2. OBJECTIVES
• By the end of this session, you will be able to:
– Understand risk management
– Understand risk based thinking
3. IDENTIFYING AND
ADDRESSING RISK
• Organisations are required to:
– Identify the risks
– Address such risks
• Options to address risks:
– Risk avoidance
– Risk mitigation
– Risk acceptance
4. RISK
“Risk is often thought of only in the
negative sense. Risk-based thinking can
also help to identify opportunities, which
should be considered to be the positive side
of risk.”
6. 3. What is risk-based thinking?
• Risk-based thinking is a
process of addressing both
risk and opportunities as a
basic for increasing the
effectiveness of the quality
management system,
achieving improved results and
preventing negative effects on
the achievement of an
organization’s strategic and
operational objectives. 6
7. .
• Risk-based thinking is
something we all do
automatically in
everyday life.
• Example: If I wish to
cross a road I look for
traffic before I begin. I
will not step in front of
a moving car.
What is risk-based thinking?
8. What is risk-based thinking?
• In ISO 9001:2015 risk is
considered from the
beginning and throughout
the standard, making
preventive action part of
strategic planning as well
as operation and review.
7
9. Risk-based thinking is already part
of
the process approach.
• Example: To cross
the road I may go
directly or I may
use a nearby
footbridge. Which
process I choose
will be determined
by considering the
risks.
10. • Risk is commonly
understood to have
only negative
consequences;
however the effects
of risk can be either
negative or positive.
mbustamanIA
B
10
11. • Opportunity is not always directly
related to risk but it is always
related to the objectives. By
considering a situation it may be
possible to identify opportunities
to improve.
11
12. •Risk is the possibility of events or
activities impeding the
achievement of an organization’s
strategic and operational objectives.
It is the volatility of potential
outcomes. Risk can be defined by
two parameters
• Severity (This is the Seriousness
of the harm)
•Probability (This is the
Probability that the harm will
13. Why use risk-based thinking?
• builds a strong knowledge base
•establishes a proactive culture
of improvement
•assures consistency of quality
of goods or services
•improves customer confidence
and satisfaction
13
14. How do we do it?
• 1. Use a risk-driven approach
in your organizational
processes.
• Identify what YOUR risks
and opportunities are – it
depends on context
If I cross a busy road with many fast-moving
cars the risks are not the same as if the road
is small with very few moving cars. It is also
necessary to consider such things as
weather, visibility, personal mobility and
specific personal objectives.
14
15. 2. Analyse and prioritize your risks
and opportunities
• What is acceptable,
• what is unacceptable?
• What advantages or disadvantages are there
to one process over another?
• Example
• Objective: I need to safely cross a road
to reach a meeting at a given time.
• It is UNACCEPTABLE to be injured.
• It is UNACCEPTABLE to be late.
15
16. • 3. Plan actions to address
the risks
• How can I avoid or
eliminate the risk? How
can I mitigate risks?
• Example: I could eliminate risk of injury by
using the footbridge but I have already
decided that the risk involved in crossing the
road is acceptable.
16
17. 4. Implement the plan – take the
action
• Example
I move to the side of the road, check
there are no barriers to crossing and
that there is a safe place in the centre of
the moving traffic.
I check there are no cars coming.
I cross half of the road and stop in the
central safe place.
I assess the situation again and then
cross the second part of the road.
17
18. 5. Check the effectiveness
of the actions - does it
work?
18
19. 6. Learn from experience -
continual improvement..
19
20. • To limit the risk I revise and improve my
process by using the footbridge at these
times.
• I continue to analyse the effectiveness of
the processes and revise them when
the context changes.
• I also continue to consider
innovative opportunities:
• - can I move the meeting place so that the
road does not have to be crossed?
• - can I change the time of the meeting so
that I cross the road when it is quiet?
• - can we meet electronically?
20
21. Conclusion
• risk-based thinking is not new
• risk-based thinking is something you do
already
• risk-based thinking is continuous
• risk-based thinking ensures greater
knowledge and preparedness
• risk-based thinking increases the
probability of reaching objectives
• risk-based thinking reduces the
probability of poor results
• risk-based thinking makes prevention a
habit 21
22. 22
ISO 9001 REQUIREMENT
Clause No Requirement
4.4.1 (f)
Quality management system and its processes shall Address the risks and opportunities as determined in
accordance with the requirements of 6.1.
