PFI-QA-SOP-(0) Actions to address risks & opportunities

STANDARD OPERATING PROCEDURE FOR ACTIONS TO ADRESS RISKS

& OPPORTUNITIES

PSALMS FOOD INDUSTRIES LIMITED

ISO ISO
22000:2018 9001:2015

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 1 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

1.0 Approvals
The signatures below certify that the procedure has been verified and accepted and demonstrates
that the signatories are aware of all the requirements contained herein and are committed to
ensuring their implementation

Name Position Signature Date

Prepared by

Verified by Manager – Quality Control

Approval Operations Manager

2.0 Amendment Record

This procedure is reviewed annually to ensure its continuing relevance to the Psalms Food Industries
Limited systems and the process that it describes.

3.0 Distribution List

3.1. Operations Manager

3.2. Commercial Manager
3.3. Manager – Quality control
3.4. Manager – Production Supervisors – Production

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 3 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
3.5. Quality controllers
3.6. Manager - Procurement
3.7. Manager - Stores

4.0 Purpose
The purpose of this procedure is the identification of risks and opportunities, the definition of actions
to address those risks and opportunities and the evaluation of the effectiveness of the actions taken
within the company’s activities in order to: -

4.1. Give assurance that the management system achieves its intended results
4.2. Enhance opportunities to achieve the purpose and objectives of the FSMS
4.3. Prevent, or reduce, undesired impacts and potential failures in the FSMS
activities
4.4. Achieve improvement.

5.0 Scope
This procedure covers all FSMS activities both internal and external.

6.0 Responsibility
6.1 Manager - Quality Control

6.1.1. Implementation of control measures to manage risk in FSMS

activities.
6.1.2. Risks and opportunities assessment and review in the company’s
activities.
6.1.3. Defining mitigation & contingency measures of highlighted risks.
6.1.4. Ensure appropriate engagement of risks with countermeasures
outlined.
6.1.5. Developing action plans for harnessing opportunities.
6.1.6. Ensure appropriate engagement of opportunities for continual
improvement.

7.0 Definitions

7.1. Risk is a specific event that could happen sometime in future negatively affecting an
organization’s ability to constantly provide customers with conforming goods, services
and enhanced customer satisfaction.
7.2. Severity is the seriousness of the harm.
7.3. Probability is the likelihood that harm will occur.
Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 4 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
7.4. Risk factor or exposure subjective value, potential percentage of loss to a specific asset,
activity or process if a specific threat is realized severity x probability
7.5. Mitigation what we are doing to avoid the risk.
7.6. Contingency Actions to be taken to prevent, reduce or transfer the risk if it happens
7.7. Opportunity - a situation or condition favorable for attainment of a goal, a good position,
chance, or prospect, as for advancement, improvement or success

8.0 Reference documents

 ISO 22000:2018 clause 6.1

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 5 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

9.0 Process
9.1 Risks assessment & management

9.1.1. Risk Assessment shall be carried out every six months by a nominated
representative team of each activity in the company; Production and quality personnel, general
hand, supervision & management.

9.1.2. The assessment is guided by a risk register which outlines; risks identified,
evaluation of the risk factor, mitigation & contingency plans & actions associated with the
defined inspection.

9.1.3. Following steps are followed while conducting risk assessment for company
activities;

a) Identifying the company process for which the risk most likely dominates.

b) Identifying the risk by allocating value for probability and severity according to table
for risks (shown below). These risks may associate but may not be limited to following:
 Customer taste changes
 Compromised quality in ingredients and materials
 Contamination of ingredients or end products
 Bioterrorism
 Change in statutory requirements
 Inflation
 Insecurity (internal or external)
 Customer complaint
 Occupational safety

c) While identifying the risk, following questions are considered;

i. What could happen; what might go wrong; or what might prevent the achievement of the
relevant goals; What events or occurrences could threaten the intended outcomes?

ii. How could; it happen; is the risk likely to occur at all or happen again; If so, what could cause
the risk event to recur or contribute to it happening again?

iii. Where could it happen; is the risk likely to occur anywhere; Or is it a risk that is dependent on
the location, physical area or activity?

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 6 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
iv. Why might it happen; what factors would need to be present for the risk to happen or occur
again? Understanding why a risk might occur or be repeated is important if the risk is to be
managed.

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 7 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities
v. What might be the impact/severity: if the risk were to eventuate, what impact or
consequences would or might this have?

d) The risks identified are then assigned a score to the likelihood (probability of
occurrence). Each element is given a score from 1 (lowest risk) to 5 (highest risk).

e) Probability is categorized into following categories with definition of each category as

follows;

Value Probability Definition

5 Very high
4 High
3 Medium
2 Low
1 Very low
At least once in a Day
At least once in week
At least once in a month
At least once in 6 months
At least once in more than 6 months

f) The risk is then assigned an Impact/severity rating if the risk were to be encountered; this
impact comprises of following elements;
• Impact on activities / operations / results
• Impact on relation with customers, supplier or any other body

• Adverse impact on the reputation of the FSMS for failure to meet

or achieve our strategic objectives
• Financial consequences

• Compromise compliance of regulations or laws

Each element is given a score from 1 (lowest risk) to 5 (highest risk).

