ARCHIVE NEWS

Risk Management - Excel Partnership launch a foundation training course based on ISO 31000

Risk Management is the process whereby an organisation identifies, assesses and prioritises risks associated with a process, project or product throughout its life-cycle, from project definition, process / product design to project development / manufacture, through to the end user application or use by the customer.

Historically linked to health and safety and financial risk, risk management is being increasingly applied to all organisational operations, no matter what the technical discipline, and has become the cornerstone to ISO/DIS 9001:2015. It is explicitly embedded in the Environmental Management System standard ISO 14001 and ISO/IEC 27001, the standard for Information Security Management. It is also included in Annex SL-Proposals for Management Systems Standards which encourages a more holistic approach to managing business risks and opportunities.

Although there are a number of general and industry specific standards for risk management, Excel’s Fundamentals of Risk Management training course is based on ISO 31000:2009, Risk management – Principles and guidelines, which provides a generic foundation of the principles, framework and process for managing risk applicable to all organisations.

Risk is inherent in everything we do and at all levels of an organisation. In order to achieve strategic and operational objectives, risks associated with these need to be identified and assessed. Organisations will have different levels of appetite for risk i.e. degree of avoidance, but avoiding all risk would lead to nothing being achieved, no progress made and objectives not being met.

Numerous definitions of risk exist within a number of ISO standards and one has to look beyond the stated definition in ISO 31000 to the notes to see the identification of negative and positive deviations. However, the IRM (Institute of Risk Management) promotes this within their definition of risk “The combination of the probability of an event and its consequence. Consequences can range from positive to negative.” Although risk tends to be associated with negative consequences, ISO 31000 encourages organisations to exploit the opportunities as well as consider the threats that uncertainty brings, thereby becoming aware of new possibilities which may have otherwise gone un-noticed.

Although ISO 31000 is not a certifiable standard in itself, together with ISO 31010 (Risk Management – Risk Assessment Techniques), it provides valuable direction for implementing a risk management process. ISO 31000 follows a 5-stage process which compliments those in other standards, such as ISO 14971: Medical Devices – Application of risk management to medical devices and ISO/IEC 27001:

• Step 1 Establishing the context
• Step 2 Risk Identification
• Step 3 Risk Analysis
• Step 4 Risk Evaluation
• Step 5 Risk Treatment

Risk Assessment is the combined process of risk identification, risk analysis and risk evaluation (Steps 2-4) with Step 5 being the stage where an organisation decides priorities, i.e. is the risk treated, tolerated or transferred.

To be effective, risk management must be proportionate to the size and nature of the organisation. Risk Management is such a broad subject area and has hugely different implications for a large multinational organisation versus a small local business. Therefore to ensure its applicability to all organisations, the aim of Excel’s Fundamentals of Risk Management course is to:

• Assist individuals in visualising risk management as a whole-organisation activity rather than a stand-alone function
• Clearly establish the fundamental components of risk management and how it is applied within a management system structure
• Provide an opportunity to follow a risk assessment process and decide on appropriate controls and treatments of identified risks, as well as explore the variety of risk assessment tools available.

"Over the last 6 months, we have noticed an increasing number of customers identify an interest in risk management," says Geoff Doole, Managing Partner for Excel Partnership. "With risk management becoming a prominent aspect in the revision of ISO 9001 and ISO 14001 and as Excel already addresses risk assessment within specific sectors such as automotive, information security and medical devices, it was logical for us to extend this to a more general level for all organisations to access".

The key learning objectives for this 1-day course will include:

• Interpreting the principles of Risk Management within ISO 31000 and the generic risk management framework and how it applies to organisational processes and management systems in general
• Understanding how ISO 31000 links to other discipline-specific management system standards and Annex SL
• Evaluating how business risks impact on each other and be able to assess these as a whole rather than in isolation
• Exploring the components of Risk Management and applying these to the life-cycle of a product, process or project
• Identifying appropriate treatments and controls and deciding on those best suited to manage the risk

An established and approved provider of management systems auditor training in a wide variety of sectors, the development of a Risk Management course to enable delegates to extend their current risk management knowledge in relation to management systems, particularly in light of the revisions to ISO/DIS 9001:2015 and ISO 14001, will compliment Excel’s existing suite of Business Improvement courses.

Bookings are now being taken to attend Excel’s ISO 31000:2009 Fundamentals of Risk Management 1-day course for:

• 28th October, Hemel Hempstead
• 4th November, York
• 2nd December, Southampton

For further details of Excel’s in-house training or if you’d like to discuss your requirements and request a proposal, please contact us (tel: +44(0) 1428 751027).