How and Where To Address Risk
We all know that Preventive Action was replaced by Risk Based Management when ISO 9001
updated some four years ago. However, are you clear on the three levels that need to be assessed?
The top management need to look at the big picture and there is no better way than by means of a SWOT analysis.
in the business and Opportunities and Threats outside the business. Sorted.
As for the QMS, it's a simple risk assessment
model on a spreadsheet to score all aspects
of the processes.
So, we start at Enquiries and go right the way through to Despatch and on-site activities if relevant. The QMS then follows with general aspects such as IT features and Site Services. We simply look at:
- Frequency - of the process taking place
- Likelihood - of the process falling over despite current controls
- Severity - the outcome to the business
It is so simple once you have set it up and you just rescore it as things change. Fair to say that my clients were often dreading tackling risk, but once they see how straight forward this model is then they are on board.
Finally, and I accept this is more within aerospace and other more demanding standards but still a good control to have in place, you have risk at the order level itself. Are you taking on sizes, materials, specifications or requirements on a drawing that you haven't done before. If so what are the mitigating actions you will introduce - unless of course you just leave it to run and hope nothing goes bang!
I often refer to a 'rule of three' and, as you can see, risk is no different.