The FDA requires risk management procedures be written and followed. It is called out in ISO 13485, ISO 14971 and ISO 31000.
Manufacturing companies wishing to be ISO 9001-2015 compliant must also have risk management procedures in place.
In any case, the objective of risk management is to create and protect value. One way to accomplish this is to make risk management part of all processes and the responsibility of every manager. A good strategy is to have a systematic, structured and timely approach to risk management.
A risk management procedure could look something like this…
- Identify the Risk
- What uncertainty could affect our ability to achieve our goals and objectives?
- Quantify the Risk
- What is the likelihood that any of these risks become real?
- What would be the financial impact?
- Manage the Risk
- How will you manage those risks? Avoid it – Control it – Finance it – Transfer it to a 3rd party
- Review the Risk
- Assuming a risk took place, how did your strategy work?
All companies are different, so I would expect to see many different approaches to managing risk. I am sure that any approach taken will take into account the steps listed above.
Risk management is a key component of managing any company. When starting or acquiring a company, it is common practice to perform a risk assessment. It is important to know that you are making a sound investment and it is equally important to know that the company will continue to be profitable in the future. There is no doubt that it is important to avoid any kind of lawsuits that could happen.
Even though you performed a risk assessment at one time, have you performed one lately? It seems like a good strategy would be to visit your risk management plan periodically.
Today’s PLM software includes a very good process management component that can be invaluable. It provides document management with process management. It can simplify the critical and complex activity of risk management.
Contact me to learn more…