If you are leaders, managers, coordinators or supervisors of any area of the organization, it is very likely that, like many, you do not possess a specific qualification for risk management and that you do not even know exactly which methods to use to do this work.
You might even think that this whole business of risk management related to the implementation of the ISO 9001 standard requirements is simply a pain in the neck, unnecessary bureaucracy but...it is not like that and, if you have the patience to follow us, we will explain why.
First of all, let's start by saying that you shouldn't think about risks just because "you have to" get certified according to the ISO 9001 standard and if the quality manager of your company says that you have to start dealing with risks only for this reason, he is wrong. You need to focus on risk management so that your life stops being limited to simply solving problems and you can start working on the projects that are close to your heart for the necessary improvements in your area of expertise.
Risk management is a way of working proactively. You simply need to focus on those things, which you and your team know very well, which seem to work and do not give too many problems but which, sooner or later, could go wrong. Because these are risk factors. It can be processes, work instructions, behaviors or any other problem that you believe may have an impact on your results and the results of your team.
Risk management simply consists of mapping all these things and deciding what to do to prevent them from generating critical situations. Operationally, you simply need to be aware of what could go wrong and remedy it, starting from what is really relevant and requires more attention. The second step to take is to indicate, for each element of the list, how likely it is to generate the feared adverse event, perhaps thinking about how many times it has already happened in the past. The same reflection must be made on how any critical event could affect your work.
For example, there will be situations that, if they occur, can stop the work of many people and others that, while creating problems, will still allow you to work. Based on these two factors (possibility of occurrence and its criticality) it is possible to draw up a simple classification to be sure of following the right priority in remedying the various situations.
If, for example, an adverse event has a very low probability of happening and, in addition, if it were to occur, it would not create big problems, you can serenely put it at the bottom of the list. After having identified what could go wrong and what is the probability that this event will occur, the third and last step to carry out a good risk management is to finally decide on the solutions, what to do to manage risks and opportunities.
The possible decisions to be taken can be four:
- eliminate it completely;
- limit yourself to reducing it because, perhaps, eliminating it completely would cost too much compared to the advantages it would bring;
- outsource it to others outside your company, perhaps to organizations that are more able to manage it;
- accept it. Although it may seem strange, this is a perfectly viable option because no one can force you to deal with a specific risk. It is up to you to evaluate the probability of occurrence and the severity of the potential effects to then make a serene decision. The important thing is that you start a risk analysis that could compromise your work
Once risk management has been set up, it must become a daily commitment. Every time something changes in your processes (a new machine, a new operator, new procedures, new suppliers, etc.) it will be necessary to evaluate any related risks and the same thing will have to be done for the old risks identified to make sure that the situation has not changed. It is worth dwelling on the categories of risks in ISO 9001 certification
The advice we give you so that this way of thinking becomes the normal way of working is simply to pay attention to the things that you find yourself having to solve every day. If, for example, you have a machine that is starting to give some problems and that should be changed but which represents a large expense that you do not want to face now, establish exactly what to do every time a fault occurs again, calculate the time lost and the resources used, make an estimate of the times in which the problem occurs and decide whether or not the game is worth the candle.
In this way the machine that stops will no longer be a problem but will have become a risk to be managed.
Recording the incidence of the problem over time helps to analyze whether the machine needs to be changed and how much the problem affects the results of your company. Even when you have the impression, therefore, that most of the things that those who deal with quality ask you to do are boring and that they have no connection with your work, a simple reflection is enough to understand, instead, that they are precisely the essence!