Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.

com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

TRACE INTERNATIONAL

Your Partner in ISO Standard compliance

☰ Menu

Procedure for Addressing Risk and Opportunity

preteshbiswas Uncategorized December 22, 2018 4 Minutes

1. SCOPE

The purpose of this procedure is to manage the business risks and opportunities that arise from the context of xxx and the requirements of interested parties.

2. PURPOSE

This procedure applies to all the activities within the scope of the XXX Quality Management System.

3. REFERENCE DOCUMENTS

3.1 XXX Quality Manual,

3.2 ISO 31000:2018 standard
3.3 Procedure for Context of organization

4. TERMS & DEFINITIONS

RM- Risk Management

1 of 6 29/07/2020, 11:29 am
Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

R-Risk
O-Opportunity
SOP- Standard Operating System

5. RESPONSIBILITY AND AUTHORITY

The Management Representative (MR) and HOD’s of all departments are responsible for the effective implementation of this procedure.

6. DETAILS OF PROCEDURE

6.1 Management of Risks

6.1.1 XXX considers and manages risks and opportunities differently and based on the overall context of XXX, requirements of stakeholders, and internal & external issues of
concern affecting XXX.
6.1.2 Risks are managed with a focus on decreasing their likelihood and minimizing their impact if they should occur.
6.1.3 Opportunities are managed to increase their likelihood, and to maximize their benefits if they should occur.
6.1.4 Where risks and opportunities overlap, the best appropriate method for managing them shall be ascertained, given the situation at hand.
6.1.5 Risks are considered during the execution of various processes using the Risk and Opportunities Register. Additional risks may be identified by any employee at any time.
When using the Risk Register, the following steps are to be followed:

1. Identifying the risk.

2. Identifying the process for which the risk most likely dominates.
3. Assigning a Probability rating to the identified risk:Probability: Provides an assessment of how likely it is that this risk will occur. Examples are:
L-Low (≤30%), M-Medium (31-70%), H-High (>70%)
4. Assigning a consequence/Impact rating if the risk were to be encountered:
Severity: Provides an assessment of the impact that the occurrence of this risk would have on the project. Examples are: L-Low (≤30%), M-Medium (31-70%), H-High (>70%)
5. Based on risk, analyze and prioritize the risks and opportunities in the process and Calculate the final Risk Factor based on the equation:
PROBABILITY RATING x IMPACT RATING = RISK FACTOR

6.1.6 For risks with a final Risk Factor rating equal to or greater than the threshold set in the Risk Register, management will decide whether to reject the subject due to the risk or

2 of 6 29/07/2020, 11:29 am
Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

accept the risks after the development of a risk mitigation plan. The mitigation plan must be documented, either in the Risk Register or in another document which must be
referenced on the form.
6.1.7 Risks with a factor less than the risk threshold may be accepted without a mitigation plan unless otherwise directed by management.
6.1.8 The Risk Register includes the identification and mitigation plans for key risks associated with the defined process. The CEO and HODs review these risks and take actions to
minimize them. The methods for risk assessments may vary, but should always include a means of identifying the risk under examination, and a description of the result of the
risk assessment.
6.1.9 Assign Risk Owner: The individual responsible for ensuring that risks are appropriately engaged with countermeasures undertaken. Methods may include brainstorming,
structured or semi-structured interviews, SWOT or other tools. No single method is used for all risk assessments; the tool selected should be the best tool applicable to that
particular risk analysis.
6.1.10 Check the effectiveness of the actions – verify does it work.
6.1.11 Risk review: The frequency of any review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions.
6.1.12 Learn from experience – continual improvement

6. 2. Management of Opportunity

6.2.1 As part of the different core and support processes, XXX shall seek out opportunities which could enhance its financial viability and market position. For example:

Obtaining new registrations

Obtaining access to new markets
Development of new offerings that are within the scope of capabilities of XXX
Streamlining existing processes to improve efficiency and reduce cost

6.2.2 Discussing and analysing opportunities shall be done by top management. If made part of the management review activities, these shall be recorded in the management
review records.
6.2.3 To help determine which opportunities should be pursued, the Risk and Opportunity Register may be used to conduct an “opportunity pursuit assessment.” This register is
similar to the Risk Register but ranks potential positive opportunities by their likelihood of success and potential benefit. The opportunity pursuit assessment is conducted by:

1. Identifying the opportunity.

2. Identifying the process for which the opportunity most likely falls under.
3. Assigning a Probability rating to the identified opportunity; this probability that the organization can achieve the opportunity. It is comprised of two elements: likelihood and
previous occurrences. Each element is given a score from 1 (lowest probability) to 5 (highest probability).
4. Assigning a Benefit rating to assess potential benefits if the opportunity is won. This is comprised of six elements: potential for new business; potential expansion of current
business; potential improvements in the organization’s ability to satisfy regulatory or statutory requirements; potential improvements to the quality management system;

3 of 6 29/07/2020, 11:29 am
Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

potential enhancements of XXX’s reputation; and the estimated cost of implementation. Again, each element is given a score from 1 (lowest benefit) to 5 (highest benefit).
5. Calculating a final Opportunity Factor based on the equation:
PROBABILITY RATING x BENEFIT RATING = OPPORTUNITY FACTOR

6.2.4 For opportunities with a final Opportunity Factor rating equal to or greater than the threshold set in the Opportunity Register, management will decide whether to pursue the
opportunity through an “opportunity pursuit plan” or to abandon the opportunity altogether. The opportunity pursuit plan must be documented, either in the Risk and
Opportunity Register or in another document, which must be referenced on the form.
6.2.5 Opportunities with a factor less than the opportunity target rating may be abandoned outright unless otherwise directed by management.
6.2.6 Analysis of any opportunity will generally result in one of the following possible determinations:

Pursue the opportunity

Explore the opportunity in greater detail before proceeding
Accept the opportunity but under limited and controlled conditions
Decline the opportunity, typically based on a high expected cost or low anticipated benefit.

6.2.7 If an opportunity includes a negative aspect, management may elect to conduct a risk assessment on the negative aspect, as defined above.

7. RETAINED DOCUMENTED INFORMATION

7.1 Risk and Opportunity Register (QMS F 010)

7.2 Management Review Record(QMS F011)

Advertisements

4 of 6 29/07/2020, 11:29 am
Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

REPORT THIS AD

Published by preteshbiswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in
implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that
not only get certified, but also contribute to the bo om line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several
industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve
and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As
consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of
industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly,
Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, ba eries, computer hardware and
software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and
on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized
ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment
audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining
services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics,
trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering
degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations,
production, Quality and customer care. He is also certified in Six Sigma Black belt . View all posts by preteshbiswas

5 of 6 29/07/2020, 11:29 am
Procedure for Addressing Risk and Opportunity – TRACE INTERNATIONAL https://isoconsultantkuwait.com/2018/12/22/procedure-for-addressing-risk-and-opportunity/

3 thoughts on “Procedure for Addressing Risk and Opportunity”

Kha ak says:
January 8, 2019 at 1:05 PM
Dear can you share the forms also ??

Reply
Yeshey Samdrup says:
April 10, 2019 at 8:34 AM
Please share the format for addressing Risk and opportunity

Reply
lee kam faet says:
December 4, 2019 at 5:01 AM
Please share the format on the Risk & Opportunity register form

Reply

Blog at WordPress.com.

6 of 6 29/07/2020, 11:29 am