Overview

In the world of business, risk management refers to the practice of identifying potential risks in advance, analysing them and taking precautionary steps to reduce / curb the risk.

Widely, risks can be classified into three types: Business Risk, Non-Business Risk, and Financial Risk. All businesses, no matter what size, must identify these risks and put processes and procedures in place to reduce or mitigate them.

Risk can arise out of poor quality services or goods, disasters or market factors. To ensure that a business is aware of them, and prepared to handle them, Management Systems are implemented and embedded, thereby reducing their effect on the business.

Quality is one aspect of a business’ risk management. This can be done separately, as a Quality Management System or combined with a Risk Management System, becoming a Quality Risk Management System.

The different elements required for the implementation of Quality Risk Management (QRM) – risk identification, analysis, evaluation and control – require tools and practices that are linked to good knowledge management. The initial stages, dealing with risk identification and analysis, should effectively capture knowledge, map processes, and allow the definition of different objects (unit operations) with specific attributes (inputs and outputs). That should be followed by establishing the connection between those inputs (process parameters) and outputs (quality attributes), from which the whole criticality analysis exercise will develop.

Management systems

There are over 1200 ISO Management Systems currently active around the world. However, there are a core number of management systems that every business should consider implementing. Some of the many reasons for having a Management System are that they: