What is 'Risk Thinking' in the context of the updated ISO 9001: 20015 QMS & ISO 14001: 2
Risk-based thinking requires consideration and evaluation of risks and opportunities relative to the organisation’s context when planning and establishing processes, controls and improvements.
Specific areas within the standards that dictate risk thinking include:
Identify and evaluate the risks and opportunities associated with the context of the organisation’s objectives.
Examples risks and/or opportunities could be:
the business location/s in relation to the marketplace
regulatory compliance issues related to workplace and other stakeholders
productivity and equipment resources investment
public risk/liabilities for service industries
product liability for manufactured or imported goods
cost of being competitive
reliance on other parties or partnership arrangements
Evaluation of the risk/opportunity could include:
estimating the overall impact on the business
putting a measure against each item to quantify and prioritise
options for mitigation that would reduce risk
options for converting a risk to an opportunity.
Management needs to understand and have a documented process in place for managing the risk-thinking concept. This needs to be addressed on an ongoing basis in order to contain risk and leverage opportunities. Although the ISO standards don’t require the risk assessment process to be documented, unless it is formalised and structured its effectiveness can be lost.
Plans need to be put in place to manage risk and opportunities. Such plans may be detailed or simple, depending on the nature of how they are intended to be addressed and who actually addresses them.
Wherever plans are in place there will need to be actions to enact such planning. These are operational policies, processes and various tools.
Performance measurement & evaluation
Risks and opportunities identified, planned, operationally delivered then need to be monitored, measured, analysed and evaluated for effectiveness.
Continuous improvement should be based on risk thinking
How does technology support risk based thinking?
From a technical perspective, risk based tools are a simple solution.
Lucidity Software examples:
Centralised space and process driven software to identify, assess, plan, develop, monitor and measure risk controls.
Flexible tools that build in risk thinking
Build in risk assessment processes into electronic forms
Incident Reporting and Investigation software
Build risk assessment into investigation processes and assists in causal analysis