Risk-based thinking process flow chart
All the new international standards talk about risk-based thinking so what we're going to do here is a quick example some practical tips and tricks on ISO 9001 risk-based thinking and how it applies to a process.
Today we’re jumping in head first to elaborate more on how to apply risk-based thinking to a process. What I'm going to do is have a quick example for you to give you some thoughts around how to frame it up.
The first consideration is the process steps, and if you think about this is the service industry and you think about your customers- you've got customer check-in, you've got service provision, and you might have the financial part, or the customer payment, and you can make your process steps much more detailed so under obviously the customer check-in or the service provision. The work that you're doing you're going to have a few more steps - 2 or 3 - but we're going to keep it really simple. We're making a table, and we're going to turn this obviously into a risk register, if you like. What we're starting to think about is: what are the things that could go wrong? Let's call them risks. I like to consider when we're thinking about risks: what could upset a customer, so at the customer check-in over here in any business, it could be the wait, it could be a lack of contact, it could be anything around customer check-in process which could be inadequate service.
We're starting to map out the fact that these are all the sorts of things that could upset the customer in the service provision. There might be things that - while they won't immediately upset the customer - could be something wrong; it could be you know it could be breaking the law, so you might be breaking a law or a standard, or a breach or a non-compliance, but the customer won't know about it so you know a house could be incorrectly built for example. The customer is living in the house, they won't know that the house has been incorrectly built, you know if you're builder, so there's breaking the law, there's are industry standards so are there any basic industry standards that your service needs to comply with like ISO standards for example.
Then there's the other parts of the service provision to consider. This relates to lead times: taking too long to finalise with a customer, or could be the costs or how the service is provided, - anything here that's going to make your customer feel violated. Then obviously in the customer payment: is there anything in terms of how we charge - apart from obviously the price - that might upset the customer, like for example, the customer standing there with the credit card ready to pay you, but you didn't tell them upfront that you don't accept credit cards so it could be payment method it could be terms. Some customers - particularly in the business-to-business space - are accustomed to 30, 60, 90-day terms, and you give them an invoice it says COD.
If you're in a factory you're manufacturing stuff and the customer can't have their equipment until they pay for it - and it needs to be paid for to be released but that wasn't talked about upfront and then what we do is we start to prioritize these things and to keep this really simple. Consider whether or not each of these things here are low, medium, or high risk, and consider how and you could you could use a measure here that measures how upset will a customer be if they've got to wait.
So, in terms risk-based thinking about a process, we can start to understand that we've got the process steps, we've got our risks up here, and then we've got our rating. We've got this great Best Practice branding for all the ISO standards that we do, so we're talking about quality assurance here in this example, but there's other types of risk management standards environmental management data security OH&S up there if we were to extend this spreadsheet over here we would add our controls and if you've watched any of other our other YouTube videos in this column and it's that obviously applies to all of these all the way down in this column we're talking about who, what, when, where, how and why, because we had a process step that had a potential issue that could go wrong and this is all about risk based thinking preventive strategies so things don't go wrong.