How does risk assessment work?
Recently the team at P+P had a discussion on the topic of risk and its subsequent assessment. The team is regularly involved in developing systems which operate under the requirements of ISO 9001:2015, ISO 14001:2015, ISO 27001:2013 and ISO 45001:2018. All these standards have elements of risk assessment, the question is how does that assessment process operate?
We all do risk assessments every day; without those assessments the day finishes quite abruptly! For example, we jump in the car arrive at the first junction and assess the risk of navigating that junction without a collision – simple. In this case, we aren’t expected to document our Risk Assessment.
With all the disciplines related to the ISO standards listed above, how do we handle the varying assessment processes? Ideally, any Risk Assessment should be simple, almost child-like. The process also needs to deliver similar results whoever’s doing the assessment. This is incredibly important; it’s not ideal if some staff in an organisation are risk-hungry, while others are risk averse. Finally, the process needs to be a group activity, so it reflects the business as a whole.
The Scale of Risk
Another factor is the scale of the risk. Some organisations can stand to lose a few thousand pounds where others would struggle with this size of loss. But as you scale up the numbers, the perceived risk will start to your focus mind! With organisations like Carillion and more recently Paragon Interiors Group failing, the repercussions for businesses down the supply chain can be critical.
It is a requirement of the ISO standards to keep records of the assessment processes. Now we have the problem of documenting these assessments. The risk related to this is that the process becomes wooden and inflexible. If that happens the process is less likely to be used and a huge opportunity missed.
While all our work is confidential, we do observe how organisations manage risk. We see best practice along with processes that are not so good. In the worst cases, the risk is not even considered! With many ways to manage or offset risk, it makes sense to act.
We can help you with this. If you’d like an informal chat about risk assessment, give us a call on 01284 330400 or complete the Contact form and we’ll get back to you.