and mitigating losses is a process carried out by every organization whether they are conscious about it or not. However, this process is not always carried out in the best possible way. In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

Risk Management in Your Organization - ISOUpdate.com
In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

Risk Management

Risk Management considers the identification of two types of events: negative events which are classified as risks and positive events which are classified as opportunities. This process involves the following actions:

  • Understanding of the current situation (the context of the organization).
  • Identify the types of risk and opportunities an organization is exposed to.
  • Measure the potential risks/opportunities in terms of likelihood and magnitude of impact.
  • Define actions to respond in order to avoid or minimize damage or maximize the benefits of opportunities.
  • Monitor the progress of the actions.

Planning

Risk Management also involves having a plan in place in order to get things back to normal as quickly as possible if something bad does occur.

The benefits that a successful risk management may bring to an organization include:

  • Compliance to legal requirements or other requirements.
  • Assurance and enhanced decision-making.
  • Improve the efficiency of an organization’s processes.
  • Increases the effectiveness of actions taken within a project.
  • Efficacy of the strategy of an organization.

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes.


Managing risk effectively helps organizations perform well in an uncertain environment and not giving due importance to risk can result in severe consequences for organizations as well as individuals.

Standards

There are many standards and regulations that address Risk Management, some of these are:

  • ISO 31000:2018, Risk management – Principles and guidelines.
  • ISO 14971:2000 Medical devices — Application of risk
  • Management to medical devices
  • ISO 17776:2000 Petroleum and natural gas industries — Offshore production installation — Guidelines on tools and techniques for hazard identification and risk assessment
  • CSA Q 850:1997 Risk Management Guidelines for Decision Makers
  • JIS Q 2001:2001 Guidelines for development and implementation of risk management system

by -

The concept of risk has always been implicit in ISO 9001; this new revision only makes it more explicit and builds it into the whole management system.

In ISO 9001:2015, risk management is being added with focus on risk-based thinking.  Here a systematic approach to risk is established by considering and including it throughout the standard.



In the Introduction the concept of risk-based thinking is explained. Risk is defined as the effect of uncertainty on an expected result, where:

  1. An effect is a deviation from the expected – positive or negative.
  2. Risk is about what could happen and what the effect of this happening might be.
  3. Risk also considers how likely it is to take place.

The main goal of this quality management system is for an organization to achieve conformity and customer satisfaction. In ISO 9001:2015 a risk-based thinking is used to achieve this goal.

  • In Clause 4 (Context) the organization is required to determine the risks which may affect its ability to meet the system’s objectives. The new ISO 9001 recognizes that the consequences of risk are not the same for all organizations, and this is why every organization will need to consider risk quantitatively as well as qualitatively, depending on their context.
  • In Clause 5 (Leadership) top management is required to demonstrate leadership and commit to ensuring that risks and opportunities that can affect the conformity of a product or service are determined and addressed.
  • In Clause 6 (Planning) the organization is required to take action to identify risks and opportunities, and plan how to address each of them.
  • Clause 8 (Operation) establishes that the organization is required to plan, implement and control its processes to address its risks and opportunities.
  • In Clause 9 (Performance evaluation) the organization is required to monitor, measure, analyze and evaluate the risks and opportunities.
  • In Clause 10 (Improvement) the organization is required to improve by responding to changes in risk.

These requirements are considered to cover the concept of preventive action (which has been replaced) and takes a wider view that looks at risks and opportunities. By understanding those risks and exploring ways in which the risks can be mitigated, the organization will also have an opportunity to drive change and improvement.

In order to effectively meet the quality management system’s goal, ISO 9001:2015 will require organizations to consider their risks as part of their management’s plan, which will call for an improved commitment and more involvement of top management.



by -
Auditor Training

Risk-based thinking refers to thinking ahead of a situation (as in a chess game) to consider threats and opportunities and their possible effects on a specific goal, in order to take the necessary actions that will allow us to maintain or improve the desired results. Risk-based thinking is done by everyone automatically and in most cases, we are not even aware of it.

For an organization, risk-based thinking ensures risk is considered from the beginning and throughout a process, project,  plan or any strategic decision. Many consider risk in a negative sense; however, risk-based thinking can also help to identify opportunities, which can be considered to be the positive side of risk. By taking a risk-based thinking approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.

Organizations need to understand the overall level of risk embedded within their processes and activities. For all types of organizations, there is a need to understand the risks involved when seeking to achieve objectives and attain the desired results. This helps managers decide how they will minimize the effects of undesirable situations and also how to maximize the benefits of any opportunity.

Risk-based thinking therefore:

  • Establishes a proactive culture of improvement.
  • Assures consistency of quality of goods or services.
  • Builds a strong knowledge base.
  • Proactively improves operational efficiency and governance.
  • Improves management system performance and resilience.
  • Improves customer confidence and satisfaction.
  • Builds stakeholder confidence in the use of risk techniques.
  • Enables organizations to apply management system controls to analyze risk and minimize losses.
  • Enables organizations to respond to change effectively and protect their business as they grow.

Mastering risk-based thinking will allow any organization to fully understand their current situation, identify risks and opportunities and effectively manage them. When a risk-based thinking approach is considered throughout an organization the probability of achieving defined objectives increases, and the results are more likely to be consistent and long-lasting. Also, with this approach, customers can be confident that they will receive the expected product or service in the right time and at the right place.