100%(1)Il 100% ha trovato utile questo documento (1 voto)
90 visualizzazioni30 pagine
This document describes a risk registry template that can be used to systematically identify, analyze, and address risks and opportunities according to the ISO 9001:2015 standard. The template includes categories for describing the risk/opportunity, assessing its impact and probability of occurring, determining its significance level, selecting a risk treatment option, and planning actions, responsibilities, resources, and timelines for addressing the risk or seizing the opportunity. Maintaining an organized risk registry is one method recommended in the document for complying with ISO 9001:2015's requirements to consider risks and opportunities as part of quality management system planning and improvement.
This document describes a risk registry template that can be used to systematically identify, analyze, and address risks and opportunities according to the ISO 9001:2015 standard. The template includes categories for describing the risk/opportunity, assessing its impact and probability of occurring, determining its significance level, selecting a risk treatment option, and planning actions, responsibilities, resources, and timelines for addressing the risk or seizing the opportunity. Maintaining an organized risk registry is one method recommended in the document for complying with ISO 9001:2015's requirements to consider risks and opportunities as part of quality management system planning and improvement.
This document describes a risk registry template that can be used to systematically identify, analyze, and address risks and opportunities according to the ISO 9001:2015 standard. The template includes categories for describing the risk/opportunity, assessing its impact and probability of occurring, determining its significance level, selecting a risk treatment option, and planning actions, responsibilities, resources, and timelines for addressing the risk or seizing the opportunity. Maintaining an organized risk registry is one method recommended in the document for complying with ISO 9001:2015's requirements to consider risks and opportunities as part of quality management system planning and improvement.
Risk-Based Thinking Risk-based thinking is presented within the introduction of the ISO 9001:2015 standard. ISO 9001 has always advocated mitigating and avoiding risk; it has implicitly addressed the issue through “preventive actions” in previous revisions. ISO 9001:2015 replaced the term preventive actions with “actions to address risks and opportunities”. Risks and Opportunities A Risk is a positive or negative deviation from the expected. Addressing a risk could mean pursuing a new opportunity. The better our organization manages risks, the better prepared we are to face uncertainties. Organizations are required during planning of their QMS to address both risks and opportunities. Opportunities can include the adoption of new customers, products, technology or practices. Risks and Opportunities in ISO 9001:2015 There are several requirements around risks and opportunities throughout the ISO 9001:2015 standard. The examples given in the next slides are just some of the clauses that in effect mandate risk management. Risks and Opportunities in ISO 9001:2015 4.4 Quality management system and its processes “The overall quality management system (QMS) must consider both risks and opportunities as part of its core planning process.”
5.1 Leadership and commitment
“Those who lead the organization must promote risk- based thinking” Risks and Opportunities in ISO 9001:2015 5.1.2 Customer focus “Ensure risks and opportunities that affect customers are determined and addressed.”
6.1 Actions to address risks and opportunities
“When planning for the QMS, determine and address risks and opportunities.” Risks and Opportunities in ISO 9001:2015 9.1.3 Analysis and evaluation “Evaluate the effectiveness of actions taken to address risks and opportunities.”
10.2 Nonconformity and corrective action
“Update risks and opportunities determined during planning, if necessary.” How to Address Risks and Opportunities The ISO 9001:2015 requirements around risk and opportunities do not require a formal risk management system. However, it does require that we determine what they are and how they will be addressed. When evaluating risk, it is helpful to use two metrics or parameters: 1. Impact (if the risk occurs, how serious is it?) 2. Probability (what is the probability of the risk occurring?) How to Address Risks and Opportunities Common methods for identifying and addressing risks include maintaining a Risk Register, performing FMEA (Failure Mode Effects Analysis) or FTA (Fault Tree Analysis), using a Probability and Impact Matrix, or other risk management exercises. Registry of Risks and Opportunities (NEUST-QMS-F013) Categories of Risks and Opportunities The category where the identified risk/opportunity belongs to. These categories may be the ff: • Operational • Financial • Personnel • Client • Delivery • Infrastructure • Outsourced Services Risk/Opportunity Description A textual description of each risk identified within the college/office/unit. Also known as the risk statement.
The risk statement involve two elements: the event
itself and the potential positive or negative impact of such an event. Risk/Opportunity Description Examples: • Severe weather conditions may impact building progress • Too much designations may affect the performance of a teaching personnel • Lack of IT security policies and procedures may cause loss of data • Flooding may cause loss of important documents and IT equipment Risk/Opportunity Description Examples: • Unliquidated expenses may lead to delay in release of budget for next activity • Lack of employees may lead to delay of operations • Lack of recognitions and incentives may lead to unhappy employees • Lack of trainings and seminars may lead to incompetence Risk/Opportunity Description Examples: • Lack of vehicles may lead to failure to provide logistics support • Delay in release of funds may affect business operations • Lack of commitment from suppliers may lead to delay in deliveries • Lack of safety and security measures may lead to safety and security issues to students and employees Risk/Opportunity Description Examples: • Improved internet speed may lead to increased productivity • Improved number of researchers may lead to more published researches • More partner agencies may lead to more extension programs • Collaboration with other agencies may lead to more generated products and services Impact
A description of the potential impact on the
college/office/unit as a result of the identified risk. Low 0 No to minor harm Medium 1 Significant to damaging harm High 2 Serious to grave harm Impact
A description of the potential impact on the
college/office/unit as a result of the identified risk. Low 0 No to minor improvement Medium 1 Significant improvement High 2 Major or great improvement Probability
The estimated probability that a risk will occur at
some point and become an issue Low 0 Unlikely to happen, Infrequent Medium 1 Likely, Probable High 2 Highly likely, Almost certain, Common Probability
The estimated probability that a risk will occur at
some point and become an issue Low 0 Small chance to seize the opportunity Medium 1 Opportunity can be seized but requires lot of effort and resources High 2 Opportunity can be seized easily or does not require much effort or resources Significance
The magnitude or level of the risk.
Significance = Impact + Probability I Insignificant 0-2 Acceptable impact of risks; no to minimal action needs to be taken II Significant 3-4 Actions need to be taken (critical) to address risks Risk Treatment Option
An action taken to manage a risk. Treatment options
include: • Reduction – reducing or mitigating the likelihood or severity of a possible loss • Avoidance – eliminating any exposure to risk that poses a potential loss • Transfer – transfer risk to another party • Acceptance* – acceptance of the identified risk Actions to Address Risks/Opportunities
The task/activity that will be done in order to manage
or to treat the risk Responsibility
The person(s)/unit(s) responsible for managing risk
treatment Resources
The resource(s) needed to manage the risk
Deadline
The estimated date when the risk treatment will be
acted upon Evaluation Date
The date when the QMR/IQA/Representative will
check on the results of the actions taken to treat the identified risk Evaluation Results