Uploaded by faizalmd m

EC-QP-007 Rev 00 Risk Assessment DONE-13 JUL 2020

advertisement
Title:
RISK AND OPPORTUNITY
ASSESSMENT GUIDELINES
Doc. : EC - QP - 007
Rev. : 00
Effect. Date : 01.06.19
Page : 1 of 4
Prepared By:
Approved By:
Date:
Date:
Revision History
Rev.
Date
Subject Of Issued
Prepared By
Approved By
00
01.06.2019
New Issue ISO 9001:2015
Musmulyady
John Liew
01
10.07.2020
New Issue ISO 9001:2015
Musmulyady
John Liew
Title:
RISK AND OPPORTUNITY
ASSESSMENT GUIDELINES
Doc. : EC - QP - 007
Rev. : 00
Effect. Date : 01.06.19
Page : 2 of 4
1. PURPOSE
The purpose of the procedure is to establish a risk assessment process to address and
determine the risks and opportunities as determined in accordance with the requirements that
need to be addressed to:
a)
b)
c)
d)
give assurance that the quality management system can achieve its intended result(s);
enhance desirable effects;
prevent, or reduce undesired effects;
achieve improvement.
2. SCOPE
This procedure applies to the whole Quality Management System processes within the
organization.
3. REFERENCES
3.1
3.2
3.3
ISO 9001:2015 Clause 6.1 (Actions to address risk and opportunities)
SWOT Analysis
Appendix V
4. PROCEDURE
4.1
Planning for risk assessment
The Management shall continually seek improvement on the effectiveness of the quality
management system using Risk Assessment for the key processes within the QMS, in
order to prevent potential nonconformities.
The Management has considered the context of the organization; External and Internal
Issues as well as needs and expectation of interested parties during planning stages.
Title:
RISK AND OPPORTUNITY
ASSESSMENT GUIDELINES
4.2
Doc. : EC - QP - 007
Rev. : 00
Effect. Date : 01.06.19
Page : 3 of 4
Risk Matrix
Likelihood
1 (Remote) =
Never Happen
before
2 (Rarely)=
Once in a year
3 (Sometimes) =
Once in a month
4 (Frequent)=
Once in a week
5 (Very
frequent) =
Daily
1
2
3
4
5
2
4
6
8
10
3
6
9
12
15
4 = May cause late
delivery /
completion of
work
4
8
12
16
20
5 = May cause
customer
complaint and
service terminated
5
10
15
20
25
Severity
1 = Would not
cause
dissatisfaction to
customers or our
operation
2 = May cause
verbal complaint,
but the
products/service
still can be used
3 = May cause our
project to stop due
to equipment
failure or
unavailability of
manpower etc.
Risk = the effect of uncertainty on an expected result which may affect the satisfaction
of interested parties
Tolerable risk
Tolerable risk
Not tolerable risk
1 - 4 = LR (Low Risk)
Current control measure is effective to control the risk
5 - 12 = MR (Medium Risk)
May propose new control measure to improve the current practices (but not
compulsory)
15 - 25 = HR (High Risk)
Need to propose new control measure(s) to control the risk(s) implement
immediately.
Title:
RISK AND OPPORTUNITY
ASSESSMENT GUIDELINES
4.3
Doc. : EC - QP - 007
Rev. : 00
Effect. Date : 01.06.19
Page : 4 of 4
Recording of Risk Assessment Results
The Top Management shall lead the respective Head and Team of the Department to
perform the risk assessment for the departmental processes that may affect the
satisfaction of interested parties, based on the context of the organization. The Top
Management shall brain storm with the respective Head and Team of the Department
on the severity and likelihood of occurrence of the potential risks in the processes.
For Low Risk and Medium Risk activities, the management may choose to propose
further control method, but not compulsory, to ensure the risks are prevented.
For High Risk activities, the management shall ensure control measures or Contingency
plan are in place to ensure the risk would not happen. In the case the nonconformity
happens, it shall be controlled by means of Control of Nonconformity procedure.
The results shall be recorded in the Risk Assessment Analysis (Risk Identification, Risk
Assessment and Risk Control).
4.4
Review of the Risk Assessment Analysis
Top Management should review the Risk Assessment Analysis (Risk Identification, Risk
Assessment and Risk Control) once every 12 months, preferably during Management
Review Meeting, to identify new risks or opportunities that may affect the entire business
activities. Output of the review shall be updated in the Risk Assessment Analysis.
5.
RECORDS
Records as stated above shall be maintained and controlled in accordance with Document
Control procedure EC-QP-001and Control of Quality Record, EC-QP-002
Download