Businesses of all sizes and types face issues that come from both external and internal factors. It’s vital every business knows how to manage product risk within their business.
You are likely reading this post because you are uncertain where to start or are concerned about your supply chain. This is understandable, and especially difficult if you have never had to deal with a serious issue or have an experienced Quality Manager available. Don’t worry though, everyone has to start somewhere!
The first stage is creating a risk management or crisis management procedure. Occasionally you may need to quickly issue your risk management procedure to your customers or 3rd parties you deal with, including legal entities such as trading standards or the equivalent.
Risks can appear out of the blue, alter or completely disappear as the business develops, so your risk management procedure should be adapted appropriately and in a timely manner so it’s not out of date if needed.
What is Risk Management?
This is how the Risk Management standard BS ISO 31000:2018 describes managing risk:
“Managing risk is part of governance and leadership and is fundamental to how the organization is managed at all levels. It contributes to the improvement of management systems. Managing risk is part of all activities associated with an organization and includes interaction with stakeholders. Managing risk considers the external and internal context of the organization, including human behaviour and cultural factors. The effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making. This requires support from stakeholders, particularly top management”Extracted from BS ISO 31000:2018
In short, the leadership within your business needs to commit to taking risk management seriously, establish a procedure to follow and support the implementation of the risk management program considering all the external and internal factors.
In our ISO Implementation series (clause 6.1 here), we discuss actions to address risks and opportunities within the organisation. You can find that post here if you want to find out more.
Now you have learnt the very basics of what risk management is, we will now at 10 questions you must consider prior to a product risk assessment.
Top 10 Questions to Ask Before Conducting a Product Risk Assessment
In this scenario, you are assessing a product once it’s already in the supply chain and an issue has been raised to you to look into. What do you do now? Asking the following questions should help give you a better understanding of the situation and the control you currently have on it.
- What are the most important things I need to know about the issue?
- Where can I find the answers to my questions?
- What sources can I use and where are they located?
- With whom do I need to liaise with to get the information?
- How many products or ranges are affected?
- What the problem is and what it is not?
- Can the date the issue started be identified easily?
- What is the nature of the hazard?
- What is the cause of the hazard? (Occasional product defect, product deterioration, unusual operating conditions, misuse of product, random failure etc.)
- What range of products (models) is affected?
You may want to get a team together to collate all the information you need to consider or at least consult other members of the business to gather this information. Time is always a factor when a product is already in the supply chain, so utilising your time wisely is extremely important.
Once you have the above information, or at least, as much of it at possible, you will need to determine the risk significance then plan actions to address the risks. You may wish to use a graph to capture the risks, FMEA or a database.
The action you need to take to address the issue, if there is one, should be predefined in your Risk Management Procedure. This will help you to make decisions quickly. Lots of companies do not include options to address risks in their procedure and this can cause huge delays in decision making in a time sensitive situation. By predetermining your options (to the extent possible), the management that have authority to sign off these decisions, will have already approved this means of managing risk. It will make your action plan much easier to explain and costs involved will be clearer.
Lastly, you or your team will need to evaluate the actions you took, the scenario that followed and where improvements could be made in future. You will need to make sure your Risk Management Procedure is adjusted if you feel this is necessary. Any reports or documentation to track the event will need to be filed away in a central location, suitable to the sensitivity of information, so you can track it in future.
If you have any questions, we are always happy to help you.
Definitions You Need to Know
- Hazard – The potential to cause harm
- Risk – The likelihood that a hazard will cause harm
- Event –An occurrence or change of a particular set of circumstances (risk source)
- Consequence –The outcome of an event (positive or negative)
- Likelihood – The probability of a consequence occurring
- Availability – The availability of the product in the marketplace
- Risk Assessment – A procedure to measure of the probability of a hazard causing harm, considering the frequency with which something may go wrong, how many people are likely to be affected and how severity of injury.