Title: RISK AND OPPORTUNITY ASSESSMENT GUIDELINES Doc. : EC - QP - 007 Rev. : 00 Effect. Date : 01.06.19 Page : 1 of 4 Prepared By: Approved By: Date: Date: Revision History Rev. Date Subject Of Issued Prepared By Approved By 00 01.06.2019 New Issue ISO 9001:2015 Musmulyady John Liew 01 10.07.2020 New Issue ISO 9001:2015 Musmulyady John Liew Title: RISK AND OPPORTUNITY ASSESSMENT GUIDELINES Doc. : EC - QP - 007 Rev. : 00 Effect. Date : 01.06.19 Page : 2 of 4 1. PURPOSE The purpose of the procedure is to establish a risk assessment process to address and determine the risks and opportunities as determined in accordance with the requirements that need to be addressed to: a) b) c) d) give assurance that the quality management system can achieve its intended result(s); enhance desirable effects; prevent, or reduce undesired effects; achieve improvement. 2. SCOPE This procedure applies to the whole Quality Management System processes within the organization. 3. REFERENCES 3.1 3.2 3.3 ISO 9001:2015 Clause 6.1 (Actions to address risk and opportunities) SWOT Analysis Appendix V 4. PROCEDURE 4.1 Planning for risk assessment The Management shall continually seek improvement on the effectiveness of the quality management system using Risk Assessment for the key processes within the QMS, in order to prevent potential nonconformities. The Management has considered the context of the organization; External and Internal Issues as well as needs and expectation of interested parties during planning stages. Title: RISK AND OPPORTUNITY ASSESSMENT GUIDELINES 4.2 Doc. : EC - QP - 007 Rev. : 00 Effect. Date : 01.06.19 Page : 3 of 4 Risk Matrix Likelihood 1 (Remote) = Never Happen before 2 (Rarely)= Once in a year 3 (Sometimes) = Once in a month 4 (Frequent)= Once in a week 5 (Very frequent) = Daily 1 2 3 4 5 2 4 6 8 10 3 6 9 12 15 4 = May cause late delivery / completion of work 4 8 12 16 20 5 = May cause customer complaint and service terminated 5 10 15 20 25 Severity 1 = Would not cause dissatisfaction to customers or our operation 2 = May cause verbal complaint, but the products/service still can be used 3 = May cause our project to stop due to equipment failure or unavailability of manpower etc. Risk = the effect of uncertainty on an expected result which may affect the satisfaction of interested parties Tolerable risk Tolerable risk Not tolerable risk 1 - 4 = LR (Low Risk) Current control measure is effective to control the risk 5 - 12 = MR (Medium Risk) May propose new control measure to improve the current practices (but not compulsory) 15 - 25 = HR (High Risk) Need to propose new control measure(s) to control the risk(s) implement immediately. Title: RISK AND OPPORTUNITY ASSESSMENT GUIDELINES 4.3 Doc. : EC - QP - 007 Rev. : 00 Effect. Date : 01.06.19 Page : 4 of 4 Recording of Risk Assessment Results The Top Management shall lead the respective Head and Team of the Department to perform the risk assessment for the departmental processes that may affect the satisfaction of interested parties, based on the context of the organization. The Top Management shall brain storm with the respective Head and Team of the Department on the severity and likelihood of occurrence of the potential risks in the processes. For Low Risk and Medium Risk activities, the management may choose to propose further control method, but not compulsory, to ensure the risks are prevented. For High Risk activities, the management shall ensure control measures or Contingency plan are in place to ensure the risk would not happen. In the case the nonconformity happens, it shall be controlled by means of Control of Nonconformity procedure. The results shall be recorded in the Risk Assessment Analysis (Risk Identification, Risk Assessment and Risk Control). 4.4 Review of the Risk Assessment Analysis Top Management should review the Risk Assessment Analysis (Risk Identification, Risk Assessment and Risk Control) once every 12 months, preferably during Management Review Meeting, to identify new risks or opportunities that may affect the entire business activities. Output of the review shall be updated in the Risk Assessment Analysis. 5. RECORDS Records as stated above shall be maintained and controlled in accordance with Document Control procedure EC-QP-001and Control of Quality Record, EC-QP-002