The ISO 9001:2015 standard places a great deal of emphasis on using risk to drive processes and make decisions. The old mindset of using corrective actions to deal with adverse events has been replaced with the risk-driven approach, aiming to prevent it from happening rather than recovering from it once it happens. For those that are new to risk management, however, this can be a challenging shift.
Not only do business leaders need to understand the latest standards, they need to understand the role of risk and the tools available to them to help manage risk.
This post will consider 5 risk tools that you can use to leverage risk management within your organization.
- Decision Tree: This tool is simple to use and effective. It is a simple map that contains lines that connect possible decision points in a logical order of occurrence. Decision points are typically based on “yes” or “no” questions that represent different deciding factors. This allows users to see which paths lead to the highest risk, and is an effective tool for seeing the effects a single decision point can have on the outcome of a series of events.
- Risk Matrix: The risk matrix is one of the most commonly used risk tools and, like the decision tree, is a simple tool to use. It offers a visual representation, which is perfect for those who prefer visual information rather than large amounts of data. The risk matrix quantifies risk level using tested assumptions about an event—most commonly severity and frequency (probability). Those levels are put on a numerical scale and the given event is plotted in the matrix accordingly. Colors are assigned to different numerical ranges based on personalized algorithms to determine if a risk is acceptable, needs mitigation or needs to be avoided. Risk matrices commonly use bold and symbolic colors like green, yellow and red to prevent confusion, although they can be personalized in whatever way works best for your organization.
- Failure Modes and Effects Analysis (FMEA): FMEA is more of an advanced tool for risk management. It’s designed to identify possible failures during the design phase of a product, that way an organization is made aware of possible issues before the product is even produced. It’s an intricate process, but is favored because it tends to eliminate quality issues before they strike. This tool is beneficial for those companies with products that will be sold to a large market or would have potentially catastrophic events on customers.
- Bowtie Risk: The bowtie risk model is like the decision tree in that it shows potential outcomes for certain events. However, it also includes preventive measures. It is used for events that have low occurrence but are potentially catastrophic. It highlights proactive and preventive measures that can be used to mitigate the risk and prevent the catastrophic event from occurring.
- Risk Register: The risk register is a significant element of risk management. It is not necessarily a tool that is used for assessment or analysis, but rather a way to plan your risk management efforts and manage them over time. The Risk Register has two main components. The first is a library of hazards, which is a reference for containing all of the known hazards in different areas of your business. This is a useful collection of information for using hazards to identify risks. The risk register is a good way to check effectiveness of risk procedures along with the controls implemented as well. The second component is a collection of risk data for all of your processes. All of the data related to risk is in one central place. This provides visibility into critical events since you will have a strong reference point backed by data.
The risk register is a good way to check the effectiveness of your other risk management procedures and the controls you implemented.
Risk is a key aspect in transitioning to ISO 9001:2015, where risk-based thinking is the focus of planning, executing and maintaining a successful quality management system under the standard.
Leveraging risk tools as part of an automated QMS can help you maximize the impact of risk data while minimizing the time and effort necessary to collect and analyze that data. Adopting the technological and ideological advances of quality management will help your organization gain and maintain compliance under the new standard.