written by Maree Stuart
The world can be a risky place!
With claims by Mark Bouris who says Australia runs the risk of “going overboard” and pushing interest rates too high next year, and ongoing risks to our personal data and privacy through data breaches, we’re besieged by warnings about the present and the future.
Those warnings don’t just come from lofty external experts.
Let me tell you a story………
A business we know went through an internal safety audit recently. The auditor found that they needed to manage risks associated with samples being stored on high shelves. This had been raised at a previous audit and the solution at the time was to invest in a platform ladder. At this stage the Systems Manager threw his hands up in the air and said what more can be done?
Sure, they had invested in expensive equipment to minimise risks from manual handling of materials at height. Was the auditor saying that they had to keep everything at ground level? It seemed like the auditor wanted a zero risk of anything bad happening.
After a chat over a few drinks (well it was hot!), we found that the issue was not with the selected solution, but in the application of the risk management process. There had been no review of the risk register for over a year. Plus there had been personnel changes in the area in question.
The Systems Manager is now working on a review and update of the risk register to better characterise the residual risk and identify if there is anything further that should be done.
But how can we handle these things in a reasonable way?
Well, no doubt you’ve read through the ISO 9001 and ISO/IEC 17025 standards plenty of times and you’ve seen an increased emphasis on risk-based thinking. These standards (along with ISO 31000) give us the clues to how we can tackle this challenge.
We’ve written articles previously about risk management and discussed how the requirements need you to look at risks in a more formalised and strategic way.
Since it’s not prescribed HOW this should happen, some labs may be uncertain about the steps needed to deal with risks and opportunities. But if you start with a basic risk management process, you won’t go wrong.
Simple risk management processes for success
Your lab needs to plan and implement actions to address risks and opportunities by adopting a process approach.
There are 5 steps to do this.
- Identify the issue/ hazard/ risk/ opportunity
- Analyse the identified issues
- Evaluate or rank them
- Determine actions to deal with the issues appropriately
- Implement and monitor for both ongoing suitability of the actions and relevance of the identified issues to your business
Let’s take a quick look at each of these steps.
Step 1: Identify
The first step is identifying risks.
You won’t get a cross section of opinions by sitting in a room on your own with a whiteboard! This must be a team effort and you can achieve this through brainstorming with relevant stakeholders.
Who are the relevant stakeholders? At a minimum this should include representatives from management, quality, and technical staff.
Consider internal and external sources of risk. Internal inputs could be things like test methods, staffing changes and machinery. You might like to think about the steps in, say, a test method and where things could go wrong. Starting with a Failure Modes and Effects Analysis could be a useful approach.
You can find external sources of risk from evaluation of future scenarios (positive and negative) and SWOT analysis. Don’t discard any suggestions at this point. In fact, ‘global pandemic’ is probably on everyone’s risk register now!
Step 2: Analyse
Use a matrix to assign a value to determine low, medium, or high levels for each risk your team has identified.
The value could be either descriptive (low, medium high) or quantitative (on a scale of 1-10). The level of risk depends on likelihood and how severe the consequences would be if it were to occur.
You could use a separate matrix for risks and opportunities but it’s important to address both the good and the not so good. Think about it: the real risk of not being able to work with colleagues throughout lock-down has led to innovative new ways of work.
Step 3: Evaluate or rank them
Once you’ve determined the level of the risks (or opportunity), you’ll be able to rank which risks and opportunities to address first.
The higher the level, the more priority you should place on addressing the risk or opportunity.
Perhaps the team will start with the easy things to get some ‘quick wins’ and demonstrate the value of implementing risk management to staff members. Or they could focus on the highest-level issues that may result in critical risk and move down the list in order.
Ranking should also consider the availability of your resources and the costs involved in addressing the risks and opportunities.
Step 4: Determine the actions
Management commitment to funding, resourcing and implementation will be a factor in determining your actions.
Whatever the case, it’s important to assign someone (or several people) to be responsible for the actions. Ensure there is a realistic timeframe for completion, so they don’t drag on.
Step 5: Implement and monitor
It’s not a solution if it doesn’t work!
Whatever actions you decide on, you must implement them in the lab. This includes putting someone in charge of ensuring the actions are having the effect they’re supposed to.
If this isn’t happening, the person responsible can raise this with the rest of the team during a follow up meeting.
This isn’t a ‘set and forget’ exercise. As part of your quality system, you should undertake a periodical review of your risks. This is particularly the case if something in the lab changes or there’s an industry development that could affect your lab.
And of course, this will demonstrate your commitment to continuous improvement in your business.
Write it down
Although there isn’t a requirement to document the process, having records means you’re able to provide evidence to your NATA accreditation or ISO 9001 certification team. Documenting the risk management process in a procedure can help with transferring knowledge about the system to your staff today and into the future.
Your risk register can be used for this purpose since it lists your risks and opportunities, analysis, risk level and the actions that need to be taken.
Remember, there’s no ‘one size fits all’ to reduce risk. It’s all about determining what’s important to your lab.
What if I need help?
That’s why we’re here!
Our Risk Management in the Lab training course will give you all the help you need. We’ll answer your questions and give you practical, hands-on activities to support your work and your business.
Send us an email to express interest in this course or, if you have a number of people you’d like trained we can run an in-house session for you.
Call Maree on 0411 540 709, Diane on 0402 012 781 or email firstname.lastname@example.org and discover how we can support risk management in your lab!
Remember, you don’t have to do this alone!
Download the article 5 secrets of successful risk management