The dynamic of risk management and compliance seems to be experiencing a shift toward risk management in operations, and learning to pay attention to detail in order to leverage it. The biggest question often asked is, “I’m aware my company needs to pay great attention to the detail of risk, but I don’t know where to start, or even how to put it into practice.” This is a normal practicality with which most quality professionals struggle. As for what you can do about risk, it’s important to first focus on the process of collecting and analyzing your risks. There are many common, simple, and effective tools to help make risk management a practical option for your business.
After risk is mapped out it can be better controlled. Risk tools make it possible to delve a little deeper into the overall scope of risk management from a company and operational perspective using ISO standards.
Risk management: hazards vs. risk
We hear that risk is a good benchmark for compliance. However, it is important to recognize the difference between hazards and risk for the perfect dynamic. The terms are often used interchangeably, but the truth is that risk and hazard are different terms that do not equal the same outcome.
Risk is defined as the probability that exposure to a hazard will lead to a negative consequence. The risk equals the hazard times the exposure. Thus, a hazard poses no risk if there is no exposure to the hazard. Risk is the likelihood that the hazard will lead to that negative consequence. It’s multiplied by the probability of exposure to that hazard. It’s important to understand that you can have a hazard that poses no risk, and if there is no probability of exposure to that hazard it is then of lesser concern. The key is learning what your hazards are so that they can be estimated. Once this is done risk management is created.
Enterprise risk management
Risk is pervasive throughout all areas of an organization. It spans from quality to environmental, health, and safety (EHS) to finance to the supply chain. You can think of risk management as the umbrella that spans the entire enterprise. It’s the universal method for understanding and controlling risk throughout any location within an organization. ISO 31000 is the standard for risk management. Although it is broad, it is used within many business operations as a general interpretation of defining risk management. It’s an excellent method for getting started on your risk journey.
Risk management applied to ISO 31000
Risk management begins with the identification of any relevant risks. Proper risk management means looking into operations, determining where the hazards are, and understanding what the risk of those hazards may be. Once this is done, you’ll want to determine a way to quantify those risks and look for ways to measure them in a systematic and objective way. Most companies will use scales such as severity and probability. Then, you’ll need to implement a process for evaluating and assessing the risk. This is where risk assessment plays its part.
After a decision has come from the assessment, certain tools are able to help make the right decision on how to handle the risk. There is often a scale used within many businesses with options on how to treat risk.
Source: Tim Lozier. The author is the director of product strategy at Traqpath, in Farmingdale, New York. He has extensive experience in the software industry, and has been involved in the creation of leading-edge technologies in user-interface design and development. He began his career in digital marketing before taking a turn into software design and marketing at Quark Inc. Since then, he’s never looked back—helping to foster the development (and blog about) leading quality management software solut
