It is important to accept that the main task of the initial implementation of risk management in the QMS - making actions to address risks and opportunities an integral part of management decision-making at all levels.
Then the keyword is "simplicity".
Implementation of risk management into the QMS processes (ISO 9001:2015 cl.4.4.1.f,
cl.6.1 and step "Do" - ISO 31000) consists of four phases:
- Risk identification,
- Risk analysis,
- Risk evaluation,
- Risk treatment.
1)
Risk identification consists of
finding, recognizing and describing the risk. The ultimate objective of risk
identification is to draft a comprehensive Risk list.
At
this phase, the following is important:
•
A common
approach to risk wording for all processes. A good practice is to word the
risks through the "Event" category - an adverse event that may
occur with some likelihood.
•
Adding all possible risks to the Risk list, including the risks with negligible likelihood.
2)
At the Risk analysis phase it is
important to:
•
Use a simple
method of risk level (R) determination, which is clear and can be easily
accessible to a broad range of employees. A good practice is to use a ratio:
R
= C ∙ L
where
C
– consequences,
L – likelihood.
•
Commonly use an expert
evaluation in determining the components of level of risk, as well as in
determining risk criteria at the Risk
evaluation phase. At the same time, evaluate the consequences on
the extent of the potential adverse impact on the user (external or internal).
3) At the Risk evaluation phase (risk
ranking,
matching the level of risk and risk criteria
as well as the allocation of risk in
relation to which it is necessary to carry out risk treatment),
the following is important:
- The level of risk criteria (the maximum allowable level of risk, below which risk treatment is required) should not be set very high. This allows to process the greater amount of risk and avoid possible initial stage errors.
4) At the Risk treatment phase, which is conducted in order to prevent, or
reduce, undesired effects and to enhance desirable effects at the process
level, it is important to:
•
Start with
the application of quality management tools, which the team already possess. In
reality, the use of cause and effect diagrams in conjunction with "brainstorming"
can already give the desirable effect.
ISO 9001:2015 Risk Management resources:
- Actions to Address Risks and Opportunities Quality system procedure
- ISO 9001:2015 Actions to address risks and opportunities in QMS processes – Methodical Manual
- Risk Management in QMS Processes
Free Downloads
- Risk Management Requirements Implementation in ISO 9001:2015 clauses (Reference Table)
- Risk Management Requirements in ISO 9001:2015 clauses (Presentation, 5 slides)
- Risk Management in QMS Processes (Preview) (Presentation, 3 slides)
No comments:
Post a Comment