The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
How to Analyze Risk if is out of your control
UL - Underwriters Laboratories - Health Sciences
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
How to Analyze Risk if is out of your control
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

How to Analyze Risk if is out of your control

Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links

Courtesy Quick Links

Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services

International Quality Services

Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum

Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining

Ajit Basrur
Claritas Consulting, LLC

International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology

Some Related Topic Tags
iso 9001:2015, risk management and analysis
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 6th September 2017, 12:12 PM

Total Posts: 476
Question How to Analyze Risk if is out of your control

Hi everybody

Regarding at addressing the risk

Im thinking to use ishikawa to analyze internal risk, no doubt that I can do a good analysis because things happen into my company and have the information to implement action plans.

By using ishikawa, I consider the risk, I get the possible causes and with that Iimplement the needed actions.

But at analyzing external risks, what analysis I can do, if I dont have enough info to use?

Suppose political risk, commercial agreements in other countries,etc. I dont have control over them.

For that, I cant use my ishikawa, I think what I can do, it is to mention the risk in the list of risk and propose something inside my organization in order to mitigate it.

or maybe I can use ishikawa, and into the bones, to show what bones can help to mitigate the risk.

Do you have any idea as how to manage this issue?


Well, is not only problem of the used method, it applies also if using, FMEA, decision tree, etc.

Sponsored Links
  Post Number #2  
Old 6th September 2017, 12:38 PM
Bev D's Avatar
Bev D

Total Posts: 3,530
re: How to Analyze Risk if is out of your control

you are on the right track for risks you cannot control. The answer is to understand what can happen and then put mitigation plans in place.

Natural disaster - backup systems in case records and documents get destroyed
single source supplier - get two sources in different geographical locations

included in mitigation would be some method for monitoring the likelihood of the risk being realized.
Thank You to Bev D for your informative Post and/or Attachment!
Sponsored Links

  Post Number #3  
Old 6th September 2017, 12:44 PM
Sidney Vianna's Avatar
Sidney Vianna

Total Posts: 8,880
Look! re: How to Analyze Risk if is out of your control

In Reply to Parent Post by QAMTY View Post

Suppose political risk, commercial agreements in other countries,etc. I dont have control over them.
Would you engage with a supplier from North Korea, at present?

If you had one there, wouldn't you be looking for an alternative source?

Geopolitical risks for your supply chain can and should be mitigated; that is, unless you work for a state-owned organization where political cronies, appointed by the government make decisions based on corrupt dealings and, then, you really have no control over supplier decision.

As for external risks that could be totally out of your control, why analyze something you can do NOTHING about it?
Thanks to Sidney Vianna for your informative Post and/or Attachment!
  Post Number #4  
Old 6th September 2017, 02:38 PM
Marc's Avatar

Total Posts: 25,940
re: How to Analyze Risk if is out of your control

I agree with Bev, however in all the discussions of "risk based thinking" and related "risk" discussions, the ISO folks and many hundreds of consultants have, in my opinion, just stirred a pot of "stupid".

Why do I say that? After what is now over 30 years since I was first involved in "quality assurance" (some of you may remember I was a biology major with a chemistry minor in college, so long story of how I ended up in the "business" world), what I have consistently seen a lack of reality in thinking, and a lot of a lack of common sense (e.g.: Common Freaking Sense and Is Common Sense Learned, Taught, Inherent or An Outcome Of Life Experience? ). People are WAY over doing the "risk" thing to the point that people are reacting as if it's new and spending countless, mostly useless hours trying to "meet the requirements of the standard".

If I had a nickel for every hour spent by people in companies all over the world "trying to comply with the standard" producing mostly useless documents, and I shared it with my extended family, which I would were I that rich, as it is with the Walton family of Wal-Mart fame no one in my extended family, as well as generations to come, would ever have to work (as in have a job). Well, maybe not that rich, but I'd have one heck of a chunk of cash... Just a nickel an hour. Think about how much ISO 9001 is costing on a world wide basis just on "risk based thinking" alone.

