Welcome Participants!

RISK MANAGEMENT
TRAINING COURSE
Speaker: Ms. Cynthia Jose
cynthia.e.jose@gmail.com
+63 917 480 4232, +63 920 475 2502

No recording please…
Quality Management System
ISO(QMS)
9001:2015
Quality Management System (QMS)
a set of policies, processes and
procedures required for planning and
execution (production, development,
service) in the core business area of an
organization. (i.e. areas that can impact
the organization’s ability to meet
customer requirements).

No recording please…
 Intended Outcomes/ Results of the
QUALITY MANAGEMENT SYSTEMS

• enhancement
of customer
satisfaction;
• Assurance of
the conformity
to customer
requirements,
and;
• compliance to
applicable
statutory and
regulatory
requirements
 Risk
Effect of uncertainty on an expected result

Note 1 : An effect is a deviation from the expected — positive or negative

Note 2 : Uncertainty is the state, even partial, of deficiency of information related
to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 : Risk is often characterized by reference to potential “events” (as defined in
ISO Guide 73:209, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009,
3.6.1.3), or a combination of these.
Note 4 : Risk is often expressed in terms of a combination of the consequences of an
event (including changes in circumstances) and the associated “likelihood” (as
defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5 : The term “risk” is sometimes used when there is only the possibility of
negative consequences

4
 Terms and Definition
The picture
can't be
displayed.

3.2 risk management

coordinated activities to direct and control an organization with regard

to risk (3.1)

3.4 risk source

element which alone or in combination has the potential to give rise
to risk (3.1)

5
 Removing the specific
“Preventive Action” clause from the standard.

üRequires organizations to adopt risk driven

approach to preventive actions.

üThe new version of ISO 9001 requires

organizations to :
§ assess the issues which affect organization’s ability to
achieve its goals (intended outcomes).
§ determine risks and opportunities

6
Preventive Action vs Risk Management
q One of the key purpose of implementing a quality management system is to
act as a preventive tool.
q As a result the formal requirement related to preventive action is no longer
existing .
q This is being replaced with risk based approach.
Although it is required by the organization to determine and address risks,
there is no requirement for implementing a formal risk management process
q The corrective actions needed for potential non conformities were
incorporated in the clause:
§ Nonconformity and corrective actions (cl. 10.2)
q Preventive measures are also indirectly incorporated the cl. 6.1 for risk based
thinking

7
Risk-based thinking is in:
• Introduction - the concept of risk-based thinking is
explained
• Clause 4 - organization is required to determine its QMS
processes and address its risks and opportunities
• Clause 5 – top management is required to
– Promote awareness of risk-based thinking
– Determine and address risks and opportunities that can
affect product /service conformity
• Clause 6 - organization is required to identify risks and
opportunities related to QMS performance and take
appropriate actions to address them

8 8
Risk-basedRisk-based
thinking isthinking
in: is in:
• Clause 7* – organization is required to determine and provide
necessary resources
• Clause 8* - organization is required to manage its operational
processes
• Clause 9 - organization is required to monitor, measure, analyse
and evaluate the effectiveness of actions taken to address risks
and opportunities
• Clause 10 - organization is required to correct, prevent or reduce
undesired effects and improve the QMS and update risks and
opportunities
• Note, risk is implicit whenever suitable or appropriate is
mentioned (clause 7 and 8)

9 9
What are the relevant clauses of
Risks and Opportunities?
 4 Clause 4.4.1
Context of organization
The organization shall establish, implement, maintain and continually
improve a quality management system, including the processes needed
4.1
Understanding context and their interactions, in accordance with the requirements of the
International Standard.
4.2 The organization shall determine the processes needed for the quality
Interested parties
management system and their application throughout the organization,
4.3 and shall:
Scope
a) determine the inputs required and the outputs expected form these
4.4 processes
QMS
b) determine the sequence and interaction if these processes
c) determine and apply the criteria and methods ( including
monitoring, measurement and related performance indicators)
needed to ensure the effective operation and control of these
processes.
d) determine the resources needed for these processes and ensure
their availability
e) assign the responsibilities and authorities for these processes

11
 4 Clause 4.4.1
Context of organization
Continuation…
4.1
Understanding context

f) address the risks and opportunities as determined in

4.2
Interested parties accordance with the requirements of 6.1;
g) evaluate these processes and implement any changes needed to
4.3
Scope ensure that these processes achieve their intended results;

4.4 h) improve the processes and the quality management system

QMS

Clause 4.4.2
a) maintain documented information to support the operation of
its processes
b) retain documented information to have confidence that the
processes are being carried out as planned.

12
 6 Clause 6.1 Actions to address risks and opportunities
Planning

6.1.1 When planning for the QMS, the organization shall

6.1
Actions to address risks and
consider the issues referred to in 4.1 and the requirements
opportunities
referred to in 4.2 and determine the risks and opportunities
that need to be addressed to:
6.2
Objectives and planning
a) give assurance that the quality management system can
6.3
Planning of changes
achieve its intended result(s);

b) enhance desirable effects;

c) prevent, or reduce, undesired effects;

d) achieve improvement.

13
 Clause 6.1 Actions to address risks and opportunities
6
Planning
6.1.2 The organization shall plan:

a) actions to address these risks and opportunities;

6.1
Actions to address risks and
opportunities b) how to:

6.2 1) integrate and implement the actions into its QMS processes (see 4.4);
Objectives and planning

2) evaluate the effectiveness of these actions.

6.3
Planning of changes Actions taken to address risk and opportunities shall be proportionate
to the potential impact on the conformity of products and services.

Note 1: Options to address risks, taking risk in order to pursue an

opportunity, eliminating the risk source, changing the likelihood of
consequence, sharing the risk, or retaining risk by informed decision.

Note 2: Opportunities can lead to the adoption of new practices,

launching new product, opening new markets, building partnerships,
using new technology and other desirable and viable possibilities to
address the organization’s or its customers’ needs.

14
 Clause 8.1. Operational planning and control
The organization shall plan, implement and control the processes (see
4.4) needed to meet the requirements for the provision of products
8 Operation
and services, and to implement the actions determined in
Clause 6,by:
a) determining the requirements for the products and services;
b) establishing criteria for:
8.1 Operational planning and
control 1) the processes;
2) the acceptance of products and services;
8.2 Requirements for c) determining the resources needed to achieve conformity to the
products and services
product and service requirements;
8.2.1 Customer
d) implementing control of the processes in accordance with the
communication criteria;
8.2.2 Determination of
e) determining, maintaining and retaining documented information to
requirements related to the extent necessary:
products and services
1) to have confidence that the processes have been carried out
8.2.3 Review of
requirements related to
as planned;
products and services 2) to demonstrate the conformity of products and services to
8.2.4 Changes to their requirements.
requirements for products
and services The output of the planning shall be suitable for the organization’s
operations.
The organization shall control planned changes and review the
consequences of unintended changes, taking action to mitigate any
adverse effects, as necessary.
The organization shall ensure that outsourced processes are
controlled (see 8.4).
15
 Clause 9.1.3
9
Performance The organization shall analyse and evaluate appropriate data
Evaluation
and information arising from monitoring and measurements.
9.1
Monitoring, measurement,
The results of analysis shall be used to evaluate.
analysis and evaluation
a) Conformity of products and services;
9.1.2
b) the degree of customer satisfaction;
Customer satisfaction
c) The performance and effectiveness of the quality
9.1.3
management system;
Analysis and evaluation
d) if planning has been implemented effectively;
9.2 e) the effectiveness of actions taken to address risks and
Internal audit
opportunities;
9.3
Management review
f) the performance of external providers;
g) the need for improvements to the quality management
9.3.1
General system.
9.3 .2
Note: Methods to analyse data can include statistical
Management review input
techniques.
9.3.3
Management review output

16
 Clause 10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from
10 complaints, the organization shall:
Improvement
a) react to the nonconformity and, as applicable;
10.1
1) take action to control and correct it;
General 2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the
nonconformity, in order that it does not recur or occur
10.2 Nonconformity and
corrective action

10.3
elsewhere, by:
Continual improvement
1) reviewing and analysing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could
potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) update risks and opportunities determined during
planning, if necessary;
f) make changes to the quality management system, if necessary.
Corrective actions shall be appropriate to the effects of the
nonconformities encountered.
17
 Activity : Audit Trailing (Risks and Opportunities)

PLAN
DO
8.1- Actions implemented
4.1 Internal /External 8.7 Nonconformity 6.1 – R&O Identified and and controlled
of Outputs
issues list/SWOT Planned

