Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015

#41
Re: Risk Management in ISO 9001:2015

Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
 

Helmut Jilling

Auditor / Consultant
#42
Re: Risk Management in ISO 9001:2015

Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
Just apply your common sense and experience with your operations.... If you do complicated "analysis" with Severities, and likelihood, and 5 other categories, and score each one into scores based on 1-10, and do al that, do you really think you are going to come up with variables that are any more "precise" than High, low, medium... or Red-Yellow-Green? I know it seems more "precise," but you are fooling yourself. If you ran a chemical plant I would be suppose of a more statistical analysis. But, you already said your operations are not that risky.
 
#43
Re: Risk Management in ISO 9001:2015

Ok, but what is your criteria to assign values to all what you describe, severity, impact,etc.dont you think that assigning imprecise values you may get as well imprecise risk values?
Do you use a special formula for calculations?
Thanks
I've yet to see a SWOT analysis that needs anything this complex. Once the SWOT has been done, those who created it - the leadership - will see which risks need to be addressed. I really do believe many make far too much of this risk aspect than is really needed.
 

Helmut Jilling

Auditor / Consultant
#44
Re: Risk Management in ISO 9001:2015

I've yet to see a SWOT analysis that needs anything this complex. Once the SWOT has been done, those who created it - the leadership - will see which risks need to be addressed. I really do believe many make far too much of this risk aspect than is really needed.
agree.... trust yourself to make good decisions...
 
#45
Re: Risk Management in ISO 9001:2015

Thanks Helmut

My thinking is this:

To stop using the calculations PxI, since risk values are note precise and the calculation is complex and more time consuming, also registering values on formats and a list register.

Instead, to start to evaluate the risk by using only considering Low med and high, and assigning values as you said, with common sense, (nor numeric values), very easy way for the addressing.

I suppose , by doing it this way, risk value may be about the same, analysis done may be easier to carry out.

Please advice on this.

Thanks
 

Helmut Jilling

Auditor / Consultant
#46
Re: Risk Management in ISO 9001:2015

Thanks Helmut

My thinking is this:

To stop using the calculations PxI, since risk values are note precise and the calculation is complex and more time consuming, also registering values on formats and a list register.

Instead, to start to evaluate the risk by using only considering Low med and high, and assigning values as you said, with common sense, (nor numeric values), very easy way for the addressing.

I suppose , by doing it this way, risk value may be about the same, analysis done may be easier to carry out.

Please advice on this.

Thanks
Yes... that is what I would do... it is a good beginning. See how it works for you.
 
#47
Re: Risk Management in ISO 9001:2015

Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#48
Re: Risk Management in ISO 9001:2015

Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
The risk might never be gone; persons or conditions might revert, even of only for time while behavior changes. Also, a new risk may be introduced by actions to reduce the other. Certainly find a way to recognize effectiveness, even if that is qualitative observation during internal audit. But I would not make firm closure a priority. That would be like my giving myself permission to take my eyes off the road while driving my car.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#49
Re: Risk Management in ISO 9001:2015

Jen
Questions regarding your format for risks:
1 what do you base on to decide the level of risks?
Do you use numerical information? Is qualitative or quantitative?
2 please explain your criteria regarding to when apply actions according to risk value.
3 Do you apply the residual risk practice?
4 what is your criteria to tge closeoupt of risks?
Thanks
"Level" of risks are management determination. It could be customer satisfaction, current events, public image, absolute costs, "death by a thousand cuts" or some other means. As Helmut and Andy have advised, I suggest your management team try to resist numerical criteria. They can be limiting.
 

Helmut Jilling

Auditor / Consultant
#50
Re: Risk Management in ISO 9001:2015

Thanks a lot, Helmut.
My other doubt is criteria for the the risk closeout.
After implement actions to mitigate risks, the residual risk, is low or high?
Well , here again, to use common sense, to decide if risk now is low enough to close it, only by the perception.
Thanks again
Risk actions are not always closed..... you are dealing with potential situations... the only way to close it is to be sure that the root causes have been totally eliminated. That is why the standard refers to “mitigating” risk..... after you have taken the planned actions, assess the remaining risk using the same criteria.... did you significantly reduce or deal with the risk?
 
Top Bottom