Professional Documents
Culture Documents
ISO ISO
22000:2018 9001:2015
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 1 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
1.0 Approvals
The signatures below certify that the procedure has been verified and accepted and demonstrates
that the signatories are aware of all the requirements contained herein and are committed to
ensuring their implementation
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 3 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
3.5. Quality controllers
3.6. Manager - Procurement
3.7. Manager - Stores
4.0 Purpose
The purpose of this procedure is the identification of risks and opportunities, the definition of actions
to address those risks and opportunities and the evaluation of the effectiveness of the actions taken
within the company’s activities in order to: -
4.1. Give assurance that the management system achieves its intended results
4.2. Enhance opportunities to achieve the purpose and objectives of the FSMS
4.3. Prevent, or reduce, undesired impacts and potential failures in the FSMS
activities
4.4. Achieve improvement.
5.0 Scope
This procedure covers all FSMS activities both internal and external.
6.0 Responsibility
6.1 Manager - Quality Control
7.0 Definitions
7.1. Risk is a specific event that could happen sometime in future negatively affecting an
organization’s ability to constantly provide customers with conforming goods, services
and enhanced customer satisfaction.
7.2. Severity is the seriousness of the harm.
7.3. Probability is the likelihood that harm will occur.
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 4 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
7.4. Risk factor or exposure subjective value, potential percentage of loss to a specific asset,
activity or process if a specific threat is realized severity x probability
7.5. Mitigation what we are doing to avoid the risk.
7.6. Contingency Actions to be taken to prevent, reduce or transfer the risk if it happens
7.7. Opportunity - a situation or condition favorable for attainment of a goal, a good position,
chance, or prospect, as for advancement, improvement or success
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 5 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
9.0 Process
9.1 Risks assessment & management
9.1.1. Risk Assessment shall be carried out every six months by a nominated
representative team of each activity in the company; Production and quality personnel, general
hand, supervision & management.
9.1.2. The assessment is guided by a risk register which outlines; risks identified,
evaluation of the risk factor, mitigation & contingency plans & actions associated with the
defined inspection.
9.1.3. Following steps are followed while conducting risk assessment for company
activities;
a) Identifying the company process for which the risk most likely dominates.
b) Identifying the risk by allocating value for probability and severity according to table
for risks (shown below). These risks may associate but may not be limited to following:
Customer taste changes
Compromised quality in ingredients and materials
Contamination of ingredients or end products
Bioterrorism
Change in statutory requirements
Inflation
Insecurity (internal or external)
Customer complaint
Occupational safety
i. What could happen; what might go wrong; or what might prevent the achievement of the
relevant goals; What events or occurrences could threaten the intended outcomes?
ii. How could; it happen; is the risk likely to occur at all or happen again; If so, what could cause
the risk event to recur or contribute to it happening again?
iii. Where could it happen; is the risk likely to occur anywhere; Or is it a risk that is dependent on
the location, physical area or activity?
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 6 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
iv. Why might it happen; what factors would need to be present for the risk to happen or occur
again? Understanding why a risk might occur or be repeated is important if the risk is to be
managed.
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 7 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
v. What might be the impact/severity: if the risk were to eventuate, what impact or
consequences would or might this have?
d) The risks identified are then assigned a score to the likelihood (probability of
occurrence). Each element is given a score from 1 (lowest risk) to 5 (highest risk).
f) The risk is then assigned an Impact/severity rating if the risk were to be encountered; this
impact comprises of following elements;
• Impact on activities / operations / results
• Impact on relation with customers, supplier or any other body
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 8 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
The risk is evaluated by plotting the probability value against the severity value as per the
matrix shown below (Risk Assessment Matrix).
Probability Severity
1 - Very low 2 - Low 3 - Medium 4 - High 5 - Very high
5 - Very high 5 10 15 20 25
4 - High 4 8 12 16 20
3 - Medium 3 6 9 12 15
2 - Low 2 4 6 8 10
1 - Very low 1 2 3 4 5
Key
When the risks are evaluated, their cause is found out, control measures suggested and
prioritized according to the magnitude of the risk.
9.1.4 When determining controls, or considering changes to existing controls, consideration shall
be given to reduce the risks in following ways;
a) No treatment is available
b) Taking risk in order to pursue an opportunity
c) Treatment costs are prohibitive (particularly relevant with lower ranked risks)
d) The level of risk is low and does not require using resources to treat it
e) The opportunities involved significantly outweigh the threats
9.1.6 The final column allows for entry of an estimated risk factor after mitigation & contingency,
which is an estimate on what the risk should be reduced to if the risk treatment is successful.
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 9 of 9
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
9.2.1. Operations Manager shall evaluate the processes, inputs, activities, practices
and outputs for opportunities.
9.2.4. The opportunity is then assigned a benefit rating if the opportunity were to
be harnessed; this benefit comprises but not limited to following elements;
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 10 of
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
9.2.6. The opportunity is evaluated by plotting the probability value against the
benefit value as per the matrix shown below (Opportunity Assessment Matrix)
with next activity defined under action
Key
Probability Benefit Value
value 1 - Insignificant 2 - Minor 3 - Moderate 4 Major
4 - Very likely 4 8 12 16
3 - Likely 3 6 9 12
2 - Unlikely 2 4 6 8
1 – Very unlikely 1 2 3 4
Key
9.3 Reporting
Opportunities shall be captured in weekly reports while risks in a risk register with action plans
highlighted as follow up issues in the weekly report.
9.4 Review
The outcome of actions on risks and opportunities shall form part of the agenda during Management
Review Meetings.
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 11 of
PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
10.0 Records
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 12 of