Risk management is a fundamental part of your Quality Management System. In the latest ISO 9001:2015 quality standard, risk management has become a central preoccupation.
Risk management is about developing a preventive attitude to avoid the occurrence of unfortunate events. In managing risks, companies can save resources, improve productivity and increase collaborators’ safety and health.
Not just used in banking or insurance organizations, an efficient risk management can have a direct impact on profits, revenue and business continuity.
A typical risk management process contains 4 main steps:
- Risk identification
- Risk assessment
- Risk treatment
- Risk monitoring
It’s good to start by defining company processes prior to identifying risks. A process map illustrates value added and resource processes in order to deliver valuable products/services to satisfy customers.
Knowing issues, indicators and risks for each process gives clear insights on how to make improvements.
There are 2 ways to identify risks, on the strategic or operational level. SWOT or stakeholder expectation analysis are great tools to identify strategic risks. In daily operations, issues, complaints, audits, correctives actions, indicators, etc. are typical events used to detect risks. A recurring issue is a typical source for declaring a new risk.
Different methodologies exist to assess risks. A simple one is to assess probability/occurrence and impact/gravity of risks. The risk severity is the multiplication of probability by impact factors. The impact is sometimes expressed as a monetary value. In FMEA’s methodology (Failure Mode and Effects Analysis), the risk severity is the multiplication of three factors: impact, probability and detection. The risk severity is often displayed in a risk heat map for a specific period. A scorecard is an ideal tool to monitor risk assessment values over time with their trends.
High severity risks display in the red zone of the heat map. These risks need to be treated. Corrective actions are assigned to the process owners, to reduce the risk probability or impact. Periodical controls are set to monitor risks.
Risk compliance documents will be needed to describe your risk methodologies and procedures with their related instructions. These documents are usually part of your quality document management system.
Excel spreadsheets are not ideal to manage risks with their related actions and controls. Excel is a personal tool that is not adapted for collaborative work.
An integrated digital quality management software like BPA Quality will help quality managers to have a participative quality and risk management system.