No longer the sole purview of finance and insurance for smaller companies, risk management is pervasive in all areas from quality, safety, environmental, regulatory, commercial to finance and supply chain.

Since many ISO standards now require risk-based-thinking, this makes it a key compliance tool. Instead of waiting for a crisis to arise, a basic risk management process includes hazard identification, assessment (by severity and likelihood), prioritizing and implementing actions to mitigate identified risks, periodically re-evaluating effectiveness, and adjusting as needed.

Here are a few areas to review for risk identification and management: ✓ Production planning: should include change management & process validation (think PPAP and FMEA) ✓ Safety: include job safety analysis (JSA) or Job hazard analysis (JHA) and near-misses not just incident tracking ✓ Manufacturing: data on nonconformances, deviations, and severity of defects helps to spot trends and set priorities

✓ Audit findings: when findings are flagged by risk they identify areas for priority follow-up ✓ Corrective actions: verification of effectiveness should include risk review, so high risk requires more work ✓ Complaints review: filter complaints by risk, and evaluate suppliers by their contribution to complaints