5.1.1 (d) Leadership shall Promote the use of the process approach and risk-based thinking
5.1.2
Customer Focus -Ensure the risks and opportunities that can affect conformity of products and services and
the ability to enhance customer satisfaction are determined and addressed
6.1.1
While planning determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) enhance desirableeffects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
6.1.2
The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1)integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
9.1.3 Analysis and evaluate the effectiveness of actions taken to address risks and opportunities;
9.3.2 Discuss the effectiveness of actions taken to address risks and opportunities in MRM.
10.2.1 e) update risks and opportunities determined during planning, whenever NC arises
23. RISK ASSESSMENT
• Risk assessment is the overall process of
risk:
– Identification
– Analysis
– Evaluation
24. RISK IDENTIFICATION
• The organisation should identify:
– Sources of risk
– Areas of impacts
– Events (including changes in circumstances)
– Their causes
– Their potential consequences
25. RISK ANALYSIS
• Involves developing an understanding of the risk
• Provides an input:
– To risk evaluation and to decisions on whether risks need to be
treated, and on the most appropriate risk treatment strategies and
methods
– Into making decisions where choices must be made and the options
involve different types and levels of risk
• Involves consideration of:
– The causes and sources of risk
– Their positive and negative consequences
– The likelihood that those consequences can occur
26. Risk evaluation
• Purpose:
– To assist in making decisions, based on the
outcomes of risk analysis, about which risks
need treatment and the priority for treatment
implementation
• Involves:
– Comparing the level of risk found during the
analysis process with risk criteria established
when the context was considered
– Based on this comparison, the need for
treatment can be considered
27. Risk treatment
• Involves:
– Selecting one or more options for modifying risks
– Implementing those options
– Once implemented, provide treatments or modify controls
• Involves a cyclical process of:
– Assessing a risk treatment
– Deciding whether residual risk levels are tolerable
– If not tolerable, generating a new risk treatment
– Assessing the effectiveness of that treatment
28. How to Identify Risk &
Opportunities?
SWOT Analysis
PESTLE Analysis
Brainstorming
Surveys
Interviews
Historical data on Failures
Organization's Records
Professional Expertise
On-Site Investigations
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
29. SWOT ANALYSIS
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
How to Use a SWOT Analysis
Internal
What occurs within the company serves as a great source of
information for the strengths and weaknesses categories of
the SWOT analysis. Examples of internal factors include
financial and human resources, tangible and intangible
(brand name) assets, and operational efficiencies.
Potential questions to list internal factors are:
•(Strength) What are we doing well?
•(Strength) What is our strongest asset?
•(Weakness) What are our detractors?
•(Weakness) What are our lowest-performing
product lines?
30. SWOT ANALYSIS
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
External
What happens outside of the company is equally
as important to the success of a company as
internal factors. External influences, such as
monetary policies, market changes, and access to
suppliers, are categories to pull from to create a list
of opportunities and weaknesses.
Potential questions to list external factors are:
•(Opportunity) What trends are evident in the
marketplace?
•(Opportunity) What demographics are we not
targeting?
•(Threat) How many competitors exist, and what is their
market share?
34. 34
here are certain questions that one needs to ask while conducting this
analysis, which gives them an idea of what things to keep in mind. They
are:
•What is the political situation of the country and how can it affect the
industry?
•What are the prevalent economic factors?
•How much importance does culture have in the market and what are its
determinants?
•What technological innovations are likely to pop up and affect the market
structure?
•Are there any current legislations that regulate the industry or can there be
any change in the legislations for the industry?
•What are the environmental concerns for the industry?
35. Where to Start?
4.1 &4.2 Needs &Expectation of Interested
parties
List down all interested parties(Internal,
external, Legal & regulatory bodies)
Find all need and expectations of all interested
parties
Assess Risk and opportunities in meeting them.
36. Where to Start?
5.1.2 Customer Focus
Find all requirement for the products&
services(customer, Legal & your own)
List down all the processes for Meeting the
requirements
Assess Risk and opportunities in converting the inputs
in to outputs
37. What is Next?
6.1Action to address Risk &Opportunity
Incorporate Mitigation action in to your
process/procedure wherever required.