4.2 Needs and 10.2 Corrective Action

Expectation of Report/ Evidence
Interested parties
6.2 Objectives/ CHECK 9.1.3.e Actions are
monitored
Performance
matrix/list
Monitoring Report
9.2 Audit Report 9.3 Management Review Minutes
- Performance
4.4.1f) address R&O - Improvement plan
determined in 6.1 - Results of the effectiveness of
7.0 Resources- action on Risks and
determine provide Opportunities
6.3 Change
management form and maintain
(Doc Change from,
4M)
ACT
10.3 Continual
10.2.1e) Update risks and Improvement
opportunities determined Program
during planning, if - Reorganization
necessary; (Org Chart)
- -Doc Masterlist
19

Process (Clause 6)
Internal/ External context
Risk Management Process
Control
What can
Developing Risk Criteria •Analysis of
Determine Roles and happen, where,
Responsibilities workflows and
how and why processes
(including
Stakeholders) •List risks and
1 causes
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4 Compare against
implementing risk criteria;
5 •Adequacy
treatment plans Identify and assess of
6 options; controls
Accept Decide on •Action
,Control/Mitigate response;
Emergency Plan, Establish priorities
Insurance, Waivers,
Contracts
20

Internal context

• Can also be defined as anything within the

organization that may influence the way in which
the organization manages its internal risks.

• The TECOP (technological, economic, cultural,

organizational, political) factors can help identify
internal cotext factors in the analysis.
 TECOP

T E C O P
• Technological • Economic • Culture • Organizational • Political
• material, • behavior, • objectives, • governance,
• viability, attitude, e.g. policies,
equipment, profitabilit decision-
absenteeism, standards,
know-how, y, cash tardiness, procedures
making,
skills demographic problem
flow solving
 The external context
• consists of the organization’s immediate operations and
how they affect its performance and decision-making.

• These factors have a direct impact on the success of the

organization.

• It is important to conduct a full analysis of the micro-

environment before moving to strategy development

• PESTLE (Political, Economic, Social, Technological, Legal,

Environmental)

22
 PESTLE

p E S T L E
• Political • Economic • Legal • Environmenta
• Social l
•Technological • laws ,
• national, • growth, • population • new • climate,
local inflation, demographi regulation
materials, weather,
governance cs, trends
interest innovations, earthquak
advancement
rates in e fault
equipment, proximity
and
processes
Activity 2

Do your SWOT analysis…

INTERNAL ISSUES STRENGTH WEAKNESSES

Information Technology

TECHNOLOGICAL
FACTORS R&D

Equipment

Cash Flow
ECONOMIC
Capital Reserves
FACTORS
Viability
Demographics

CULTURAL
Collective Attitude

Capabilities

Policies/
standards/guidelines
ORGANIZATIONAL
FACTORS

Strategies

Management systems

Structures
Objectives.
Governance
POLITICAL FACTORS Decision Making Systems
Roles and Accountabilities

25
 Do your SWOT analysis…
EXTERNAL ISSUES OPPORTUNITIES THREATS

POLITICALFACTORS Legislation

Exchange rate
Economic
Business Activity

TECHNOLOGICAL New and innovative

FACTORS technologies

Health and Safety

LEGAL FACTORS
Equal Opportunities

Weather

ENVIRONMENTAL
FACTORS Ecological factor

26
27
Activity 2

Interested Parties

1) Define your interested parties

2) Determine needs and expectations
3) Use the format below
Interested Party(ies) Needs and Expectations
28

Process (Clause 6)
Internal/ External context
Risk Management Process
Control
What can
Determine Roles and
Developing Risk Criteria happen, where, •Analysis of
Responsibilities workflows and
how and why processes
(including
Stakeholders) •List risks and
1 causes
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4 Compare against
implementing risk criteria;
5 •Adequacy
treatment plans Identify and assess of
6 options; controls
Accept Decide on •Action
,Control/Mitigate response;
Emergency Plan, Establish priorities
Insurance, Waivers,
Contracts
 RISK

• Effect of uncertainty on intended results

RISK = Likelihood x Severity

(Probability) (Consequence)
 Risk Likelihood
(Quality, products/Services)
Value of possibility of a risk
Rating Intensity Description Frequency indication

