The path to comfort with your risk management plan can be a complicated on one hand and scary on the other. This may help get you started down this path with a plan to work with.
Since the 1960s we’ve used Ishikawa’s fishbone diagram to great benefit. The premise here is that all non-conformances have their roots in either People (6% of the time), Processes, Infrastructure or Work Environment. Back then he referred to these areas as ‘Man, Method, Machine and Milieu’. So the logic here is, if that’s where most non-conformances have their roots, let’s start there to build our risk management approach. If we can identify weak spots, maybe we wont’ have as many unwanted ‘surprises’. Most organizations these days also break out some specific areas to focus on:
- Information security
- Supply chain
- Customer interactions
To put it all together, you may want to consider these basic steps to get a handle on creating or assessing your Risk Management Activities:
- Follow your flowcharts
- Identify higher risk points
- Highlight the danger points visually on your flowcharts
- Assess the effectiveness of your risk management at each activity in the flow
- Improve the activities wherever possible.
This is not an exhaustive plan by any means but will get you started and will help you put the spotlight on risk during internal audits – dividends galore!