See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/337590390

Risk Management requirement under ISO 17025-2017

Presentation · November 2019

DOI: 10.13140/RG.2.2.15511.32161

CITATIONS READS

0 346

1 author:

Sani Ibrahim
Sanichem Resoures
12 PUBLICATIONS   276 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

PTSs Projects View project

ISO/IEC 17025 laboratory accreditation View project

All content following this page was uploaded by Sani Ibrahim on 28 November 2019.

The user has requested enhancement of the downloaded file.

 RISK MANAGEMENT TO
IMPARTIALITY AND
LABORATORY OPERATIONS

 Foreword,
 Introduction,
 Clause 4.1.4 and 4.1.5 on impartiality,
 Clause 7.8.6.1 considering the risk in terms of decision rules used in reports,
 Clause 7.10.1 related to management of nonconforming work,
 Clause 8.5 on actions to be implemented to address risks and opportunities,
 Clause 8.6 on improvement
 Clause 8.7 on corrective action
 Clause 8.9 on management reviews

RISK MANAGEMENT REQUIREMENT IN

ISO/IEC 17025:2017

1
 ISO/IEC 17025:2017 requires :
 The laboratory to plan and implement
actions to address risks and opportunities.
 Addressing both risks and opportunities
 Establishes a basis for increasing the
effectiveness of the management
INTRODUCTION system,
 Achieving improved results and
preventing negative effects.
The laboratory is responsible for deciding
which risks and opportunities need to be
addressed

Impartiality means Presence of Objectivity

➢ 4.1.4 The laboratory shall identify risks to impartiality
on an on-going basis…
➢ 4.1.5 if a risk to impartiality is identify, the laboratory
shall be able to demonstrate how it eliminates or
IMPARTIALITY minimizes such risk.
➢ Risks to impartiality may arise from
➢ Lab activities - commercial, financial, or others
that may affect the integrity of Lab result.
Lab relationships – ownership, governance,
management, shared resources,
finances, contract, marketing and
payment of sale commission.
Relationship of Lab Personnel with customers.

2
  Objective – impartial in conducting lab activities and obtaining
results
 Subjective – impartial in subjective approach to laboratory results
 Financial – Real or perceived impartiality due to any kind of
financial pressures.
 Operation – Internal and external pressure in conducting lab
activities and obtaining result.
 Organizational – Conflict of interest due to organizational structure
and management.
 Internal – Internal pressure on lab activities and results.
 External – Risks to impartiality arise from external sources.

MANIFESTATIONS OF RISK TO IMPARTIALITY

ISO/IEC 17025:2017 requires :

1. Laboratory shall consider the risks and
8.5 ACTION TO opportunities in the laboratory
ADDRESS RISKS activities…
Laboratory shall plan action to address
AND 2.
these risk and opportunities…
OPPORTUNITY 3. Action taken to address risks and
(OPTION A) opportunities shall be proportional to
the potential impact on the validity of
laboratory results.

3
 Give Assurance Give assurance that QMS achieves its intended results

Enhance Enhance opportunities to achieve purpose and objectives of the

opportunity laboratory.

Prevent
Prevent or reduce undesired impacts and potential failure in the laboratory
undesired activities.
impacts

Achieve Achieve improvement

THE LABORATORY IS REQUIRED TO CONSIDER

RISKS AND OPPORTUNITY ASSOCIATED WITH
LABORATORY ACTIVITIES IN ORDER TO…

Establishing the Context

RISK ASSESSMENT

Risk Identification
Communication Monitor
and Risk Analysis and
Consultation Review
Risk Evaluation

Risk Treatment

RISK MANAGEMENT PROCESS

4
 Establish
• internal context
• external context
• risk management context

Develop risk criteria

Define the structure for risk analysis

ESTABLISHMENT OF CONTEXT
(SCOPE WITHIN WHICH RISK WILL BE IDENTIFIED)

 Risk criteria allow a Laboratory to clearly define unacceptable levels of risk

either to impartiality or to lab operations.
 Risk criteria may include the acceptable level of risk to impartiality or for a
specific lab activity.
 Risk criteria may be broadly defined initially and then further refined later in
the risk management process.
 Developing risk criteria…
Decide or define the acceptable level of risk for each activity
Determine what is unacceptable.
Identify who is responsible for accepting risk and at what level.

