There’s a widespread misconception going around about risk management. It’s something you see in the food and beverage industry, as well as others where risk management is still a relatively new concept.
It’s a mistake that can mean the difference between identifying a problem and solving it, and ultimately, one that has a significant impact on consumer safety.
The problem? It’s thinking that risk assessment is the same thing as risk management. Let’s take a look at the difference, plus how you can better automate risk management and incorporate it into your everyday work.
What is Risk?
Risk is defined as probability multiplied by impact. Taking these two elements into account helps decide the most efficient way to allocate resources. For example, you wouldn’t spend a million dollars to prevent a blister, but you might do so to prevent a chemical explosion. Even though a blister might be more likely to occur, the impact is low, compared to a less likely chemical explosion that has potentially fatal impacts.
One common form of risk assessment is the risk matrix. The risk matrix plots severity and probability on separate axes, creating a region of high risk at one corner and low risk at the opposite corner.
Based on where your company draws the line between acceptable and unacceptable risk, you can use the risk matrix to decide when a given hazard requires remedial action.
If you’ve ever used one, you know what a useful tool a risk matrix can be. The problem is, it’s not enough. Not on its own, at least.
Risk Management: A Closed-Loop Process
If you’ve got software that lets you leverage tools like a risk matrix, that’s great. The key is to use those tools within the larger context of a closed-loop risk management process.
Key steps in the process include:
- Hazard identification
- Risk assessment
- Control implementation
- Making adjustments
These steps fit into the plan-do-check-act approach to continuous improvement. From a risk management perspective, risk management isn’t an isolated activity, but rather a closed-loop process that ensures continuous risk reduction.
In practical terms, it means that it’s not enough to do a risk assessment on a nonconformance and then mark it done once the corrective action is complete. You have to find out whether that action was actually effective. And if not, you need to feed it back into the start of the cycle.
Using the FSMS to Close the Loop
An integrated Food Safety Management System (FSMS) can give you the tools you need to create a robust risk management process. Let’s look at how the FSMS comes into play at each step.
- Hazard identification: All hazards or potential sources of risk are compiled into a centralized Risk Register, making it easy to get a complete view of risk across the organization at any time.
- Risk assessment: This is where tools like your risk matrix come in, providing a quantitative method for assessing whether a hazard requires a control. Assigning a risk level to items like hazards, nonconformances and corrective action requests also makes it easy to filter out high-risk problems.
- Control implementation: Corrective Action tools help you identify the root cause of the risk so you can pinpoint the right control needed. Linking individual hazards to controls in the Risk Register also lets you see where gaps exist.
- Making adjustments: After you’ve corrected the problem, you need to see whether it actually worked. Before closing a corrective action, you can determine whether to take further action by calculating residual risk. Proactive monitoring tools like dashboard alerts can also help you monitor the results in real-time and make course corrections as necessary.
Ultimately, a risk assessment just tells you one part of the picture. Risk management ensures what you do with that risk assessment actually has an impact on reducing risk exposure to your organization and consumers.