Open in app

Sign in

Write

Sign in

How To Manage Your Risks When Implementing ISO Standards

Russell Lawson
3 min readFeb 9, 2024

Understanding the risks and managing them appropriately will enhance your organisation’s ability to make better decisions, safeguard assets, and enhance your ability to provide products and services and to achieve your mission and goals.

By considering risk throughout your organisation the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product and/or service. Risk-based thinking therefore helps to:

  • Improve customer confidence and satisfaction;
  • Assure consistency of quality of goods and services;
  • Establishes a proactive culture of prevention and improvement;
  • Intuitively take a risk-based approach.

I suggest that you use the familiar Plan-Do-Check-Act (PDCA) methodology to manage your organisation’s transition to risk-based thinking, also using an approach that ring-fences processes into ‘risk themes’ or groups such as:

  • Business planning and strategic direction;
  • Process risk;
  • Product and service risk;
  • Risk associated with the control of externally provided product and service.

Risk and opportunity assessment
Assessment of the severity of a risk drives management attention and supports planning for risk mitigation. A qualitative risk assessment scheme consisting of qualitative probability and impact scales is undertaken to ensure consistency. Ensure that all accountable managers should engage with risk owners to:

  • Identify the control measures already applied to each risk i.e. existing control measures. These may be proactive (reducing the probability) or reactive (reducing the impact);
  • Rank the probability and impact of each risk after taking into account the actual effectiveness of the existing control measures;
  • Enter the existing control measures and the associated current risk probability and impact scores into the risk and opportunity register.

Forecasting probability, cost and time data is about assessing each risk based on the causes and effects described, taking into account the existing controls and active responses. Probability or likelihood estimations should be established giving due consideration to the effectiveness of existing control measures. The consequence evaluation criteria is about assessing against potential financial loss, reputation impact, health and safety, legal and regulatory compliance and management time and effort.

Risk assessments should be undertaken to provide an improved understanding of the risk profile and derive a more detailed understanding of certain cost and time risks. Forecast probability, cost and time data can be assessed for each risk based on the causes and effects described, considering the existing controls and active responses.

Probability or likelihood estimations should be established giving due consideration to the effectiveness of existing control measures. The consequence evaluation criteria define the consequence criteria, assessed against potential financial loss, reputation impact, health and safety, legal and regulatory compliance and management time and effort.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what’s involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Iso 9001
Iso
Iso 9001 Certification

--

--

Russell Lawson

Written by Russell Lawson

0 Followers

Founded The Ideas Distillery in 2011, IRCA-certified Lead Auditor trained in ISO 9001, ISO 14001, ISO 45001 and ISO 27001. A Chartered Practitioner of the ​CQI.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams