Now that the entire world seems to be in a state of lock-down, governments start to think on how to get to the normal state again. This will have to be based on risk evaluation and a total risk assessment process.

Risk management has a dedicated international standard: ISO 31000. But also in ISO 9001:2015, risk (and opportunity) based thinking was introduced and considered essential for achieving an effective quality management system. It is also included at the bottom of our Management Review template: risks and opportunities.

But what is risk management? The purpose of risk management is to identify hazards with the potential to cause risk to products, processes, customers, people, environment… and to develop a system to control these risks.  Controlling these risks is either eliminating them or reduce them to an acceptable level.

Risk management consists of the following 5 steps:

1. Identify the hazard
2. Decide who may be harmed and how
3. Assess the risk and take action, including the validation
4. Make records of the findings, to demonstrate control and for verification purposes
5. Review the risk assessment

You can see the Deming circle n this: Plan (1 and 2) – Do (3) – Check (4) – Act (5), and here is the clear link with quality. Note that for opportunities you will have to replace a few words: hazard and risk become opportunity, harm by profit and risk assessment by opportunity assessment.

There are different risk assessment methods like brainstorming, FMEA and HACCP (food specific, but the approach is general). There are other risk assessment and risk analysis tools, but let’s focus on these 3.

Brainstorming can help to identify the potential hazards and triggers the next step in the risk management process. This is more a technique than a method as it doesn’t cover all 5 steps. So if this is used, remember that brainstorming itself will not help you to mitigate the risk.

FMEA or Failure Mode and Effect Analysis is a method which facilitates the identification of potential problems in the design or the process.

1. Define the process flow
2. Identify for each step the potential failure mode (what & how, including the probability of occurrence
3. Determine the potential failure effects, the effects that might be experiencec: is there no effect (score 1) or a hazardous effect without warning (score 10).
4. Identify the potential causes, the weaknesses in the design/process
5. Identify the current control measures or the level of detection of failure

2, 3 and 5 make the Risk Priority Number (RPN).
Based on this information, additional actions are defined and the residual RPN calculated: only the probability and detectability can be influenced, not the severity!

HACCP or Hazard Analysis Critical Control Points is mainly used in the food industry, but can be applied in other industries as well.
The approach is also to identify potential hazards and the determination of their severity and probability of occurrence. This gives the risk rating of the potential hazard. Next thing to do is to define the critical limits: from which moment on, the risk comes to an unacceptable level. And the last step is saying what has to be done when that critical limit is surpassed, to make sure the process is back under control and to eliminate the risk or to bring it back to the acceptable level.

Going back to the COVID-19 situation we’re in, it is best to use the FMEA method: keeping the RPN to an acceptable level, there must be more controls in place (increase detectivity) when the control measures are loosened (probability goes up).

You want to have your risk assessment and risk management process reviewed? Than send an e-mail to info@quontinuim.com and we’ll see what we can do for you within our Call-an-Expert program.