Scribd Logo
Upload

Welcome to Scribd!

  • Risk Registry: Alexander S. Cochanco, MSIT

    Uploaded by

    Luijim Jose
    89 views30 pages
    Risk Registry for ISO

    Original Title

    Risk Registry

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Risk Registry for ISO

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    89 views30 pages

    Risk Registry: Alexander S. Cochanco, MSIT

    Uploaded by

    Luijim Jose
    Risk Registry for ISO

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    Risk Registry

    Alexander S. Cochanco, MSIT


    Risk-Based Thinking
    Risk-based thinking is presented within the introduction
    of the ISO 9001:2015 standard.
    ISO 9001 has always advocated mitigating and avoiding
    risk; it has implicitly addressed the issue through
    “preventive actions” in previous revisions. ISO
    9001:2015 replaced the term preventive actions with
    “actions to address risks and opportunities”.
    Risks and Opportunities
    A Risk is a positive or negative deviation from the
    expected. Addressing a risk could mean pursuing a
    new opportunity. The better our organization manages
    risks, the better prepared we are to face uncertainties.
    Organizations are required during planning of their
    QMS to address both risks and opportunities.
    Opportunities can include the adoption of new
    customers, products, technology or practices.
    Risks and Opportunities in ISO
    9001:2015
    There are several requirements around risks and
    opportunities throughout the ISO 9001:2015 standard.
    The examples given in the next slides are just some of
    the clauses that in effect mandate risk management.
    Risks and Opportunities in ISO
    9001:2015
    4.4 Quality management system and its processes
    “The overall quality management system (QMS) must
    consider both risks and opportunities as part of its
    core planning process.”

    5.1 Leadership and commitment


    “Those who lead the organization must promote risk-
    based thinking”
    Risks and Opportunities in ISO
    9001:2015
    5.1.2 Customer focus
    “Ensure risks and opportunities that affect customers
    are determined and addressed.”

    6.1 Actions to address risks and opportunities


    “When planning for the QMS, determine and address
    risks and opportunities.”
    Risks and Opportunities in ISO
    9001:2015
    9.1.3 Analysis and evaluation
    “Evaluate the effectiveness of actions taken to
    address risks and opportunities.”

    10.2 Nonconformity and corrective action


    “Update risks and opportunities determined during
    planning, if necessary.”
    How to Address Risks and
    Opportunities
    The ISO 9001:2015 requirements around risk and
    opportunities do not require a formal risk management
    system. However, it does require that we determine what
    they are and how they will be addressed. When
    evaluating risk, it is helpful to use two metrics or
    parameters:
    1. Impact (if the risk occurs, how serious is it?)
    2. Probability (what is the probability of the risk
    occurring?)
    How to Address Risks and
    Opportunities
    Common methods for identifying and addressing
    risks include maintaining a Risk Register, performing
    FMEA (Failure Mode Effects Analysis) or FTA
    (Fault Tree Analysis), using a Probability and Impact
    Matrix, or other risk management exercises.
    Registry of Risks and
    Opportunities
    (NEUST-QMS-F013)
    Categories of Risks and Opportunities
    The category where the identified risk/opportunity
    belongs to. These categories may be the ff:
    • Operational
    • Financial
    • Personnel
    • Client
    • Delivery
    • Infrastructure
    • Outsourced Services
    Risk/Opportunity Description
    A textual description of each risk identified within the
    college/office/unit. Also known as the risk statement.

    The risk statement involve two elements: the event


    itself and the potential positive or negative impact
    of such an event.
    Risk/Opportunity Description
    Examples:
    • Severe weather conditions may impact building
    progress
    • Too much designations may affect the performance
    of a teaching personnel
    • Lack of IT security policies and procedures may
    cause loss of data
    • Flooding may cause loss of important documents
    and IT equipment
    Risk/Opportunity Description
    Examples:
    • Unliquidated expenses may lead to delay in release
    of budget for next activity
    • Lack of employees may lead to delay of operations
    • Lack of recognitions and incentives may lead to
    unhappy employees
    • Lack of trainings and seminars may lead to
    incompetence
    Risk/Opportunity Description
    Examples:
    • Lack of vehicles may lead to failure to provide
    logistics support
    • Delay in release of funds may affect business
    operations
    • Lack of commitment from suppliers may lead to
    delay in deliveries
    • Lack of safety and security measures may lead to
    safety and security issues to students and employees
    Risk/Opportunity Description
    Examples:
    • Improved internet speed may lead to increased
    productivity
    • Improved number of researchers may lead to more
    published researches
    • More partner agencies may lead to more extension
    programs
    • Collaboration with other agencies may lead to more
    generated products and services
    Impact

    A description of the potential impact on the


    college/office/unit as a result of the identified risk.
    Low 0 No to minor harm
    Medium 1 Significant to damaging harm
    High 2 Serious to grave harm
    Impact

    A description of the potential impact on the


    college/office/unit as a result of the identified risk.
    Low 0 No to minor improvement
    Medium 1 Significant improvement
    High 2 Major or great improvement
    Probability

    The estimated probability that a risk will occur at


    some point and become an issue
    Low 0 Unlikely to happen, Infrequent
    Medium 1 Likely, Probable
    High 2 Highly likely, Almost certain, Common
    Probability

    The estimated probability that a risk will occur at


    some point and become an issue
    Low 0 Small chance to seize the opportunity
    Medium 1 Opportunity can be seized but requires
    lot of effort and resources
    High 2 Opportunity can be seized easily or does
    not require much effort or resources
    Significance

    The magnitude or level of the risk.


    Significance = Impact + Probability
    I Insignificant 0-2 Acceptable impact of
    risks; no to minimal
    action needs to be taken
    II Significant 3-4 Actions need to be taken
    (critical) to address risks
    Risk Treatment Option

    An action taken to manage a risk. Treatment options


    include:
    • Reduction – reducing or mitigating the likelihood or
    severity of a possible loss
    • Avoidance – eliminating any exposure to risk that
    poses a potential loss
    • Transfer – transfer risk to another party
    • Acceptance* – acceptance of the identified risk
    Actions to Address Risks/Opportunities

    The task/activity that will be done in order to manage


    or to treat the risk
    Responsibility

    The person(s)/unit(s) responsible for managing risk


    treatment
    Resources

    The resource(s) needed to manage the risk


    Deadline

    The estimated date when the risk treatment will be


    acted upon
    Evaluation Date

    The date when the QMR/IQA/Representative will


    check on the results of the actions taken to treat the
    identified risk
    Evaluation Results

    The results of the evaluation conducted by the


    QMR/IQA/Representative
    Thank you!

    You might also like