/ Published in QCS International

Risking it all

The hottest buzz word at the minute is risk and how to manage it so it is not surprising that ISO have just issued ISO/IEC 31010 on risk management and risk assessment techniques.   So what is it all about and is any use?

The simple answer is maybe although in saying this I run the risk of getting splinters from sitting on the fence.

If you like the generic nature of PAS 99 for the implementation of integrated systems, then this is for you.   Its very ‘non specific’ so doesn’t tie you to a specific approach like FEMA or HACCP, and has a framework that supports continual improvement.

The Highlights…

Not unsurprisingly ISO/IEC 31010 is based on the Plan do check act cycle and it structures risk management in a simple way as follows:

  • Identify the activities/things that could present a risk.   H&S/Automotive and Food systems call these hazards, Environmental systems and PAS 99 call these aspects.
  • Review the needs of stakeholders.   Customers and legislation obviously but also general public and suppliers may be considered as stakeholders to name but a couple.   Basically ask yourself this – what are the legal/contractual requirements as a minimum because if you don’t comply with these it is a high risk.
  • Assess the risk for each of the activities/hazards/aspects.   Make sure you keep it real – don’t over analyse every last detail but get the ‘big hitters’ into the assessment.
  • Identify what you are doing already to control the activity and then estimate the risk by assessing the severity of the issue and the potential frequency of the issue happening with the current controls in place.
  • Pull together a priority list of the areas that need additional controls.   The higher the severity and frequency, the higher the priority.
  • Ensure that the control measures (old and new ones) and monitored.   How you monitor the controls  will depend on what the control actually is but, monitoring may be done by audit, inspection or physical measurement.

Keep it alive…

Review everything periodically based on any issues the business has seen, monitoring and measurement results and changes to stakeholder requirements and use this to set improvement objectives.   The most important thing is to keep your risk assessments alive by reviewing them in the light of any changes.

Share
Share

What you can read next

Facts on integrating your management systems…
Taken to the cleaners
Changes to First Aid Training…