Clause 6.1 Actions to address risks and opportunities
Addressing risks and opportunities are the main focus of this clause. This is the clause directly describing Risk-Based Thinking. So two things are described here below I am going to define them and will also tell what the standard says about dealing with them:
- Risk: The effect of uncertainty. The possible dangers which can affect your business continuity or any of the aspects of the business like quality, delivery, etc. As per standard organizations should take measures to lower the risks.
- Opportunity: The actions which you can take to boost your business. As per the standard organization should focus on the
How to address risks and opportunities:
In clause 4.1 Understanding the organization and its context, we have discussed the issues, we have to look closely and from that, we can find out that some of the issues can be titled “risks”.
Now that we have found out all the risks then we have to address them. Clause 6.1.1 tells us that:
- a) give assurance that the quality management system can achieve its intended result(s);
- b) enhance desirable effects;
- c) prevent, or reduce, undesired effects;
- d) achieve improvement.
We have to plan the prevention and reduction of the “risks”, there are several techniques that are used to address those risks, and however, the aim is what is mentioned in above points a, b, c, and d which I am summarizing below as:
“The risks should be addressed and all actions should be taken to minimize the effects so that those risks become less harmful and do not hinder the production and service provision, apart from lowering the risks, the opportunities must be exploited to get all benefits from them and eventually achieve improvement”
Risk Controlling Methods:
There are a few methods through which we can control the risks, here we will discuss some of the mechanisms which are described in the standard:
The risk can be avoided if we don’t carry out the task that we are going to pursue. This means completely abolishing the task that possesses the risk. The most radical approach. For example, a manufacturing company not pursuing manufacturing a product because of its lack of market.
Taking Risk To Pursue an Opportunity:
Most companies get monetary benefits when they take a risk. For example, construction companies take the risk by putting their machines, workforces, location, and finances in danger to construct a building, and once the task is done they earn by selling and renting the product. They are availing an opportunity because they have taken a risk.
Eliminating the Risk Source:
The risk can be eliminated when the risk sources are eliminated. By removing the hazard the risk is eliminated. For example, if the overall condition of the area is risky, then changing the location of the office will eliminate the risk source because in this case the source (the area) is changed.
Changing the Likelihood or Consequences:
To understand this, we have to first understand what is Likelihood and Consequences. Likelihood means how frequently that risk can affect us. And Consequences mean how high the damage will be. These two things can be changed by different methods.
Sharing the Risk:
Risk can be shared by various means, by a partnership with other parties, by involving insurance companies between them. This is also called transfer of risk whereby in partnership some part of the risk is transferred to the other party. Also, the best strategy would be to partner with someone who has the technical knowledge of the risk that you are going to have. Outsourcing the employees or renting the vehicle are some examples of sharing the risk.
Retaining Risk by Informed Decision:
This is also called “acceptable risk”. When you apply control to the risk and the risk lowers down. Sometimes the risk is not low to the extent you wanted and you have to accept the remaining risk. This is called acceptable risk or retained risk.
After addressing the risks:
After the risk is addressed, we have to take two more steps, firstly we have to integrate those actions into our quality management system so that they can become part of the system and not a one-time activity.
Secondly, we have to find out whether those actions are effective or not. This means that we have to evaluate if those actions are actually bearing fruit or not. If yes, then make them part of the quality management system and if not, then some other actions can be formulated which can lower the risk.