Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015

qualprod

qualprod

Trusted Information Resource
Re: Risk Management in ISO 9001:2015

Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
 
H

Helmut Jilling

Auditor / Consultant
Re: Risk Management in ISO 9001:2015

qualprod said:
Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
Click to expand...

Just apply your common sense and experience with your operations.... If you do complicated "analysis" with Severities, and likelihood, and 5 other categories, and score each one into scores based on 1-10, and do al that, do you really think you are going to come up with variables that are any more "precise" than High, low, medium... or Red-Yellow-Green? I know it seems more "precise," but you are fooling yourself. If you ran a chemical plant I would be suppose of a more statistical analysis. But, you already said your operations are not that risky.
 
A

AndyN

Moved On
Re: Risk Management in ISO 9001:2015

qualprod said:
Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
Click to expand...

I've yet to see a SWOT analysis that needs anything this complex. Once the SWOT has been done, those who created it - the leadership - will see which risks need to be addressed. I really do believe many make far too much of this risk aspect than is really needed.
 
H

Helmut Jilling

Auditor / Consultant
Re: Risk Management in ISO 9001:2015

AndyN said:
I've yet to see a SWOT analysis that needs anything this complex. Once the SWOT has been done, those who created it - the leadership - will see which risks need to be addressed. I really do believe many make far too much of this risk aspect than is really needed.
Click to expand...

agree.... trust yourself to make good decisions...
 
qualprod

qualprod

Trusted Information Resource
Re: Risk Management in ISO 9001:2015

Thanks Helmut

My thinking is this:

To stop using the calculations PxI, since risk values are note precise and the calculation is complex and more time consuming, also registering values on formats and a list register.

Instead, to start to evaluate the risk by using only considering Low med and high, and assigning values as you said, with common sense, (nor numeric values), very easy way for the addressing.

I suppose , by doing it this way, risk value may be about the same, analysis done may be easier to carry out.

Please advice on this.

Thanks
 
H

Helmut Jilling

Auditor / Consultant
Re: Risk Management in ISO 9001:2015

qualprod said:
Thanks Helmut

My thinking is this:

To stop using the calculations PxI, since risk values are note precise and the calculation is complex and more time consuming, also registering values on formats and a list register.

Instead, to start to evaluate the risk by using only considering Low med and high, and assigning values as you said, with common sense, (nor numeric values), very easy way for the addressing.

I suppose , by doing it this way, risk value may be about the same, analysis done may be easier to carry out.

Please advice on this.

Thanks
Click to expand...

Yes... that is what I would do... it is a good beginning. See how it works for you.
 
qualprod

qualprod

Trusted Information Resource
Re: Risk Management in ISO 9001:2015

Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: Risk Management in ISO 9001:2015

qualprod said:
Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
Click to expand...
The risk might never be gone; persons or conditions might revert, even of only for time while behavior changes. Also, a new risk may be introduced by actions to reduce the other. Certainly find a way to recognize effectiveness, even if that is qualitative observation during internal audit. But I would not make firm closure a priority. That would be like my giving myself permission to take my eyes off the road while driving my car.
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: Risk Management in ISO 9001:2015

qualprod said:
Jen
Questions regarding your format for risks:
1 what do you base on to decide the level of risks?
Do you use numerical information? Is qualitative or quantitative?
2 please explain your criteria regarding to when apply actions according to risk value.
3 Do you apply the residual risk practice?
4 what is your criteria to tge closeoupt of risks?
Thanks
Click to expand...
"Level" of risks are management determination. It could be customer satisfaction, current events, public image, absolute costs, "death by a thousand cuts" or some other means. As Helmut and Andy have advised, I suggest your management team try to resist numerical criteria. They can be limiting.
 
H

Helmut Jilling

Auditor / Consultant
Re: Risk Management in ISO 9001:2015

qualprod said:
Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
Click to expand...

Risk actions are not always closed..... you are dealing with potential situations... the only way to close it is to be sure that the root causes have been totally eliminated. That is why the standard refers to “mitigating” risk..... after you have taken the planned actions, assess the remaining risk using the same criteria.... did you significantly reduce or deal with the risk?
 
You must log in or register to reply here.

Similar threads

C
ISO 14971 for contract manufacturer
Replies
5
Views
194
Chrisx
C
D
API Q1 Preventive Action/ ISO 9001: Risk-based Thinking
Replies
5
Views
659
Quality-Nation
Q
T
Risk Management SOP - Include Security Risk Management?
Replies
6
Views
335
Tidge
T
F
SI-8 8.4.2.3 Supplier quality management system development
Replies
7
Views
362
darkmago
D
S
Risk trace matrix vs design trace matrix
2
Replies
12
Views
395
stm55
S
Top Bottom