Value Impact / Description

Severity
5 Very high Could result to illegal activity / Bribery case /
compromise/change in report for personal gains
4 High Could result to personal grievances or pressure on the
personnel performing the task which may lead to compromised
quality ultimately leading to high financial loss > UGX 3,000,000
3 Medium Could result to changes in work environment (or equipment) which
may lead to products of reduced quality.
2 Low Could result to changes in work environment which may create
delays in the activity
1 Very low Could result to little/No impact on activities or the personnel
performing the activity

 Calculating a final Risk Factor based on the equation: Risk

Factor = Probability Value X Impact / severity Value

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 8 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

 The risk is evaluated by plotting the probability value against the severity value as per the
matrix shown below (Risk Assessment Matrix).

Risk assessment matrix Level of risk

Probability Severity
1 - Very low 2 - Low 3 - Medium 4 - High 5 - Very high
5 - Very high 5 10 15 20 25
4 - High 4 8 12 16 20
3 - Medium 3 6 9 12 15
2 - Low 2 4 6 8 10
1 - Very low 1 2 3 4 5

Key

Risk factor Category Action

0-4 Low Not required
5-9 Medium Process requires additional control measures
10-25 High Immediate intervention / action required including holding
the activity

 When the risks are evaluated, their cause is found out, control measures suggested and
prioritized according to the magnitude of the risk.

9.1.4 When determining controls, or considering changes to existing controls, consideration shall
be given to reduce the risks in following ways;

a) Identify and avoid threats

b) Reduce the probability or likelihood of the risk
c) Reduce the consequence or impact of the risk
d) Share the risk
e) Eliminate or avoid the risk source
f) Accept or tolerate the risk by informed decision

9.1.5 A risk may be acceptable or tolerable in the following circumstances:

a) No treatment is available
b) Taking risk in order to pursue an opportunity
c) Treatment costs are prohibitive (particularly relevant with lower ranked risks)
d) The level of risk is low and does not require using resources to treat it
e) The opportunities involved significantly outweigh the threats

9.1.6 The final column allows for entry of an estimated risk factor after mitigation & contingency,
which is an estimate on what the risk should be reduced to if the risk treatment is successful.

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 9 of 9
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

9.2 Opportunities management

9.2.1. Operations Manager shall evaluate the processes, inputs, activities, practices
and outputs for opportunities.

9.2.2. Opportunities identified are then assigned a score to the likelihood

(probability of occurrence) and a consideration given if the opportunity has
been harnessed before. Each element is given a score from 1 (lowest) to 4
(highest).

9.2.3. Probability is categorized into following categories with definition of each

category as follows;

Value Probability Definition

4 Very likely Achievable in ≤ 2years
3 Likely Achievable in ≥ 2years <3years
2 Unlikely Achievable in ≥ 3years <4years
1 Very unlikely Achievable in ≥ 4years

9.2.4. The opportunity is then assigned a benefit rating if the opportunity were to
be harnessed; this benefit comprises but not limited to following elements;

a) Expanding the scope of the FSMS activities

b) Addressing new customers
c) Using new technology and other possibilities to address customer needs.
d) Benefit on activities / operations
e) Benefits on work environment; physical & psychological
f) Benefit on relation with customers, supplier or any other body
g) Benefit on the reputation of the FSMS to meet or achieve our strategic objectives
h) Benefits on resource utilization, financial
i) Benefits on compliance of regulations or laws

Each element is given a score from 1 (lowest) to 4 (highest).

Value Benefit Description

4 Major
3 Moderate
2 Minor
1 Insignificant
Could result to a more efficient system
Could be less costly without compromising on quality and
safety.
Could minimize / eliminate personal grievances, familiarity or
pressure on the personnel performing the tasks which may
lead to compromised quality ultimately leading
to high financial loss > UGX 3,000,000
Could result to improvement in work environment (or
equipment) which may lead to improved efficiency
Could result to improvement in work environment which may
reduce testing activity turnaround time
Could result to little/No benefit on activities or the
personnel performing the activity

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 10 of
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

9.2.5. Calculating an opportunity factor based on

the equation: Opportunity Factor =

Probability Value X Benefit Value

9.2.6. The opportunity is evaluated by plotting the probability value against the
benefit value as per the matrix shown below (Opportunity Assessment Matrix)
with next activity defined under action

Key
Probability Benefit Value
value 1 - Insignificant 2 - Minor 3 - Moderate 4 Major
4 - Very likely 4 8 12 16
3 - Likely 3 6 9 12
2 - Unlikely 2 4 6 8
1 – Very unlikely 1 2 3 4

Key

Opportunity factor Category Action

0-4 Low Nothing
5-8 Medium Develop implementation cost matrix
9-16 High Develop implementation cost matrix

Treatment of opportunities Implementation cost matrix

Key
Implementation cost Category Action
UGX
Nil Nil Draw up action plan & implement
0 ≤ 10,000,000 Low Develop action plan, discuss with top management
≥10,000,000 ≤50,000,000 Medium for approval & funding. When approved and
≥50,000,000 High funding released implement

9.3 Reporting
Opportunities shall be captured in weekly reports while risks in a risk register with action plans
highlighted as follow up issues in the weekly report.

9.4 Review
The outcome of actions on risks and opportunities shall form part of the agenda during Management
Review Meetings.

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 11 of
 PFI-QA-SOP-05(0) Actions to address risks &
o p portunities

10.0 Records

10.1. FSMS risk register

10.2. FSMS opportunities register
10.3. Corrective & preventive action reports

Issue: A Revision: 0 Effective Date: 30.07.2022 Controlled copy do not duplicate Page 12 of