What Is Risk Treatment And Risk Mitigation In ISO?

The objective of Risk Treatment and Risk Mitigation is to identify how your identified risks will be treated. Risk treatment involves identifying the options for treating each risk, evaluating those options, assigning accountability (for Very High, High and Moderate residual risks) and taking relevant action.

For each risk, the risk owner must establish an appropriate level of treatment. Control measures in addition to those already existing may be needed to achieve this level of mitigation. Accountable managers should engage with risk owners to develop a satisfactory response for each risk in order to:

• Identify a response strategy to treat, terminate, tolerate or transfer the risk;
• Identify response actions to improve control measures as required. These will be SMART;
• Identify a response action owner for each action and confirm with them that they accept accountability for implementing the action within the time allowed.

The risk owner is responsible for the development of the response. When a response action is completed, the risk should be reassessed to reflect any newly introduced control measure.

Monitoring
Continuous systematic and formal monitoring of implementation of the risk and opportunity process and outputs take place against appropriate performance indicators to ensure process compliance and effectiveness. Monitoring takes a variety of forms that range from self-assessment, inspections and internal audits, to detailed reviews by independent external experts.

Escalation
On occasion, it may be appropriate to escalate a health and safety risk to ensure it is assessed and/or managed by the person or party best placed to do so (able and with appropriate authority). For example, where a more substantial or coordinated response is required than the current risk owner can authorise or implement will justify higher level assessment and/or management, as appropriate:

• Escalate through established lines of management accountability all hazards and risk that may require mitigation;
• This may take place during formal reviews, or through other simple mechanisms at management meetings;
• Issue reports in accordance with requirements;
• Provide key information such as statistical data on numbers of active hazards, unassessed risks, overdue actions, and others as appropriate.

Managing opportunities
Your organisation recognises an ‘opportunity’ as a set of circumstances which makes it possible to leverage positive factors and attributes, for example:

• Develop new products, services and processes;
• Develop new markets, or increase market share;
• Improve the work environment;
• Improve productivity;
• Improve operational efficiency (reduction of resource use, reduction of waste, etc).

Opportunities may be identified as positive effects of risks, as in a risk forcing implementation of a risk reduction measure that is beneficial in a broader context than just reducing a particular risk. For example, health risks may require measures to improve working environment. These measures also create opportunities to attract and retain better qualified employees, improve morale and job satisfaction, and reduce turnover, and so the initial health risk creates positive opportunities to improve the overall job satisfaction.

Check that any actions taken to address the risks and opportunities are recorded and ensure that the effectiveness of each action was effective at addressing the issue, and that the action taken was proportionate to the risk or opportunity. Consider the following as useful tools:
​

• Meeting minutes;
• SWOT analysis;
• Reports on customer feedback;
• Competitor analysis;
• Quality manual;
• Brainstorming activities;
• Planning, analysis and evaluation activities;
• Strategic planning documents;
• Design and development reviews;
• Marketing and sales data;
• Production inspections and service reviews;
• Corrective actions;
• Non-conformance reports;
• Management review minutes;
• Risk determination or evaluation records.

If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us.

Or, if you want to see what’s involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).