Archive for the ‘Risk’ Category

A lot of people miss out on the opportunity to reduce the control over processes based on the sound data they have collected. It is often said that the system shouldn’t stand still and this is no exception, so let’s consider goods inwards for example and the checking of documents, especially certificates.

You might start off checking every one as you know there are always issues with your suppliers. However, as you discuss the issues with them some respond and their performance improves. ( Clearly, if you are not talking to them then not much is going to change so you may have to take that on board first ).

Analysis monyage canstockphoto25967644

The risk is that you still check every one because ‘that’s what we have always done’. You are quite at liberty, based on the hard evidence of your data, to lower the rate of the checking to say 50% on the good ones and monitor to ensure all is still under control. PDCA in operation even! If performance starts to deteriorate, then revert back to 100% and so on.
You could end up with some who never give you a problem so you could reduce the check further to 10% or even zero, all of which releases resources to work on those who, let’s say, need a bit more encouragement. The thing to remember is that you are taking decisions backed by robust data you have collected and not on a whim. If you are not already adopting this approach, why not give it a try?
We all now need to be aware that strategic actions we take in business can impact on this group of people as stated in the upgraded ISO standards. A good example has been the development of, so called, SMART motorways across the UK, something you can identify with I’m sure.


These seemed to have been introduced without that much recourse to the views of motorists and now the RAC have reviewed them in their Motoring 2019 report and stated that 72 percent of motorists are worried about whether or not they would reach the refuge areas. Sadly, we already have reports of motorists that didn’t with fatal consequences.

Now I appreciate that this scenario may not fit the norm for a business planning to make strategic changes in how it operates, but the principle is the same. Consider the implications before making that decision.

As the report stated:
“We need to set the scene at the very start and communicate and consult with our customers, stakeholders or in this case the general public, especially if we want the initiative to be successful”.

Hopefully, the consequences where you work will not be as calamtous.

We all know that Preventive Action was replaced by Risk Based Management when ISO 9001 was updated. However, are you clear on the three levels that need to be assessed?

The top management need to look at the big picture and there is no better way than by means of a SWOT analysis.  Strengths and Weakness in the business and Opportunities and Threats outside the business. Sorted as per one of my previous posts – just search for SWOT.

As for the QMS, it’s a simple risk assessment model on a spreadsheet to score all aspects of the processes. So, we start at Enquiries and go right the way through to Despatch and on-site activities if relevant. The QMS then follows with general aspects such as IT features and Site Services. We simply look at:

  • Frequency – of the process taking place
  • Likelihood – of the process falling over despite current controls
  • Severity – the outcome to the business

It is so simple you will wonder hat all the fuss is about. Once you have set it up you just rescore it as things change. Fair to say that my clients were often dreading tackling risk, but once they see how straight forward this model is then they are all on board.

Finally, and I accept this is more within aerospace and other more demanding standards but still a good control to have in place, you have risk at the order level itself. Are you taking on sizes, materials, specifications or requirements on a drawing that you haven’t done before. If so what are the mitigating actions you will introduce – unless of course you just leave it to run and hope nothing goes bang!

Also remember that another incentive to tackle this is the simple requirement to review mitigating action at the Management Review. I often refer to a ‘rule of three’ within a lot of aspects of a QHSE system and, as you can see, risk is no different.