Risk Management in 5 steps
written by Maree Stuart
No doubt you’ve read through the ISO/IEC 17025, ISO 9001, or ISO 15189 standards plenty of times and you’ve seen an increased emphasis on risk-based thinking.
We’ve written articles previously about risk management and discussed how the requirements need you to look at risks in a more formalised and strategic way.
Since it’s not prescribed HOW this should happen, some labs may be uncertain about the steps needed to deal with risks and opportunities.
Remember, there’s no ‘one size fits all’ to reduce risk. It’s all about determining what’s important to your lab.
The steps to risk management success
Your lab needs to plan and implement actions to address risks and opportunities by adopting a process approach.
The steps to do this are:
- Identify
- Analyse
- Evaluate or rank them
- Determine actions
- Implement and monitor
Let’s take a quick look at each of these steps.
Step 1: Identify
The first step is identifying risks.
You won’t get a cross section of opinions by sitting in a room on your own with a whiteboard! This must be a team effort and can be achieved through brainstorming with relevant stakeholders.
Who are the relevant stakeholders? At a minimum this should include representatives from management, quality, and technical staff.
Consider internal and external sources of risk. Internal inputs could be things like test methods, staffing changes and machinery.
External sources of risk could be gleaned from evaluation of future scenarios (positive and negative) and SWOT analysis. Don’t discard any suggestions at this point. In fact, ‘global pandemic’ is probably on everyone’s risk register now!
Step 2: Analyse
Use a matrix to assign a value to determine low, medium, or high levels for each risk your team has identified. The value could be either descriptive (low, medium high) or quantitative (on a scale of 1-10). The level of risk depends on likelihood and how severe the consequences would be if it were to occur.
You could use a separate matrix for risks and opportunities but it’s important to address both the good and the not so good.
Step 3: Evaluate or rank them
Once you’ve determined the level of the risks (or opportunity), you’ll be able to rank which risks to address first. The higher the level, the more priority you should place on addressing the risk or opportunity.
Perhaps the team will start with the easy things to get some ‘quick wins’ and demonstrate the value of implementing risk management to staff members. Or they could focus on the highest-level issues that may result in critical risk and move down the list in order.
Ranking should also consider the availability of your resources and the costs involved in addressing the risks and opportunities.
Step 4: Determine the actions
Management commitment to funding, resourcing and implementation will be a factor in determining your actions.
Whatever the case, it’s important to assign someone (or several people) to be responsible for the actions. Ensure there is a realistic timeframe for completion, so they don’t drag on.
Step 5: Implement and monitor
It’s not a solution if it doesn’t work!
Whatever actions you decide on, these must be implemented in the lab. This includes putting someone in charge of ensuring the actions are having the effect they’re supposed to.
If this isn’t happening, the person responsible can raise this with the rest of the team during a follow up meeting.
This isn’t a ‘set and forget’ exercise. As part of your quality system, you should undertake a periodical review of your risks. This is particularly the case if something in the lab changes or there’s an industry development that could affect your lab.
And of course, this will demonstrate your commitment to continuous improvement in your business.
Write it down
Although there isn’t a requirement to document the process, having risk management records means you’re able to provide evidence to your NATA accreditation team.
Your risk register can be used for this purpose since it lists your risks and opportunities, analysis, risk level and the actions that need to be taken.
What if I need help?
That’s why we’re here!
Our Risk Management in the Lab training course will give you all the help you need. We’ll answer your questions and give you practical, hands-on activities to support your work and your business. We can run it in-house so all your people can be risk savvy.
We also offer support for businesses seeking ISO 17025 accreditation, ensuring your testing and calibration processes meet the highest standards.
Call Maree on 0411 540 709, or email info@masmanagementsystems.com.au and discover how we can support risk management in your lab!
Remember, you don’t have to do this alone!
Download the article 5 steps to risk management success