 Posted: Mon 11:05, 16 May 2011 Post subject: ISO9001 & Risk Management |
|
| every human endeavour there is an element of risk; personal, project or financial, or a combination of them all. The task of the responsible individual is to identify the risk and act accordingly. We all do these 'risky' things, almost daily, aware that we are taking a risk. Rather than avoiding risk we become adept at identifying it and having a strategy for dealing with it if the risk materialises. This is what risk management is about,Just Enjoy Life - Small Steps to Change Your Life, and is a skill that is important in virtually every endeavour.
The popular fallacy that risk management is tough or complicated stems from the bureaucratic methodology of some system-oriented organisations and managers. It is neither complicated or bureaucratic, and need not be. Risk management is basically a simple proposition with a complexity dictated by the nature of the situation to which it applies - usually a project, and the parties involved. In its basic form risk management involves: 1. Identifying risk - Looking for anything that threatens the successful completion of the project against the original requirement. Risks can be environmental, organisational, technical, legal, economic or commercial. 2. Counteracting risk - Taking action to remove or reduce the probability of a risk being realised. The response depends on the nature or seriousness of the risk. 3. Acting when the risk event occurs - Invoking whatever contingency measures were devised for the risk that has materialised. And for this to happen needs: 4. Monitoring at all stages - This typically means documenting a risk assessment in a profile that identifies the risk, the probability of its occurrence, and the impact if it does materialise. Factors that score highest are those that require the greatest attention and monitoring. A good risk manager will devise contingency plans that reduce either the probability or the impact of these occurrences, and so remove them from the scene. Working within a formal structured management system similar to that defined by ISO9001 requires the application of risk assessment practices to satisfy the requirements of the Standard. Auditors of such systems may not find specific references to risk management in these areas even though the identification of potential failure is wholly concerned with a topic that is nothing less than risk management. Well managed risk taking is an essential feature of any forward thinking enterprise, since risk is an element of any progression or advancement. It is the adoption of effective risk management in conjunction with the continuing need to drive forward from a comfortable position that leads to progress and advancement. Doing what we always do purely because the risks appear to be negligible or are well known is to be 'risk averse',Just Enjoy Life - Making Sure Your Children's Christmas Presents Will Be Safe -, and for progressive organisations cannot be acceptable. Neither is it acceptable to pursue new ideas without an understanding of their potential benefit, proper planning, a clear idea of the threats to these benefits being achieved , and a strategy for dealing with them should they materialise. We need to manage in a manner that is neither predictable or reckless. Risk assessment is an essential tool to support this strategy. We ignore it at our /> Copyright (c) 2008 Ed Bones |
|
