Featured Blog Articles
What is Risk?
Risk is defined as “Effect of uncertainty” and effect is a deviation from the expected, positive or negative. (Source: ISO/ANSI 9000:2015)
Risk therefore, may be positive that is ‘get more than what you expect’ or negative that is ‘get less than what you expect’. Industries cannot run in a state of uncertainty. Therefore, Industry needs to eliminate or minimize risk in its operations.
With respect to ISO standards the principles of Risk are that:
- Risk has been implicit in ISO 9001 all along
- ISO 9001:2015 makes this concept of Risk explicit
- Application of Risk required during all the stages: establishment, implementation, maintenance and continual improvement
- Use risk based thinking as preventive tool
- Risk based approach replaces the so called preventive action
- It is required to determine risks and opportunities but no formal documented risk management is required
ISO 9001:2015 further says “Risk Based thinking is essential for achieving an effective Quality Management System. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analyzing and nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity”. (Source: element 0.3.3 ISO 9001:2015)
ISO 9001:2015 is the basic standard for Quality Management System and is applicable to any product or service. Therefore, it goes without saying that element of Risk Management is to be included for all facilities irrespective of the standard to which certification is being sought.
ISO 14971:2007 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of ISO 14971:2007 are applicable to all stages of the life-cycle of a medical device.
ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context.
ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific.
ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
Risk Management Solutions are required for certification to many ISO Standards such as Quality Standards ISO 9001, Environmental Standards ISO 14001, Medical Devices Standard ISO 13485, other ISO Standards, Automotive Standards, Telecommunication Standards, Aerospace Standards, and Food Safety Standards.
Risk management solutions can be defined as the culture, processes and structures in place that focuses on recognizing opportunities while at the same time managing/preparing for adverse effects. It is important for organizations to have a system in place aimed primarily to the dedication of making internal and external risks more transparent and controlling these risks. With the increase, regulatory requirements and the increasing number of shareholders, identifying areas of risk in their business has become a primary concern. Areas of risk include: Financial, operational, IT, brand, or reputation related. There are many ways to effectively respond and deal with these issues by prioritizing and responding appropriately based on the risk analysis and strategy of the organization. It enables the organization to make the best decisions in the present that will serve the long term best interests of the organization.
This requirement for risk management for an organization is expected to be met through planning, anticipating probable and potential risks at each of their processes and taking adequate steps to mitigate Risk for an effective Management System.
- Identify All Processes and Potential Risks
Mark all processes involved in a business and estimate possible risk at each process. To do that past data or estimated data on how that specific process was managed may be used
- Evaluate Significant Risks Through the Application of Risk Priority Number (RPN)
To determine Significant Risk, it is necessary to assess the Probability of the Risk Occurring, probability of the Severity the risk may cause and the probability of detection of Risk occurrence are to be estimated. This probability may be rated on a scale of 1 to 5 or 1 to10
- Arrive at a Risk Priority Number (RPN) as the product of the three assigned numerical values to Severity, Occurrence and detection
- RPN= SXOXD (Severity X Occurrence X Detection)
- When numerical values are attached on a Scale of 1-10 Average RPN will be 5X5X5 =125
- Any Process Having RPN >125 is a High-Risk Process
Risk Management Soultions Prioritization
- Select the Processes whose RPN is above average
- Initiate Preventive Actions for Processes with HIGH RPN
Risk Management Soultions Mitigation
- Apply Risk Mitigation Activities in the form of preventive actions to Minimize Risk
- Monitor Management of the Risk Through Management Reviews
- Other Scientific methods of Risk Management could be the use of Process Failure Mode Evaluation Analysis. Calculation of RPN is required for FMEA as well
- Risk Management Solutions are required for any organization providing products or services best Risk Management is the actions taken after identifying probable Risk and RPN for any process in an
- Risk Management Solutions are designed to detect uncertainties and to avoid them for future operations.
- This is a proactive decision and required for every organization. Risk analysis is a must before arriving at a Preventive Action.
- Planning and Risk Management Solutions are essential for any organization.
- Long term commitment to organizations and companies to work smarter and in a scientific manner
- Reduces costs, enhances services and increases revenues through definitive exercises instead of guess work
- Savings in time and money through reducing time in chasing wrong ideas
- Improving operations and processes, resulting in a more efficient, less redundant organization
- Promotion of entrepreneurship intelligence, risk taking corporations and engagement with process control at every stage
- A culture change in a way a business or organization collaborates both internally and externally
- Identification and management of Risk
- Helps to prevent repetition of uncertainties
- Meets the mandatory requirement for using scientific methods for process control
- Savings in revenue by reducing quality costs
- Ultimate improvement in Bottom -Line
- Improvement in teamwork and morale in working
- Improvement in overall control of nonconformities instead of harping on accountability
- Scientific data backed up problem solving techniques puts the business at higher pedestal in the eyes of the customer
- Eradication of over consulting within businesses and organizations which may become a pitfall especially where it affects speed of information
- Meets the mandatory requirements of Risk management stated in the standards
- Mitigates Risks and improves Process control
- Leads the company to become a six sigma error free company
- By leveraging vast experience, it has, QSE organizes the entire implementation process for Statistical Problem Solving
- QSE has created easily understandable templates where all processes could be listed
- QSE coaches on methods to prepare a Process flow and interaction diagram to serve visual aid in determining the processes involved in the facility
- QSE has created template where criterial for fixing numerical values have been indicated as empirical formulae for use in determining the RPN
- QSE coaches all relevant employee on methods to identify Risk
- QSE coaches on methods to Plan activities to minimize risk
- QSE’s Templates for preventive action are self-explanatory and used with ease.
- QSE ‘s Templates provide for recording the risk considered at each process and the actions taken to mitigate that risk.
Why QSE? The QSE Difference in Implementing Risk Management Solutions
- QSE has over 27 Years of standing in the field of Consulting, Auditing and Training for any ISO Standards, Sector Specific Standards, Chain-of-Custody Standards, AISC standards or Food Safety Standards
- All industries require certifications for global acceptance
- Over 98 % of QSE customers passed audits with nononconformities first time around
- Unlike our competitors QSE has a unique, comprehensive, evidence based simplified single level system which is easy to implement and provide evidence for implementation of Risk Management and Risk mitigation
- Templatesdesigned by QSE are tried and tested. They are perfect. Facilities using the documentation developed by QSE do not have to struggle for evidence
- QSE ensures additional records required for generic quality management system, are clearly identified and retained which includes Risk Planning Risk evaluation and Risk Control
- QSE’s Evidence Based Risk Management System includes forms and tables which helps organizations to sail through a certification audit without any nonconformities or with minimal nonconformities
- If the Company is small and number of processes are less then QSE will help in condensing the template to suit the needs of the organization
- QSE engages competent consultants to coach on risk management
- At the end of an Internal audit QSE submits a detailed report which assists the facilities in building corrective actions and prevent actions to avoid possible nonconformities and helps to undertake preventive actions to mitigate risk in any process
Frequently Asked Questions
No! it is not mandatory to have a documented risk management system but there needs to be evidence to show there is Risk based thinking and risk management system is in place within the organization.
QSE’s templates are easy to understand. Never the less QSE undertakes to coach risk priority number calculations with color coded Risk Register for easy understanding. QSE coaches on adapting the forms/templates suitable to the organization’s processes and requirements.
No! there are no institutes which have exclusive courses on risk management solutions. However, some certifying Bodies do conduct seminars and coaching sessions on Risk-based thinking and risk management. QSE does this coaching free along with Consulting for certification.