Risk Rating approaches (OHSAS 18001 - For Office Environments)

Risk prioritization by:

  • a matrix approach, requiring scoring and grading of risk

    Votes: 2 66.7%
  • A line in the manual that acknowledges prioritization is considered in mitigating actions

    Votes: 1 33.3%

  • Total voters
    3
P

Peter West

#1
Dear Cove

I searched through the threads and sure this has been covered in some form but couldn't find it.

We are developing our H&S management system to OHS&S 18001 for international launch, and following a gap analysis of the system i noted that we do not prioritize identified risk - we simply outline the control and the timeline for the corrective action.

We have 2 options -

The matrix approach scoring risk based on likelihood and severity then grading it low, medium and high (with associated guidelines for control actions and timelines).

A line in the procedure, and within training that states 'mitigating actions borne of risk assessments consider the risk (its severity and its likelihood) and provide for it accordingly, primarily through the deadline for corrective action'.


Each have their pros and cons but as we are a simple office set up with standard hazards across the world (no extraordinary hazards identified) I think the second option is the most effective.


Please can you consider and let me know what you think?
 
Last edited by a moderator:
Elsmar Forum Sponsor

kgott

Quite Involved in Discussions
#2
Re: Risk Rating approaches (OHS&S 18001 -For Office Environments)

Dear Cove

The matrix approach scoring risk based on likelihood and severity then grading it low, medium and high (with associated guidelines for control actions and timelines).

Please can you consider and let me know what you think?
In my opinion, the matrix approach has the advantage of being more likely to result in a more uniform interpretation and application across your organization/s. This in turn is more likely to reduce variation in the assessment of risk and in the application of suitable controls.

You can build into your procedure; a requirement, that any corrective/preventative actions (controls) are to be verified to be effective using some kind of metric such as number of unwanted events associated with the selected control vs the number of times the chosen control is applied, over a 12 month period for example.

Where the control is found to be in-effective, other potential controls can be evaluated and applied until one is found to be effective using the metric you select.
 

somashekar

Staff member
Super Moderator
#3
Dear Cove

I searched through the threads and sure this has been covered in some form but couldn't find it.

We are developing our H&S management system to OHS&S 18001 for international launch, and following a gap analysis of the system i noted that we do not prioritize identified risk - we simply outline the control and the timeline for the corrective action.

We have 2 options -

The matrix approach scoring risk based on likelihood and severity then grading it low, medium and high (with associated guidelines for control actions and timelines).

A line in the procedure, and within training that states 'mitigating actions borne of risk assessments consider the risk (its severity and its likelihood) and provide for it accordingly, primarily through the deadline for corrective action'.


Each have their pros and cons but as we are a simple office set up with standard hazards across the world (no extraordinary hazards identified) I think the second option is the most effective.


Please can you consider and let me know what you think?
OHSAS 18002:2008 (guidelines for implementing OHSAS 18001:2007) gives you comparisons of some examples of risk assessment tools and methodologies in the informative Annex D.
It compares 7 tools that can be used.
 
M

mparus1

#4
Does anyone have a FMEA like ( RPN rating based) tool such as an excel spreadsheet they can share for Risk and Hazard ratings and reduction activities they can share?
 

kgott

Quite Involved in Discussions
#5
Dear Cove


We are developing our H&S management system to OHS&S 18001 for international launch, and following a gap analysis of the system i noted that we do not prioritize identified risk - we simply outline the control and the timeline for the corrective action.

We have 2 options -

The matrix approach scoring risk based on likelihood and severity then grading it low, medium and high (with associated guidelines for control actions and timelines).

and provide for it accordingly, primarily through the deadline for corrective action'.
?
Does your risk assessment matrix have a guidleines or rules for each of scores in the risk assessment? Such a set of guideliens or rules advise what actions to take for each 'score' your risk matrix gives. Your risk matrix is your guiding document. If you act in accordance with the risk matrix you can prove probity and due diligence.

See the section Management Controls and Response in the attachment.

"'mitigating actions borne of risk assessments consider the risk (its severity and its likelihood)."

I dont have a problem with this but, in my opinion, its written in a complicated way but its really not necessary to have this sentence.
 

Attachments

kgott

Quite Involved in Discussions
#7
Dear Cove

I searched through the threads and sure this has been covered in some form but couldn't find it.

We are developing our H&S management system to OHS&S 18001 for international launch, and following a gap analysis of the system i noted that we do not prioritize identified risk - we simply outline the control and the timeline for the corrective action.

We have 2 options -

The matrix approach scoring risk based on likelihood and severity then grading it low, medium and high (with associated guidelines for control actions and timelines).
If you use this approach, you have a defined and consistent method for assessing risk and likelihood. Your risk matrix determinations of risk will then indicate the sorts of actions to take. Actions taken are comensurate with the risk, eg high risk issues are to be dealt with more urgently than low risk issues.

Using the risk matrix approach will achieve a more consistent approach to determining solutions and setting priority for managing issues.
 
Thread starter Similar threads Forum Replies Date
B Third Party Service Provider Risk Rating Spreadsheet Risk Management Principles and Generic Guidelines 1
S OHS Risk Analysis - What does the 'Risk Rating' refer to? Total or Residual? Occupational Health & Safety Management Standards 5
F Method for aggregating individual RPNs and determining an overall risk rating? FMEA and Control Plans 3
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 0
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk managment report of Surgical Mask Example ISO 14971 - Medical Device Risk Management 14
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
M Estimating the benefit-risk ration under MDR EU Medical Device Regulations 1
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
G Any good examples of CAPA forms that include a risk based approach? ISO 13485:2016 - Medical Device Quality Management Systems 8
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 15
Tagin Is SARS-CoV-2/COVID-19 on your risk register? Misc. Quality Assurance and Business Systems Related Topics 11
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 3
DuncanGibbons Classification of aerospace parts depending on their risk and criticality etc. Federal Aviation Administration (FAA) Standards and Requirements 3
D Performance specification as a Risk Control Measure, EN 14971 ISO 14971 - Medical Device Risk Management 7
M Risk Classification For Supplier - Clinical Research Organisation (CRO) Supply Chain Security Management Systems 3
Sidney Vianna IAQG SCMH explains "positive risk"..........but does it? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0

Similar threads

Top Bottom