1 never Seldom or never occurred Once in several years

2 rare Rarely occurred More or less once in a year
3 occasional Sometimes occurred More or less once in a month
4 Often Relatively often occurred More or less once in a week
5 frequent Frequently occurred Almost everyday
 Risk Severity
(Quality, products/Services)
Impact level as a consequence of a risk
Rating Intensity Description indication
1 Nothing or No of negligible damage Very minor product and
negligible services impact
2 slight Slight operations, delivery , Operational delay, increase in
service disturbance, cost, complaints
suffering , discomfort
3 medium Medium operations, Delay in business activity or
delivery , service revenue
disturbance, suffering ,
discomfort
4 serious Serious operations, delivery Reduction in business activity
, service disturbance, or revenue
suffering , discomfort
5 catastrophic Severe operations, delivery Loss of customer, massive
, service disturbance, loss, legal problems
suffering , discomfort
 Opportunity Likelihood
(Quality, products/Services)
Value of possibility of Opportunity
Rating Intensity Description
1 Impossible No possibility or chance of
success.
2 Nearly Doable but no chance of
impossible success
3 Slight chance With chance of success but
entails massive resources
4 High Possibility Doable and feasible
5 Sure/Definite Very minimal change of
failure; Guaranteed success
Frequency indication
Very high resources needed,
strong competition
Situation or CBA or policies will
not allow
Doable, with possibility or
approval ; with available
resources
Situation or CBA or policies
guarantees good impact or
return; Situation, budget and
return within expectation
Situation, budget and return
exceeds exoneration
 Opportunity Severity
(Quality, products/Services)
Success level as a result of positive risk, or
opportunity
Rating Intensity Description indication
1 Nothing or No or negligible benefit No impact on objectives; no
negligible visible gain or benefit
2 Minor With minimal benefit or Minor impact on objectives;
success slight gain or benefit
3 Good Acceptable benefit Good or positive impact on
objectives; good gain or
benefit
4 Very good Success with good return Significant positive impact on
or benefit objectives; vey good gain or
benefit
5 Excellent Success with massive Breakthrough impact on
benefit objectives; excellent gain or
benefit
 Acceptable Risk

• Risk that has been reduced to a level that can

be tolerated by the organization having regard
to its legal obligation and its own QMS policies
 Risk acceptance

A risk may be accepted for the following reasons:

• The cost of treatment far exceeds the benefit, so
that acceptance is the only option (applies
particularly to lower ranked risks)
• The level of the risk is so low that specific
treatment is not appropriate with available
resources
• The opportunities presented outweigh the threats
to such a degree that the risks justified
• The risk is such that there is no treatment available,
for example the risk that the business may suffer
storm damage.

35
36

Residual risk definition

• The threat a risk poses after considering

the current mitigation activities in place
to address it, and can be an important
metric for assessing overall risk
appetite.
 Risk Evaluation Matrix
Likelihood of Occurrence

1 2 3 4 5
never rare occasional often frequent
1 Nothing or 1 2 3 4 5
negligible
Consequence
Severity of

2 slight 2 4 6 8 10
3 medium 3 6 9 12 15
4 serious 4 8 12 16 20
5 catastrophic 5 10 15 20 25
 Risk Classification
Category Risk Classification Description Measures Remarks
Rating
Ordinary work
Potential risk does
practice, QMS No reduction
L 1-11 acceptable not have serious
training and shall measures required
impact to QMS
be implemented
Reassessment
shall be done to
Potential risk may Risk reduction
confirm the risk
have undesirable measures shall be
M 12-19 undesirable
impact to QMS established and
becomes
acceptable by the
implemented
risk reduction
measures
Reassessment
shall be done to
Risk reduction
Potential risk may confirm the risk
measures shall be
have serious impact becomes
H 20-25 unacceptable
to QMS
established and
acceptable by the
implemented
risk reduction
measures
39

Process (Clause 6)
Internal/ External context
Risk Management Process •Analysis of
Risk
Control workflows and
Identification
Developing Risk Criteria processes
Determine Roles and What can •List risks and
Responsibilities happen, where, causes
(including how and why
Stakeholders)
1
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4 Compare against
implementing risk criteria;
5 •Adequacy
treatment plans Identify and assess of
6 options; controls
Accept Decide on •Action
,Control/Mitigate response;
Emergency Plan, Establish priorities
Insurance, Waivers,
Contracts
40

Risk Terminologies
• A risk is the effect of uncertainty to objectives;
may be positive or negative; deviation from
expected
• A risk source (or cause) has the potential,
alone or in combination, to give rise to risk,
• An event is the occurrence or change of a
particular set of circumstances
• A consequence (or effect) is the outcome of an
event affecting objectives
41

Structured Risk Description

• A structure description of a risk which
separates cause, risk event and effect

“ As a result of < existing condition or definite

cause>, < uncertain event> may occur, which
would lead to < effect on objectives>
 CAUSE & EFFECT

WHY? WHY?