Consider Risk mitigation as objectives wherever
required.
Monitor the Risk on regularbasis.
38. What is Next?
9.1.3 Analysis and evaluation
Monitor the Risk on regularbasis.
Analyze the effectiveness of the mitigation plan
put in place.
39. What is Next?
9.3.2 Management Review
Discuss the effectiveness of the mitigation plan
putin place.
40. What is Next?
10.2 Non conformity &Correctiveaction
Whenever Non conformity arises, check whether
the particular NC addressed in Risk Register?
If yes, investigate what went wrong with the
mitigation plan ?
If not include it with mitigation plan.
41. What is Next?
6.3 &8.5.6 Changes in Risk &Opportunity
Asses Risk & Opportunities Whenever changes
happening in
Need & expectation of interested parties (4.0)
Leadership, policy, roles & responsibilities (5.0)
Objectives (6.0)
Resources(7.0)
Process /Operations(8.0)
& Update Risk mitigation plan.
42. What is Next?
Ensure your Risk Management plan is a
dynamicone.
So you can achieve Continual Improvement….
a situation involving exposure to danger.
the possibility of something bad happening:
KEY TAKEAWAYS
SWOT analysis is a strategic planning technique that provides assessment tools.
Identifying core strengths, weaknesses, opportunities, and threats leads to fact-based analysis, fresh perspectives, and new ideas.
SWOT analysis works best when diverse groups or voices within an organization are free to provide realistic data points rather than prescribed messaging.
SWOT Analysis was first used to analyze businesses. Now it's often used by governments, nonprofits, and individuals, including investors and entrepreneurs.
Strengths
Strengths describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on. For example, a hedge fund may have developed a proprietary trading strategy that returns market-beating results. It must then decide how to use those results to attract new investors.
Weaknesses
Weaknesses stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
Opportunities
Opportunities refer to favorable external factors that could give an organization a competitive advantage. For example, if a country cuts tariffs, a car manufacturer can export its cars into a new market, increasing sales and market share.
Threats
Threats refer to factors that have the potential to harm an organization. For example, a drought is a threat to a wheat-producing company, as it may destroy or reduce the crop yield. Other common threats include things like rising costs for materials, increasing competition, tight labor supply. and so on.
KEY TAKEAWAYS
SWOT analysis is a strategic planning technique that provides assessment tools.
Identifying core strengths, weaknesses, opportunities, and threats leads to fact-based analysis, fresh perspectives, and new ideas.
SWOT analysis works best when diverse groups or voices within an organization are free to provide realistic data points rather than prescribed messaging.
SWOT Analysis was first used to analyze businesses. Now it's often used by governments, nonprofits, and individuals, including investors and entrepreneurs.
Strengths
Strengths describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on. For example, a hedge fund may have developed a proprietary trading strategy that returns market-beating results. It must then decide how to use those results to attract new investors.
Weaknesses
Weaknesses stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
Opportunities
Opportunities refer to favorable external factors that could give an organization a competitive advantage. For example, if a country cuts tariffs, a car manufacturer can export its cars into a new market, increasing sales and market share.
Threats
Threats refer to factors that have the potential to harm an organization. For example, a drought is a threat to a wheat-producing company, as it may destroy or reduce the crop yield. Other common threats include things like rising costs for materials, increasing competition, tight labor supply. and so on.
KEY TAKEAWAYS
SWOT analysis is a strategic planning technique that provides assessment tools.
Identifying core strengths, weaknesses, opportunities, and threats leads to fact-based analysis, fresh perspectives, and new ideas.
SWOT analysis works best when diverse groups or voices within an organization are free to provide realistic data points rather than prescribed messaging.
WOT Analysis was first used to analyze businesses. Now it's often used by governments, nonprofits, and individuals, including investors and entrepreneurs.
Strengths
Strengths describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on. For example, a hedge fund may have developed a proprietary trading strategy that returns market-beating results. It must then decide how to use those results to attract new investors.
Weaknesses
Weaknesses stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
Opportunities
Opportunities refer to favorable external factors that could give an organization a competitive advantage. For example, if a country cuts tariffs, a car manufacturer can export its cars into a new market, increasing sales and market share.
