Risk-based thinking is a skill that benefits any organization by providing a framework to address potential risks and opportunities before they occur. Since the release of ISO 9001:2015, all new and revised ISO standards have been built on a risk-based approach. While each organization determines how to establish its own risk program, understanding the fundamentals is essential.

In this free webinar, attendees will receive an introduction to risk management based on ISO 31000. The session is not tied to any specific accreditation standard but instead focuses on the general principles and guidelines outlined in the ISO 31000 family of standards. It kicks off a series of webinars on risk. Check out the other webinars scheduled in this series: Understanding Risk Assessment: Identification and Analysis and Understanding Risk Assessment: Evaluation and Mitigation.

Key Takeaways

• Understanding the principles of risk management
• Learn a framework for risk management
• Understand the process of risk management

Who Should Watch?

• Quality, compliance, internal audit, or internal control professionals
• Professionals new to ISO 31000
• Staff seeking common risk language and mindset

Audience Questions

At the end of the webinar, questions were asked by the webinar’s attendees. These included:

• Should risk be expressed as a value, such as low, medium, or high?
• How can I get a copy of the ISO 31000 standard?
• For a laboratory that is accredited to ISO 17025 and has undergone a restructuring process specifically by reducing the middle-management layer—what actions should the organization take to demonstrate to the assessor that the associated risks have been properly identified, evaluated, and managed?
• Can you give an example of a positive risk?
• Is it mandatory to identify risks to the testing and technical issues in a lab? Or can you identify, for example, strategic communication on corporate related risks?
• Is it mandatory to identify risks to the testing or technical issues in a lab? Or you can only identify for example strategic, communication, and corporate related risks and still comply with the ISO 17025 risk requirement?
• ISO/IEC 17025 suggests the lab does its own risk identification. Can assessors cite other possible risks during an assessment?

Presenter