Think rationally and realistically. For example:
Political risk - OK, put it on a list and simply state it is not something that can typically be predicted and prepared for by 99% of companies. Not to mention, what type of "political risk"? There are many kinds, from over throw of a government to the lesser, but still significant, numerous various potential changes in local/state/federal laws which are typically political rather than data based. And what about wars? What about the Brexit vote?

Commercial agreements in other countries - Again, put it on your list. That is evidence you have considered it which is all the standard requires. You can't even ensure that a commercial agreement (aka contract) within your country will be adhered to so add that as well. Over the years I've seen so any contracts broken for one reason or another that, while not typical, it isn't unusual. Thing is, it can't be predicted for every contract. If it can't be predicted no concrete, reliable plan can be made for it. This is not to mention, think about how many various contracts a company of any size will have. One may say "Well, we could predict a potential that this contract may be broken and planned for..." but think about that for a minute. Can that be said about every contract a company has? And again, Brexit is currently in play as another example...

Natural disaster - Some can be planned for, at least to some degree, but most can't (realistically). How are you going to plan for an earthquake that destroys a production facility? How are you going to do anything to mitigate the total loss of a production facility in a location? Build a "back-up" facility in a location let's say 200 miles away, fully equipped with production equipment, measurement and test equipment (etc., etc.) and let it sit idle as you wait for an earthquake, a flood, a tornado, a hurricane, a forrest fire, a catastrophic dam failure, (etc.) which may or may not ever occur? Or are you going to move everything to a new state (country, whatever) where there is, for example, a low risk of flooding or earthquakes, but a high risk of tornados and/or wild fires? There is no location with no risks.

Single source supplier - Bev's statement is well taken, but not every company can have two sources for every component, every sub-assembly, every raw material, every service. Yes, for some companies it is possible, but for most? I don't think so.
We could produce a 20 page, single spaced list of potential risks in a small company. For a large company one could produce a list of 500 pages (or 1000, or more!) of the potential risks alone, not including an analysis for each.

ISO 9001:2015 only requires "risk based thinking" which companies are doing anyway whether they realize it or not. It doesn't require 100 pages of potential risks, much less an analysis for each.

I do suggest people read through some of the existing "risk based thinking" discussions here -

I also highly recommend that people read through other posts Bev has made, as well as Jennifer and Sidney, about "risk based thinking" compliance to ISO 9001:2015 - Remember - You can search for all posts a specific user has made by simply clicking on their name in any post they make (you will get a "drop down" list with options, one of which is "Find all posts by <Name of the poster>").

Anyway - My Too many people are over thinking the "risk based thinking" requirement and are wasting a heck of a lot of time on unnecessary "work" they think is required to meet the requirements of the standard.

I leave you with the following....

Today we mourn the passing of a beloved old friend - Common Sense

Last edited by Marc; 6th September 2017 at 03:43 PM. Reason: A bit of rewording...
Thank You to Marc for your informative Post and/or Attachment!

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >


Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off

Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Risk Reduction by Risk Control: IEC:62304-Class C Kleibeuker ISO 14971 - Medical Device Risk Management 9 25th June 2017 11:14 PM
How to analyze DOE: 2 Factor, 4 Level Experiment PeterLe Six Sigma 7 25th June 2012 02:30 PM
What to do if no further control possible to reduce the OHS risk? samsung Occupational Health & Safety Management Standards 16 24th December 2010 05:55 AM
PDCA (Plan Do Check Act) vs. DMAIC (Define Measure Analyze Improve Control) AJLenarz Quality Tools, Improvement and Analysis 24 22nd July 2006 01:52 PM
Six Sigma DMAIC (Define - Measure - Analyze - Improve - Control) program Q rex Six Sigma 1 16th July 2001 11:56 AM

The time now is 01:33 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


NOTE: This forum uses "Cookies"