Risks

1. Purpose

To assess threats related to the organizational context, interested parties and the quality management system ; to prioritize risks in order to manage them effectively and efficiently ; to prevent or substantially limit the likelihood that the Organization does not detect its weakness; and to manage risks efficiently and effectively.

2. Scope

Coordinated activities to direct and control anorganization with regards to risk.Organization face internal and external factors that make it uncertain to achieve objective.The effect of these uncertainties in achieving objective is known as “risk”.The process of managing these risks is known as “ risk management”

3. Reference

  1. ISO 31000:2008/02 Edition 2 Risk Management Principles and Guidelines
  2. ISO 9001:2015 - Clause 3.3 Actions to Address Risks and Opportunities
  3. ISO 9001:2015 - Clause 7.5 Documented Information
  4. ISO 9001:2015 - Clause 9.1.3 Analysis and Evaluation

4. Terms and Definition

  1. Risk : A negative effect of uncertainty.
  2. Opportunity : A positive effective of uncertainty.
  3. Risk Assessment : a systematic investigation and analysis of potential risks, combined with the assignment of severities of probabilities and consequences. These are used to rate risks in order to prioritize the mitigation of high risks.
  4. Risk Mitigation : a plan developed with the intent of addressing all known or possible risks and preventing their occurrence.

5. Management of Risks and Opportunities

Risks may be identified by any employee at any time. After identification , a risk must be reported and analyse on the Risk Register. A mitigation plans for the identified risks is then carried out. Some mitigation plan might change the risk into opportunity. Top management will review these risks and takes action to minimize them.

The management of risk is shown in figure below;

Add image here

Each risk assessment is conducted by:

  1. Identifying the risk
  2. Identifying the process for which the risk most likely dominates
  3. Assess the risk by assigning a likelihood and Impact rating to the identified risk.
  4. Prioritize risk based on the final Risk Factor which calculated using equation below:
RISK FACTOR = (LIKELIHOOD x IMPACT ) / A Constant (2.5)

For risks with a final Risk Factor rating equal to or greater than the threshold set in the Risk Matrix as per below.

Add image here

Management will decide whether to reject the subject due to the risk, or accept the risks after the development of a risk mitigation plan. The mitigation plan must be documented in the Risk Management System or/and in another document which must be referenced on the form.

After a risk has been treated, discussion and analysis of opportunities shall be done by top management. If it made part of the management review activities, these shall be recorded in the management review records.

6. Source of Risk

When constructing this quality manual, FAAS considers the following internal and external issues described in quality manual section 4.1 that potentially become the risks that effect our products and services. The risks are categorized into;

Add table here

7. Likelihood Table

The following can be used as a guide for determining likelihood. However this tool has limitations as likelihood and frequency of events tend to slightly vary between disciplines and functional areas.

Add table here

8. Consequence/Impact Table

The following is a guide to determining consequence/impact. The applicability of the operational definitions of each category of consequence will slightly vary thus is recommended as a guide only.

Add table here