Wednesday, July 27, 2016

Important steps to start implementing Risk management in the QMS



What are the important steps to start implementing Risk management in the QMS?

It is important to accept that the main task of the initial implementation of risk management in the QMS - making actions to address risks and opportunities an integral part of management decision-making at all levels

Then the keyword is "simplicity".
Implementation of risk management into the QMS processes (ISO 9001:2015 cl.4.4.1.f, cl.6.1 and step "Do" - ISO 31000) consists of four phases:

  • Risk identification,
  • Risk analysis,
  • Risk evaluation,
  • Risk treatment.
1) Risk identification consists of finding, recognizing and describing the risk. The ultimate objective of risk identification is to draft a comprehensive Risk list.
At this phase, the following is important:
      A common approach to risk wording for all processes. A good practice is to word the risks through the "Event" category - an adverse event that may occur with some likelihood.
      Adding all possible risks to the Risk list, including the risks with negligible likelihood.

2) At the Risk analysis phase it is important to:
      Use a simple method of risk level (R) determination, which is clear and can be easily accessible to a broad range of employees. A good practice is to use a ratio:
R = CL
where 

C – consequences,

L – likelihood.

      Commonly use an expert evaluation in determining the components of level of risk, as well as in determining risk criteria at the Risk evaluation phase. At the same time, evaluate the consequences on the extent of the potential adverse impact on the user (external or internal).


3) At the Risk evaluation phase (risk ranking, matching the level of risk and risk criteria as well as the allocation of risk in relation to which it is necessary to carry out risk treatment), the following is important:
  • The level of risk criteria (the maximum allowable level of risk, below which risk treatment is required) should not be set very high. This allows to process the greater amount of risk and avoid possible initial stage errors.

4) At the Risk treatment phase, which is conducted in order to prevent, or reduce, undesired effects and to enhance desirable effects at the process level, it is important to:
      Start with the application of quality management tools, which the team already possess. In reality, the use of cause and effect diagrams in conjunction with "brainstorming" can already give the desirable effect.


ISO 9001:2015 Risk Management resources:

Free Downloads

No comments:

Post a Comment