Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015
qualprod
Trusted Information Resource
Re: Risk Management in ISO 9001:2015
Thanks Jen
To keep risks opened as you suggest, it will be a hard job to keep risk a monitored.
I think we need to find an easier way for the management.
To keep risks under control, it needs time and efforts.
I remember you suggested a worksheet to register risk, I found it interesting, but some doubts came up, in criteria you used to classify risk values, and actions according to the values obtained, could you clarify it?
Thanks
Thanks Jen
To keep risks opened as you suggest, it will be a hard job to keep risk a monitored.
I think we need to find an easier way for the management.
To keep risks under control, it needs time and efforts.
I remember you suggested a worksheet to register risk, I found it interesting, but some doubts came up, in criteria you used to classify risk values, and actions according to the values obtained, could you clarify it?
Thanks
Randy
Super Moderator
This subject of "risk management" and "risk based thinking" is starting to get funny, here and in the real world, because it's not a new concept. Sound business management and decision making has always been about "risk" or "what if".
Who really believes that Steve Jobs used some kind of chart or mathematical formula to go the direction he did with his home garage based business? What about Bill Gates in his decision to capture the operating system world and not focus on hardware? Mary Kay Ash didn't employ some statistical analysis guru in her decision to make skin care products in her home bath and use pink as her trade color. I'm pretty sure Fred Smith didn't sit around studying charts, equations, market trends or anything else when he packed an overnight bag, took the last cash he had and went to Vegas to raise operating capital.
Every one of those "business leaders" made a gut decision as their "risk based thinking" process and did rather well, so here's an argument, can a "GBD" or "SWAG" be a valid "RBT" methodology?
Who really believes that Steve Jobs used some kind of chart or mathematical formula to go the direction he did with his home garage based business? What about Bill Gates in his decision to capture the operating system world and not focus on hardware? Mary Kay Ash didn't employ some statistical analysis guru in her decision to make skin care products in her home bath and use pink as her trade color. I'm pretty sure Fred Smith didn't sit around studying charts, equations, market trends or anything else when he packed an overnight bag, took the last cash he had and went to Vegas to raise operating capital.
Every one of those "business leaders" made a gut decision as their "risk based thinking" process and did rather well, so here's an argument, can a "GBD" or "SWAG" be a valid "RBT" methodology?
Re: Risk Management in ISO 9001:2015
The register may be good for processes, but Randy is right: you may have things you don't need to use a methodology for at all. This includes the simple question of "Should we enter xyz market now, or should we wait?" Both have risks of getting it wrong, either through poor timing or missed opportunity.
Please do not overthink this.
The criteria I suggested may or may not be appropriate for you. Feel free to put in your own criteria.
The register may be good for processes, but Randy is right: you may have things you don't need to use a methodology for at all. This includes the simple question of "Should we enter xyz market now, or should we wait?" Both have risks of getting it wrong, either through poor timing or missed opportunity.
Please do not overthink this.
N
Nevins
I would suggest you keep it simple...
astutecertification
On Holiday
The key difference is that risk identification takes place before risk assessment. This is logical because for you to assess anything, you first need to identify it. Risk Identification tells you what the risk is, while risk assessment tells you how the risk will affect your objective. The tools and techniques used to identify risk and assess risks are not the same. To learn more about managing risks. The process consists of 4 simple steps conducted by a Risk Committee:-
- Identify potential risks that could impact the organization and classify each risk into categories.
- Rate each risk based on impact and likelihood, and provide rationale and understanding of root causes related to each risk (additional criteria can be rated- some processes include ‘speed of onset’ and ‘vulnerability’).
- Prioritize top-rated risks to ensure the right ones are managed going forward.
- Develop specific action plans to address the risks.
Repeat for opportunity in place of risk and you may have a sound basis for developing your process-based management system; as with many successful organizations.
But ISO 9001 does not yet specify either of these approaches.
But ISO 9001 does not yet specify either of these approaches.