Information and Training. | Risk Management.Every organization that is concerned about risk, (on itself, products, processes, or caused by its activities, etc., ..) wants to ensure that a planned, effective risk process is implemented. The benefits are that decisions will be based on understood risks and there will be a level of confidence that current and future potential risks have been identified, understood, measured and reduced to acceptable levels.
In order to achieve these expectations a risk management plan must be drafted, agreed and implemented.
Risk Planning / Risk Management Plan will address the process within the organization, detailing:
i) The approach to performing risk assessments.
ii) The establishment of methods for identifying risk levels.
iii) The approach to risk control.
iv) Risk mitigation, risk reduction and risk detection processes.
v) Monitoring and managing change and associated risk impacts.
vi) The communication of risk within the organization.
vii) The process for risk management plan creation, updating, review and approval.
viii) Implementation of the risk plan.
The risk plan will bring together all elements of the risk process, will ensure there is a clear logical approach to risk, will ensure that risk consideration is an integral component of all activity and that all key stakeholders understand their roles and responsibilities towards risk management.
The Risk Management Plan needs to be drafted as soon as feasibly possible.The output of the activity of an organization will be a product or service. Service organizations will provide a range of service outputs, manufacturing organizations will output both product and service outputs. For example, a company manufacturing a desktop computer, will also output financial data, regulatory compliance data, will report on environmental compliance standards, etc.. Each of the outputs will have associated processes, with numerous decision points. From the date of first establishment of the organization, risks will arise. The purchase and use of raw materials, staff hiring and employment, the transport of internal inventory, etc.. all introduce risks.
Therefore, a risk management plan should be created from the onset of activity and continually developed and updated over time.
Elements of the Risk Management Plan.There will be two distinct elements within the risk management plan. First the plan will detail the overall or strategic approach to risk by the organization and secondly the plan will detail the specific operational approaches to implementing the risk strategy.
Strategic approach to Risk Planning / Risk Management.Senior management will need to detail the scope of organizational activity to be covered within the risk plan. For example, consider a medical device or pharmaceutical drug. Will the risk activity be limited to developing the product, performing clinical trials and where the product is deemed suitable for release to market, then providing “directions for use” in the form of a product insert to medical practitioners who may prescribe the product. Alternatively, the risk scope may extend out to include the approval and training of individual medical practitioners, plus education and follow-up of individual patients. The risk associated with the product will determine the scope of the risk management responsibilities.
The risk appetite of the organization will need to be defined by senior management. A new start-up business will normally have a higher risk threshold than an established business. This arises as a new business may need to “shake-up” the market, or introduce radical new product features in order to get customers to move from the established product and service providers. Consequently a new start-up may have a higher risk appetite then the established business. As risks are identified and assessed on an on-going basis, those involved in the risk processes, need to know what risks will be deemed acceptable and which risks need to be mitigated. These decisions will be based on the risk appetite as defined by senior management.
Management will need to define the risk communication processes within the organization. How will risk levels be communicated to senior management. Clearly senior management do not need to be aware of all risks, however, those higher level risks which could seriously impact organizational performance need to be understood by senior management. Management also need to understand the effectiveness of the risk processes and if there are functional areas where risk is not adequately considered and applied into decision making.
Responsibilities for implementing the risk management plan will be defined and understood by relevant management and staff. Senior management, will delegate responsibilities for the risk process, while retaining their own clear final responsibility for risk impacts associated with organizational activity.
Operational approach to Risk Planning | Risk Management.Standard operating procedures will be defined, documented, approved and communicated to staff which detail the methods of risk identification, risk assessment, risk rating, risk mitigation, risk communication, risk training, etc.. across the organization.
Note: The standard operating procedures will not normally be specifically included within the risk plan, but will be referenced as stand alone documents, integral to the overall risk plan.
The operating procedures will need to undergo review and approval. Where change arises within the organization, which may be related to product or process revisions, organizational restructuring, facility, staff change, etc.. any potential for risk change will need to be considered. Risk needs to be a routine consideration associated with all change.
Risk Management Report.The risk plan will detail the methods of risk reporting. Where a new product is to be launched, a new facility commissioned, a major organizational restructuring, etc.. a specific risk report will often be issued. The risk report will confirm that:
– The Risk Management Plan has been implemented
– The Overall Residual Risk is acceptable
– Methods are in place to obtain relevant follow-up information, for example post market surveillance reporting and customer feedback processes.
Risk Management Plan maintenance.The risk management plan needs to be an active, live document, which is initially approved by senior management and continually reviewed and updated as necessary. The plan must be understood by relevant staff, who are given the opportunity to propose and implement changes to the plan. The plan needs to identify and utilize all available sources of relevant information, which can help improve the risk processes, for example, customer feedback, competitor experiences, information from ongoing research publications, media reports, etc..
Information & Training.
- Risk Identification. Risk Evaluation. Risk Mitigation. Risk Control. Etc..
- Risk Processes. Risk Planning. Risk Reporting.
- Requirements. Standards. Current best practices.
- Information & Training presentation >>>