RISK CRITERIA

10

5
 RISK ASSESSMENT
Risk Identification

Risk Analysis

Risk Evaluation

RISK ASSESSMENT

11

 Two Main ways to identify risk

1. Identifying retrospective risks
 Retrospective risks are those that have been previously occurred such as incidents
or accidents.
 It is easier to identify possible recurrence as future risk which must be prevented
from recurring.
 It is also easier to quantify its impact by reviewing the damage it has caused.
2. Identifying prospective risks
 Prospective risks are harder to identify
 All possible risks should be identify as an on-going process.
 Significant risk shall be monitored and the effectiveness of their control should be
reviewed. (once identified).

RISK IDENTIFICATION

12

6
  Brainstorming among lab personnel and other stake-holders
 Review records and reports such as audit reports, Non-conforming work records,
complaints, MRM and other meeting minutes.
 Review customers’ survey feedback.
 Review management system and laboratory procedures
 Use Risk Identification tools
 Root cause analysis – 5-Whys????? to full blown Cause & Effect diagram analysis
 FMEA – Failure Mode and Effect Analysis
 HACCP – Hazard Analysis and Critical Control Points
 SWOT Analysis

RISK IDENTIFICATION PROCEDURE

13

W O T
Strengths Weaknessess Opportunities Threats
Resources Resources limitation Acquire additional Missed opportunities
resources
Quality of Staff Short-handed Staff Training Lack of Customers’
confidence
Financial strength Low annual return Revise/improve Might go “under”
financial
management
Well maintain quality Weak Quality Improve QMS Deregistered by
system Manager SAMM
High Customer Poor communication Improve rapport with Loss of customers
Satisfaction rating with customers customers

RISK IDENTIFICATION – SWOT ANALYSIS

14

7
 Impact
Likelihood
Consequences
Probability
Hazard
Intensity
Exposure
Concentration

Risk analysis involves combining the possible consequences, or

impact, of an event, with the likelihood of that event occurring.
The result is a ‘level of risk’.

RISK ANALYSIS

15

Likelihood or Probability of Occurring

LOW MEDIUM HIGH

HIGH High Risk
Level of Impact

Consequence

MEDIUM Medium Risk

or

LOW
Low Risk

ANALYZING RISK BY QUALITATIVE APPROACH

16

8
 Impact/Consequences
Negligible Minor Serious Critical Catastrophic
(1) (2) (3) (4) (5)

Improbable Low Risk Low Risk Low Risk Low Risk Low Risk
(1) (1) (2) (3) (4) (5) Low Risk
Probability/likelihood

Low Risk Low Risk Medium Risk Medium Risk Medium Risk (1-5)
Remote
(2) (4) (6) (8) (10)
(2)
Low Risk Medium Risk Medium Risk Medium Risk
Occasional High Risk High Risk
(3)
(3) (6) (9)
(12) (15) (6-10)

Probable Low Risk Medium Risk High Risk High Risk High Risk
(4) (4) (8) (12) (16) (20) High Risk
Frequent Low Risk Medium Risk High Risk High Risk High Risk
(11-25)
(5) (5) (10) (15) (20) (25)

RISK ANALYSIS (QUANTITATIVE)

17

 1. Compare Level of Risk Risks Predefined

Found with Predetermined Risk Levels Criteria
Criteria
 2. Do they require Treatment?
Or Acceptable Risk Require NO Acceptable
Treatment? Risk Level
 3. Prioritize Risk which require
treatment
YES
 4. Convert positive evaluation
into Opportunity
Risks Neg Pos Convert to
Prioritize
Treatment Risks Opportunity

RISK EVALUATION

18

9
 Start with having a risk Evaluate Identified
register or risk log risks.

Register all risks which have been Use risk-based thinking approach
identified and analyzed. – murphy’s law
Record all actions taken to Prioritize risk according to risk
eliminate or reduce risks. levels and available resources to
Table form is best to show risk implement treatment of the risks.
management in one page.

