Risk management in ISO9001:2015

ISO9001:2015 now mandates "Action to address risk and opportunities". Risk Based Thinking is on the minds of everybody with a QMS to update. There is good news though, Risk Based Thinking isn't new - you do it every day and Anaero can supply you with advice from the industries that has lead the way in risk-based thinking, aerospace and aviation. "What does risk-based thinking do for me?" It lets you maximise opportunities while controlling or eliminating risks. Simply put, you have always had a responsibility to take part in risk-based thinking.

ISO9001:2015 now mandates “Action to address risk and opportunities”. Risk Based Thinking is on the minds of everybody with a QMS to update.

There is good news though, Risk Based Thinking isn’t new – you do it every day and Anaero can supply you with advice from the industries that has lead the way in risk-based thinking, aerospace and aviation.

“What does risk-based thinking do for me?”

It lets you maximise opportunities while controlling or eliminating risks.

Simply put, you have always had a responsibility to take part in risk-based thinking.

Consider three some of the responsibilities of a Company Director:

  • Try to make the company a success, using your skills, experience and judgment.
  • Follow the company’s rules, shown in its articles of association.
  • Make decisions for the benefit of the company, not yourself.

Each one of these requires the balancing of risks.

  • Without risk taking, a company is unlikely to be a success. Intuitive risk assessment grows from skills, experience and judgement.
  • Without risk assessment, how can the company be sure that it’s operating rules adequately protect the company?
  • Risk-taking for personal gain is one most common causes of loss. Good examples include staff performing work outside of insurance coverage and staff committing traffic offenses in company vehicles.
  • Risk-taking for organisational gain also presents threats, issues such as known non-compliance with regulator requirements, ‘fake-it until you make-it’ are good examples.

A formal risk-based approach ensures that risks taken for the benefit the company and are justified, it helps you maximise opportunities while controlling or eliminating risks. It allows you to migrate away from intuitive risk analysis to a system that ensures that if a risk is taken, effects are understood and suitable controls and mitigation to exposure are in place.

  • Eliminate risk if the consequences of loss are unacceptable to risk holders
  • Justify risk taking if risk holders are willing to own the risk based on the controls and mitigation in place

The ability to understand risk and consider the effect to the organisation is key to successful management.

Risk-based thinking helps you to meet the responsibilities that you already have, and improves the scope of your risk-assessment.

But if I already do this, why do I need another system?

If you identify and apply a method of structuring risk-based thinking that is recognised, you can be confident that you are applying good practice to assess risks.

Industry has generated many different risk management tools and processes that work.

If you work to manage risks, you take steps to understand and manage two things:

  • The probability that a risk will be realised
  • The effects of occurrence

Both of these benefit the organisation. Structured risk-based thinking provides a framework to understand existing risks, reveal new risks and consider root causes that frequently differ from the causes that seem most obvious, helping to reduce future risk.

With a formal risk management system, If a risk is realised then you can:

  • Identify in-place controls and mitigation and how they functioned
  • Assess why the risk occurred and improve controls and mitigation to demonstrate improvement
  • Demonstrate to society that you were taking reasonable steps to manage risk

Society’s approach to risk continues to sharpen. We live in a society of increasing interest in your activities.

Failure is increasingly of interest to regulators, investors, consumers, media and lawyers. Whether the consequences of your risk taking will:

  • Harm people
  • Damage the company
  • Pollute the environment
  • Result in financial loss

How should I do it?

This is where a consultant from Anaero will help you.

We work with you to understand your organisation and operating environment to find methods that work for you . Anaero can provide the understanding, engagement, tools and guidance to help you select risk capture, assessment and management activities appropriate to your organisation and context.

We ensure that training, processes, information management and risk management frameworks are available to help you conduct risk assessment activities to manage existing risks, identify new ones and provide evidence that you have taken steps to understand, control and mitigate risks to a reasonable level.

We integrate risk-based thinking with your current business processes.

ISO9001:2015 updates needn’t be hard. Anaero will work with you to ensure that you take the most efficient route to good practice which will benefit your organisaton.