Risk management is a term, that we increasingly come across within the different ISO standards. But what exactly does risk management imply? How far do we have to go to control the risks within our organisation? Question that are being asked during an audit and which are important if you want to be in control as an organisation.

Risk management is the identification and the quantification of risks and the determination of appropriate measurements. Through the assignment of a risk number, for example based on a chance x effect, an organisation can get an overview over the risks which are critical. By measurements activities are meant which influence the probability of the risks and their consequences.

Every single organisation in every single sector faces risks. In order to be successful as an organisation it is essential to have an overview of your risks, to know their impact and to control the risks in the future. In order to identify risks, the organisation needs to link them to the company’s strategy and goals and especially consider the characteristics of the market in which the organisation is active.

Besides of that it is crucial that the measurements are being implemented accordingly within the organisation. That can be to prevent, reduce, outsource or accept the risks. The process definitely doesn’t stop at the implementation of measurements!

Risk management is a continuous process. Risks keep on evolving, which can make new measurements necessary or more important and others redundant.

What are the requirements of the ISO standard?
The ISO 9001 standard doesn’t specifically go into detail how a risk analysis has to be carried out and how detailed. The standard claims no formal methods for the company’s risk management or documented risk management process. However, it says that the organisation can decide itself whether it wants to use another standard or guideline. For example, the ISO 31000. This guideline provides u with leads and indications to implement risk management within the organisation.

Implementing risk management in 6 steps:

  • Step 1: Identify the risks
  • Step 2: Analyse and qualify risks
  • Step 3: Analyse today’s measurements
  • Step 4: Develop and execute action plans
  • Step 5: Measure, control and report
  • Step 6: Integrate results into the decision processes

Do you want to learn more about risk management? Please do not hesitate to contact us via the contact page or sign in for one of our trainings on the field of risk management.