Threats
Threats refer to factors that have the potential to harm an organization. For example, a drought is a threat to a wheat-producing company, as it may destroy or reduce the crop yield. Other common threats include things like rising costs for materials, increasing competition, tight labor supply. and so on.
KEY TAKEAWAYS
SWOT analysis is a strategic planning technique that provides assessment tools.
Identifying core strengths, weaknesses, opportunities, and threats leads to fact-based analysis, fresh perspectives, and new ideas.
SWOT analysis works best when diverse groups or voices within an organization are free to provide realistic data points rather than prescribed messaging.
WOT Analysis was first used to analyze businesses. Now it's often used by governments, nonprofits, and individuals, including investors and entrepreneurs.
Strengths
Strengths describe what an organization excels at and what separates it from the competition: a strong brand, loyal customer base, a strong balance sheet, unique technology, and so on. For example, a hedge fund may have developed a proprietary trading strategy that returns market-beating results. It must then decide how to use those results to attract new investors.
Weaknesses
Weaknesses stop an organization from performing at its optimum level. They are areas where the business needs to improve to remain competitive: a weak brand, higher-than-average turnover, high levels of debt, an inadequate supply chain, or lack of capital.
Opportunities
Opportunities refer to favorable external factors that could give an organization a competitive advantage. For example, if a country cuts tariffs, a car manufacturer can export its cars into a new market, increasing sales and market share.
Threats
Threats refer to factors that have the potential to harm an organization. For example, a drought is a threat to a wheat-producing company, as it may destroy or reduce the crop yield. Other common threats include things like rising costs for materials, increasing competition, tight labor supply. and so on.
PESTLE is a mnemonic which in its expanded form denotes P for Political, E for Economic, S for Social, T for Technological, L for Legal, and E for Environmental. It gives a bird’s eye view of the whole environment from many different angles that one wants to check and keep a track of while contemplating a certain idea/plan.
Political factors in PESTLE Analysis
These factors determine the extent to which a government may influence the economy or a certain industry. For example, a government may impose a new tax or duty due to which entire revenue generating structures of organizations might change. Political factors include tax policies, Fiscal policy, trade tariffs, etc. that a government may levy around the fiscal year and it may affect the business environment (economic environment) to a great extent.
Economic factors in PESTLE Analysis
These factors are determinants of an economy’s performance that directly impacts a company and have resonating long term effects. For example, a rise in the inflation rate of any economy would affect the way companies price their products and services. Adding to that, it would affect the purchasing power of a consumer and change demand/supply models for that economy. Economic factors include inflation rate, interest rates, foreign exchange rates, economic growth patterns, etc. It also accounts for the FDI (foreign direct investment) depending on certain specific industries who’re undergoing this analysis.
Social factors in PESTLE Analysis
These factors scrutinize the social environment of the market, and gauge determinants like cultural trends, demographics, population analytics, etc. An example of this can be buying trends for Western countries like the US where there is high demand during the Holiday season.
Technological factors in PESTLE Analysis
These factors pertain to innovations in technology that may affect the operations of the industry and the market favorably or unfavorably. This refers to automation, research and development, and the amount of technological awareness that a market possesses.
Legal factors in PESTLE Analysis
These factors have both external and internal sides. There are certain laws that affect the business environment in a certain country while there are certain policies that companies maintain for themselves. Legal analysis takes into account both of these angles and then charts out the strategies in light of these legislations. For example, consumer laws, safety standards, labor laws, etc.
Environmental factors in PESTLE Analysis
These factors include all those that influence or are determined by the surrounding environment. This aspect of the PESTLE is crucial for certain industries particularly for example tourism, farming, agriculture, etc. Factors of a business environmental analysis include but are not limited to climate, weather, geographical location, global changes in climate, environmental offsets, etc.
There are many templates available for companies to conduct PESTLE analysis. Many organizations have provided information regarding their PESTLE analysis as case studies available on the Internet.
Actions to address risks/opportunities can include
Avoiding Risk
Taking Risk in order to pursue an opportunity
Eliminating the Risk source
Changing the likelihood or consequences
Sharing the Risk
Retaining Risk by informed decision
Summarise the module and the course. Ask the learners if they have any questions or want to share any learning points with the group.