ISO 9001:2015 RISK AND OPPORTUNITY MANAGEMENT

That risk management is the sole responsibility of the top management and middle management.

That everyone has responsibility for managing risk.

That the risk manager is responsible for all risk management-related activities in the organization.

Risk champion is responsible to identify all risk at each department

Setting the roles, responsibilities and authorities for risk assessment.

Defining the scope of the process and understanding the external and internal context of organization.

Defining the consequences, likelihood and level of the risk.

Overall process of risk identification, risk analysis and risk evaluation

Process of finding, recognizing and recording risk.

External and internal influences to which the organization is subjected.

specify the amount & type of risk that organization may or may not take, relative to objectives.

input to risk evaluation and to decision on whether risk need to be treated

Risk identification

Risk analysis

Risk evaluation

Risk monitoring

Establish penalizations that can be applied to teams that fail to identify such risk.

Create a mechanism for capturing emerging risk and recognizing early warning signs of potential success and failure.

Conduct quarterly quality policy reviews.

Set KPI on case of unidentified risk for effectiveness of risk management

Estimate practical values for consequences and their likelihood, and process values of the level of risk.

Use numerical rating combined with non-numerical categories.

Defines the consequences, likelihood and level of risk based on non-numerical categories or levels.

develop an appropriate risk assessment methodology

Risk evaluation

Options for risk treatment

decision on whether risk need to be treated

To assess whether the risk is acceptable or not.

To find and recognized risk.

To define the scope of its risk management activities.

determine outcome of an event affecting objectives

To select and implement options for addressing risk.

To assists relevant stakeholders in understanding risk.

assess whether the risk is acceptable or not.

To support decisions.

Accept the risk by informed decision.

Avoid the risk by not taking or continuing activities.

Ignoring the risk.

Sharing with another party the burden of loss or the benefit of gain