RISK EVALUATION AND

PRIORITIZATION OF RISKS

19

RISK Management Register

Risk Identification Risk Analysis and Prioritization Corrective Action, Monitoring and Review
Bil Date Owner Description Sources Likelihood Severity Risk Level Priority Action taken Date Review
Gap analysis for transition to ISO Send QM for training on
17025:2017 is slow in progress. May Transition to ISO 17025:2017
not be able to complete before set Quality offered by Persatuan Makmal MRM on 10
1 21-Feb-18 Mr. QC Manager dateline of 30 November 2018 Management Probable (4) Critical (4) High (16) High Akreditasi Malaysia 31-Jul-18 Sep 2018
Only one equipment is good working
order. Risk of equipment being Repair other broken equipment. Lab Meeting
broken before busy period in Apr- Standby loan of another on 15-Mar-
2 3-Mar-18 Mr. Lab Manager May-Jun. Resources Remote (2) High (4) Medium (8) Medium equipment. 15-Mar-18 2018
Calibration program for 2019 is not
Ms. Calibration ready before Assessment on 15-Aug- Improbable Calibration office to submit plan
3 20-Jul-18 Officer 18. Resources (1) Serious (3) Low (3) High to Mr. QM in one week time 25-Jul-18 NR
New staff is the daughter of owner of New Staff must sign non-
competitor lab. Risk on conflict of disclosure agreement with lab
4 1-Aug-18 Ms.HR Manager interest. Impatiality Risk HR/Personnel Low High Medium Low management. 2-Aug-18 NR
5
6
7
8
9
10

EXAMPLE OF RISK REGISTER

20

10
 Risk Identification

Pressure in conducting tests for “important” customers for regulatory compliances

Risk Analysis
Likelihood or Probability of
Occurring

LOW MEDIUM HIGH

impact to impartiality = Low HIGH

Level of Impact

Consequence
Frequency of occurrence = Medium MEDIUM

or
Risk Level = Low Risk LOW

Risk Evaluation
Low Risk Level which does not require treatment

RISK TO IMPARTIALITY ASSESSMENT– EXAMPLE 1

21

Risk Identification

Government laboratory undertaking testing which require regulatory compliance.

Risk Analysis
Likelihood or Probability of
Occurring

LOW MEDIUM HIGH

impact to impartiality = Medium HIGH
Level of Impact

Consequence

Likelihood of occurrence = High MEDIUM

or

Risk Level = High Risk LOW

Risk Evaluation
High Risk Level which will require planning to control or reduce risk.
Require continuous monitoring and periodical review.

RISK TO IMPARTIALITY ASSESSMENT– EXAMPLE 2

22

11
 Risk Identification
Laboratory have only one critical equipment which is a risk to laboratory operation
when that equipment break-down.

Risk Analysis
impact to operation = Critical (4)
Likelihood of occurrence = Remote (2)
Risk Level = Medium Risk (8)

Risk Evaluation
Medium risk which may require treatment as soon as resources available.
Take opportunity to add back-up equipment.

RISK TO LABORATORY OPERATION - EQUIPMENT

23

Risk Identification
Laboratory has majority of women personnel. What is the risk to laboratory operation
when more than one personnel take maternity leaves.

Risk Analysis
impact to operation = Minor (2)
Likelihood of occurrence = Remote (2)
Risk Level = Low Risk (4)

Risk Evaluation
Low risk which may be treated as no risk or low priority in treatment.
However, laboratory may take opportunity to review human resource requirementand.

RISK TO LABORATORY OPERATION - PERSONNEL

24

12
 The following options may assist in the minimization of negative risk or an
increase in the impact of positive risk.

1- Avoid the risk

2- Change the likelihood of the occurrence

3- Change the consequences

4- Share the risk

5- Retain the risk

OPTIONS FOR RISK TREATMENT

25

➢ Have a SOP or documented procedure to

COMPLIANCE TO assess, plan, identify, address and manage
risks and opportunities.
RISK ➢ Have records of risks assessment to

MANAGEMENT impartiality and laboratory activities.

➢ Include review of results of risk identification
REQUIREMENT IN as one of the agenda in Management
Review Meeting.
ISO 17025:2017 ➢ Consider level of risk in decision rule applied
to reporting statement of conformity if
required by customers.

26

View publication stats 13