Risk and Opportunity is the new addition in ISO 9001:2015 standard. This module allows an organization to capture risk at context level covering internal issues, external issues, interested parties, their needs and expectations, risks inherent in various processes, services and products.
The traditional position is to define risk as “an uncertainty that could have an adverse effect leading to loss, harm or damageâ€. The definition of opportunity as “an uncertainty that could have a positive effect leading to benefits or rewards†is very similar to the traditional definition of “riskâ€.
When determining the risks and opportunities for your OH&S management system and its intended outcomes that need to be addressed, the organization shall take into account:
- Hazards (see 6.1.
- OH&S risks and other risks (see 6.1.
- OH&S opportunities and other opportunities (see 6.1.2.3)
OH&S opportunities are those directly related to enhancing your OH&S performance, such as adapting the way work is done to prevent injury, or eliminating hazards in the workplace.
What is a risk assessment? Risk assessment is a term used to describe the overall process or method where you: Identify hazards and risk factors that have the potential to cause harm (hazard identification). Analyze and evaluate the risk associated with that hazard (risk analysis, and risk evaluation).
Determine resource gaps which need to be addressed before the implementation of the standard. Make clear the OH&S policies and concentrate on the set objectives. Perform a good planning and then communicate to other employees the way it is best to achieve the implementation of the new standard.
ISO 45001:2018 has 10 Clauses with 4-10 being requirements.
The OH&S objectives should be consistent with the OH&S policy and if practicable, be measurable or capable of performance evaluation. Ideally, the objectives should be specific, measurable, achievable, realistic and time-oriented (SMART).
You will learn about context of organisation and risk-based thinking with reference to Hazard Identification Risk Assessment (HIRA), Occupational Health and Safety (OH&S), legal and other requirements.
Here are seven types of business risk you may want to address in your company.
- Economic Risk. The economy is constantly changing as the markets fluctuate.
- Compliance Risk.
- Security and Fraud Risk.
- Financial Risk.
- Reputation Risk.
- Operational Risk.
- Competition (or Comfort) Risk.
OH&S opportunities address the identification of hazards, how they are communicated, and the analysis and mitigation of known hazards. Other opportunities address system improvement strategies.
A health and safety policy sets out your general approach to health and safety. It explains how you, as an employer, will manage health and safety in your business. It should clearly say who does what, when and how. If you have five or more employees, you must write your policy down.
The goal of an occupational safety and health program is to foster a safe and healthy occupational environment. OSH also protects all the general public who may be affected by the occupational environment.
Steps to OHSAS 18001 Certification
- Learn about the OHSAS 18001 Standard.
- Perform the OHSAS 18001 Gap Analysis, the OH&S Initial Review and the Risk Analysis.
- Plan your OHSAS 18001 project.
- Train your organization on OHSAS 18001.
- Document your OHSAS 18001 OH&S Management System.
- Implement your OHSMS and conduct business.
ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
Audits—according to standards—should flow as follows:
- Determine the risks of material misstatements (plan our work)
- Develop a plan to address those risks (plan our work)
- Perform substantive procedures (work our plan) and tests controls for effectiveness (if planned)
- Issue an opinion (the result of planning and working)
Addressing the risk can provide an opportunity not only to preserve or increase market share, but also to increase profits by charging a premium that sustainability-conscious consumers are willing to pay.
How To Address Risk in ISO 9001
- Identify the risks and opportunities.
- Plan your response.
- Integrate the response into your quality management system (QMS)
- Evaluate effectiveness.
Changing the likelihood or consequences. Sharing the risk. Retaining risk by informed decision. SWOT analysis by the organization as part of its business strategy to identify the external risk and opportunities and action plan to address them.
• Risk/Opportunity: Any issue (positive or negative) that may impact an organization's ability to. achieve its objectives; the effect of uncertainty on organizational objectives.
Step 3 - Risk & Opportunity AnalysisThe purpose of the analysis step is to develop an understanding of the risk or opportunity in order to inform your evaluation and decision of whether a response is required. Here is where you will assess the potential impact and likelihood of the risks and opportunities.
A Risk and Opportunity Register is a list of risks and opportunities with a probability and cost estimate for each, aggregated into a collective risk dollar amount for the project.
How to identify risks – consider all business activities
- What are the activities we do as an organization that have the potential to cause harm?
- What are the causes for this potential harm?
- What are the potential outcomes?
- Some organizations also ask: What barriers do we have in place?
1. Opportunities Management. If referring to previous project risk management strategy definitions, an opportunity is a positive outcome that may bring additional value to a project by allowing achieving improvement.
OH&S opportunities are described as specific OH&S activities that would enhance the OH&S performance, with examples such as adapting work, or eliminating hazards and risks.
Eliminating the hazard and risk is the highest level of control in the hierarchy, followed by reducing the risk through substitution, isolation and engineering controls, then reducing the risk through administrative controls.
Involvement of workers in the OH&S management system and the processes that support it is a key requirement of effective OH&S management as it enables the organization to make informed decisions.
ISO 19011 is defined as the standard that sets forth guidelines for auditing management systems.
Risk-Based Thinking DefinedRisk-based thinking requires companies to evaluate risk when establishing processes, controls and improvements in a Quality Management System. It's important to note that risk isn't limited to negative possibilities.
Hazard Identification Risk Assessment (HIRA) is a process of defining and describing hazards by characterizing their probability, frequency, and severity and evaluating adverse consequences, including potential losses and injuries.
3.21 occupational health and safety risk (OH&S risk)combination of the likelihood of occurrence of a work-related hazardous event or exposure(s) and the severity of injury and ill health (3.18) that can be caused by the event or exposures. Note that hazardous event is not defined.