Risk
Cause Effect
Event

Minimum of two(2) parts

Attempt to get to the third part!!
Structured Risk Template
? Risk ?
Cause Event Effect

Definite events or Uncertain Unplanned

set(s) of events or set(s) variations from
circumstances that of circumstances objectives, either
exist in the that, if they positive or negative,
environment and occur, would which arise as the
which give(s) rise affect result of risks
to uncertainty objectives occurring

As a result of <cause >, <uncertain event>

may occur, which would lead to <effect on objective(s)>
 Risk Statement (Step-by-Step)
Let’s identify and write risk using our template
• Use the following STEPS (working backwards)
1) Identify your objective/target
2) What is a potential impact of any issues on your target
(EFFECT); NEGATE your objective
3) What issue may cause that impact (EVENT)
4) What may be reason for the issue or event (CAUSE)
5) Write your risk statement using the template
The picture can't be displayed.
 Example
Let’s identify and write risk using our template
• Use the following STEPS (working backwards)
1) Identify your objective/target
Objective: On time customer service:
2) What is a potential impact of any issues on your target (EFFECT)
Impact: Delay on customer service
3) What issue may cause that impact (EVENT)
customer request was not forwarded timely
4) What may be reason for the issue or event (CAUSE)
Poor network connection
5) Write your risk statement using the template
“ As a result of < poor network connection>, < late forwarding of customer
request > may happen, which would lead to < delay in customer service>
 USING THE 6M in the
Risk Identification Process

Risk
Cause Event Effect
WHY? WHY?

MAN MAN
MACHINE MACHINE
MEASUREMENT MEASUREMENT
MATERIAL MATERIAL
METHOD METHOD
MILIEU MILIEU
(ENVIRONMENT) (ENVIRONMENT)
 Example

1) Identify your 2) What is a 3) What issue 4) What may be reason

objective/target potential impact of may cause that for the issue or event
any issues on your impact (EVENT) (CAUSE)
target: NEGATE:
(EFFECT)
To deliver on Delayed delivery of request not poor network
time customer customer service forwarded connection
service (3 timely
working days)

5) Write your structured RISK STATEMENT

As a result of poor network connection, late forwarding of customer request may

happen which would result to delay in customer servicing
48
Activity 3

IDENTIFY RISKS
1) Let’s go back to our SWOT analysis and
identify possible risks (pick 3)
2) Analyze your process and identify 2
potential risks
3) Use the structures Risk Statement to define
Risks
Welcome to day 2!
RISK MANAGEMENT
TRAINING COURSE
Speaker: Ms. Cynthia Jose
cynthia.e.jose@gmail.com
+63 917 480 4232, +63 920 475 2502

No recording please…
 Welcome to day 2- RECAP

• Basic concept of Risks and Opportunity

• Relative clauses of ISO 9001:2015
• ISO 31000: 2018
• Identifying Risks and Opportunities
– Context, Scope and Criteria
– Risk Assessment (Identification)
• Structured Risk Statement
 The Risk and Opportunity
Register

Let’s populate our Risk and Opportunity

Register!!!
52

Process (Clause 6)
Internal/ External context
Risk Management Process
Control
What can
Developing Risk Criteria •Analysis of
Determine Roles and happen, where,
Responsibilities workflows and
how and why processes
(including
Stakeholders) •List risks and
1 causes
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4 Compare against
implementing risk criteria;
5 •Adequacy
treatment plans Identify and assess of
6 options; controls
Accept Decide on •Action
,Control/Mitigate response;
Emergency Plan, Establish priorities
Insurance, Waivers,
Contracts
 CONTROL MEASURES

• Action taken in order to control and reduce

risk to acceptable level

• Hierarchy of Control Measure

• Let’s identify our controls and populate or

R&O Register!
Eliminating and Reducing Risks

• Eliminate risks

• Reduce the Risk

• Substitution
• Isolation

• Engineering/Technology

• Administrative – policies, rules,

guidelines, training, operational,
management controls, assessment
examinations, monitoring plans,
periodic reviews

