INTRODUCTION AND OBJECTIVES
When planning to adapt to the new ISO 9001:2015, the organization must consider risks and opportunities in relation to the desired and unwanted effects in order to plan actions and ways to address these risks and/or opportunities. In KRC® the management of risks and opportunities is carried out in the flow of Risk Management that allows to assess the potential risk for all activities, managed directly or through third parties, which may be subject to a risk or opportunity event. The objective of the project is to introduce and support the evaluation of process performance, the assessment of the risk of not reaching/exceeding the same and its impact on company objectives.
THE CONSULTING PROJECT
The Company has activated the Risk Management Module of the KRC® platform, therefore it has expressed the need for a consulting activity for the implementation of its Risk Management Model. KEISDATA will prepare a Risk Model contextualized to the type of company and the sector it belongs to and consistent with the recent product business plan. The activities related to the various phases of the Risk Management process are presented below.
Phase definition of operational objectives
This phase is currently underway and at the expense of the company. The list of objectives will be used for risk association.
Risk Model Identification phase and Methodologies and criteria
KEISDATA will prepare a Risk Model, contextualized to the current and emerging company type and sector, from which to start the personalization phase. The main evaluation criteria for risk events will be defined: the parameters that allow the determination of levels and related classes of risk, the types of Qualitative and/or Quantitative assessment.
Phase of alignment with the Directors and Identification Evaluation of risk events
The Model makes it possible to predict events that can compromise the achievement of company objectives or that can highlight new opportunities.
The phase is characterized by the support, by KEISDATA, to the contact persons (Risk Owner) to fill in the risk event cards. This activity will also be training for the development of a mentality oriented to risk management in a logic of long-term performance.
Risk treatment phase
The risk treatment phase is envisaged in the RM form. This phase will require verification with the improvement action plan currently underway (NC improvement and management objectives) and where not consistent or insufficient will be carefully assessed before proceeding with risk mitigation management.
Reporting phase to the BoD
This Phase will be activated as soon as the Risk Model will be deemed consistent by ....