Featured Video
This Week in Quality Digest Live

More Videos

Risk Management Features
Lessons From the Merchants of Venice
Loic Sadoulet
The importance of network effects, contractual innovations, and coordination
Fixing a Toxic Culture Requires More Than a New CEO
Katina Sawyer
We can all play a role in creating more inclusive workplaces worldwide
Understanding Risk Management and ISO Standards
Pam Bethune
Risk analysis and management may be the most important activities a company engages in
Inside Quality Digest Live for July 14, 2017
Mike Richman
Accounting for risk; taking advantage of opportunities
Introducing Ergonomics to Operations
Rick Barker
A matter of language and common ground

More Features

Risk Management News
Seven Systems Principles You Need to Know Before Implementing IIoT
If you want to understand a system, try and change it
D. L. Newslow and HACCP International Partner With Ronald Mathis
Mathis will provide business development for HACCP certification in the Americas
NIST Guide Helps Small Businesses Improve Cybersecurity
Explains basic steps businesses can take to better protect their information systems
First International Standard for Sustainable Procurement Nears Publication
ISO 20400 will help companies achieve sustainability goals, improve supplier relations
Implement an Efficient Pharmaceutical Quality Risk Management System
Sept. 28–30, 2016, in Berlin
FAA Finalizes Rules for Small Unmanned Aircraft Systems
Regulations will create new opportunities for business and government to use drones
Keeping Radiation at Bay
Three new ISO standards support monitoring of exposure in the workplace
$4.6 Million Available in Susan Harwood Safety and Health Training Grants
Funds help high-risk, vulnerable workers identify, prevent workplace hazards
Consumer Warranties to Get Standard Treatment
ISO/PC 303 project committee will provide international benchmarks to reduce purchasing risks

More News

Pam Bethune

Risk Management

Understanding Risk Management and ISO Standards

Risk analysis and management may be the most important activities a company engages in

Published: Monday, July 17, 2017 - 12:01

Every company is in business to take risks.

Every action or failure to take action by that company naturally has some form of risk inherent in the process. To survive, a company needs to identify opportunities and take them when beneficial, but the amount of risk must be understood. Whether it’s determining to pursue new markets and make new investments or discontinuing those pursuits, risk is built into the nature of business.

If risk is built into the nature of business, then risk analysis and management may be the most important activities a company engages in. With the recent changes to management systems standards, the concept of risk management has never been more prominent, or had more potential to be misunderstood.

Risk management used to be confined to specific standards around issues such as business continuity (ISO 22301), information security (ISO 27001), and supply chain security (ISO 28001), but now it’s a fundamental concept in quality, health and safety, and environmental standards as well.

So what is risk? Business Dictionary.com defines risk as:
“1. A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action
“2. Finance: The probability that an actual return on an investment will be lower than the expected return. Financial risk is divided into the following categories: Basic risk, Capital risk, Country risk, Default risk, Delivery risk, Economic risk, Exchange rate risk, Interest rate risk, Liquidity risk, Operations risk, Payment system risk, Political risk, Refinancing risk, Reinvestment risk, Settlement risk, Sovereign risk, and Underwriting risk.
“3. Food industry: The possibility that due to a certain hazard in food there will be an negative effect to a certain magnitude.
“4. Insurance: A situation where the probability of a variable (such as burning down of a building) is known but when a mode of occurrence or the actual value of the occurrence (whether the fire will occur at a particular property) is not.
“A risk is not an uncertainty (where neither the probability nor the mode of occurrence is known), a peril (cause of loss), or a hazard (something that makes the occurrence of a peril more likely or more severe).
“5. Securities trading: The probability of a loss or drop in value. Trading risk is divided into two general categories: (1) Systemic risk affects all securities in the same class and is linked to the overall capital-market system and therefore cannot be eliminated by diversification. Also called market risk. (2) Nonsystematic risk is any risk that isn’t market-related or is not systemic. Also called nonmarket risk, extra-market risk, or unsystemic risk.
“6. Workplace: Product of the consequence and probability of a hazardous event or phenomenon.”

Read more here.

So in essence risk is basically the effect of uncertainty on objectives, but in looking to be more succinct we can use the following: The processes of identifying, analyzing and then evaluating whether the risk should be modified or controlled in order to satisfy risk criteria, followed by data-driven application of resources to minimize, monitor and control identified risks and opportunities.

When applying risk management fundamentals from management systems, a company can manage its risk by using the requirements as a guideline, along with such techniques as:
• Risk register
• Analysis of alternatives
• Hazard analysis
• Fault tree analysis
• Failure mode and effects analysis (FMEA)
• Hazard and operability study (HAZOP)
• Risk traceability analysis

Our upcoming webinar, “Fundamentals of Risk Management,” will focus on avoiding risks that need to be avoided, but more than that it is about understanding and taking the right level of the right risk.

Join us as we review review:
• What is risk management and where does it fit in the new standards?
• How does it apply to my business?
• Is it just limited to what happens within our walls?
• What level of action is appropriate?
• Common misconceptions
• Understanding and applying the intent and best practices

The webinar, which I will present and which will be hosted by Quality Digest editor in chief Dirk Dusharme, occurs on Thursday, July 27 at 2 p.m. Eastern, 11 a.m. Pacific. Click here to register.

Discuss

About The Author

Pam Bethune’s picture

Pam Bethune

Pam Bethune is the regional competence manager of the automotive sector for DEKRA. She is a lead auditor for IATF 16949, ISO 9001, ISO 14001, ISO 13485, and OHSAS 18001. Bethune expertise includes change leadership in quality systems, lean manufacturing, and Six Sigma in automotive and pharmaceutical industries. She has a reputation for building and strengthening teams performance in diverse manufacturing and service organizations.