No recording please…
55

Process (Clause 6)
Internal/ External context
Risk Management Process
Control
What can
Developing Risk Criteria •Analysis of
Determine Roles and happen, where,
Responsibilities workflows and
how and why processes
(including
Stakeholders) •List risks and
1 causes
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4
implementing risk Compare against
5 •Adequacy
treatment plans criteria;
of
Identify and assess
6 controls
Accept options;
•Action
,Control/Mitigate Decide on
Emergency Plan, response;
Insurance, Waivers, Establish priorities
Contracts
 Risk Classification
Category Risk Classification Description Measures Remarks
Rating
Ordinary work
Potential risk does
practice, QMS No reduction
L 1-11 acceptable not have serious
training and shall measures required
impact to QMS
be implemented
Reassessment
shall be done to
Potential risk may Risk reduction
confirm the risk
have undesirable measures shall be
M 12-19 undesirable
impact to QMS established and
becomes
acceptable by the
implemented
risk reduction
measures
Reassessment
shall be done to
Risk reduction
Potential risk may confirm the risk
measures shall be
have serious impact becomes
H 20-25 unacceptable
to QMS
established and
acceptable by the
implemented
risk reduction
measures
57

Risk Evaluation
• The purpose of risk evaluation is to support decisions. Risk
evaluation involves comparing the results of the risk analysis
with the established risk criteria to determine where additional
action is required. This can lead to a decision to:
— do nothing further;
— consider risk treatment options;
— undertake further analysis to better understand the risk;
— maintain existing controls;
— reconsider objectives.
58

Process (Clause 6)
Internal/ External context
Risk Management Process
Control
What can
Developing Risk Criteria •Analysis of
Determine Roles and happen, where,
Responsibilities workflows and
how and why processes
(including
Stakeholders) •List risks and
1 causes
Determine
•Probability
Selection of risk 2 controls; Estimate
•Consequence
treatment option; 3
level of risk
•Ranking Score
Preparing and
4
implementing risk Compare against
5 •Adequacy
treatment plans criteria;
of
Identify and assess
6 controls
Accept options;
•Action
,Control/Mitigate Decide on
Emergency Plan, response;
Insurance, Waivers, Establish priorities
Contracts
 q Risk Treatment
3) Treat the risks
(Clause 6.5)

• Risk treatment is about considering options for

treating risks that were not considered
acceptable or tolerable at Step 5.

• Risk treatment involves identifying options for

treating or controlling risk, in order to either
reduce or eliminate negative consequences, or to
reduce the likelihood of an adverse occurrence.
Risk treatment should also aim to enhance
positive outcomes.

59
Options for risk treatment:

identifies the following options that may assist in

the minimization of negative risk or an increase
in the impact of positive risk.
1- Avoid the risk (risk avoidance )
2- Change the likelihood of the occurrence
3- Change the severity or impact (mitigating action )
4- Share the risk/Transfer the risk
5- Retain the risk ( contingency plan )

60
61
Risk Treatment Plan
• The information provided in the treatment plan should include:
— the rationale for selection of the treatment options, including the expected benefits to
be gained;

— those who are accountable and responsible for approving and implementing the
plan;

— the proposed actions;

— the resources required, including contingencies;

— the performance measures;

— the constraints;

— the required reporting and monitoring;

— when actions are expected to be undertaken and completed.
 The Risk and Opportunity
Register

Let’s populate our Risk and Opportunity

Register!!!
 DOCUMENTATION and
COMMUNICATION of R&O
• Prepare orderly and clearly

• Signed and approved by management

• Communicated, made understood by all

relevant personnel/people
 Review of R&O

• WHAT OTHER OCCASION or

INSTANCES Should you go back and
review or update Risk and Opportunity
Register?
• R&O process must be sustainable
• Reviewed and kept updated
• No necessity if existing still in accordance
with the task
65

SUMMARY
• Let’s summarize together our learning
for this training course
• ISO 31000:2018
• Risk and Opportunity
• Risk and Opportunity Matrix
• Treatment of Risk
Q&A
The picture can't be displayed.

Speaker: Ms. Cynthia Jose

cynthia.e.jose@gmail.com
+63 917 480 4232 (Globe), +63 920 475 2502 (Smart)