(QSE Series, 3/6) Risk and Opportunity Analysis: Adding Value to Your Integrated Management Systems

The voluntary standards for quality (ISO 9001) and the environment (ISO 14001) in their 2015 versions, as well as the upcoming ISO 45001 standard for occupational health and safety expected in March 2018, require the implementation of a management system that enables the organization to improve its performance, particularly by identifying contextual factors ( (as we mentioned here) , along with an analysis of the resulting risks and opportunities.

What do these two concepts entail? Risk is defined as the effect of uncertainty, which implies a cause-and-effect relationship between a number of factors (legal, social, societal, etc.) and their impact on the expected outcome. Opportunities, on the other hand, refer to the efforts required in relation to the expected benefits. If a company must expend significant effort and the expected gains are low, the opportunity is not worth pursuing. Conversely, if the potential benefit is substantial, then there is an opportunity to be seized, and understanding it will shape the planning of actions.

QSE: Better Targeting of Initiatives

The main advantage of this approach is that it focuses on issues identified by the organization as priorities and strategic priorities. It is better to carry out fewer actions but target them more effectively in relation to the desired performance than to try to address everything and spread oneself too thin across too many topics. This temptation toward exhaustiveness was a risk for management systems as formalized in earlier versions of the ISO 9001 and 14001 standards.

Taking the example of personal data management, there is an opportunity to implement a simplified and centralized digital data management system. This should be accompanied by a targeted IT security framework tailored to the different types of data collected, in order to minimize the risk of leaks involving particularly sensitive data. Each type of data can thus be handled using an appropriate processing method.

An analysis of risks and opportunities based on external and internal issues, as well as the expectations of relevant stakeholders, should enable you to consider four performance factors of your management systems: your ability to provide a product or service that meets customer requirements; your contribution to desirable or positive outcomes; your ability to prevent undesirable outcomes; and how to improve your product or service.

No specific method is required to guide you in assessing risks and opportunities. Very often, the concepts of frequency and severity are used because they are well-established in the field of health and safety for establishing cause-and-effect relationships. For each risk in your management system, you can define the frequency of exposure and the severity of the impact on the management system. Similarly, the questions used to develop the Single Document (DU) regarding the risks identified within the company and their ratings will be useful for prioritizing which risks to address. Following the same logic, the significant environmental aspects identified through the environmental analysis will be taken into account when planning performance actions.

A decision-making tool

The risks-and-opportunities approach proves to be a valuable decision-making tool that supports the setting of priorities. “In the past, certain preventive measures might have been implemented by chance, based on a passive approach. “In contrast, QSE standards, through this concept of opportunity, help organizations understand the benefits of capitalizing on a situation,” explains Frédéric Mounier, an expert trainer in QSE topics at AFNOR Compétences. “This leads to more proactive approaches, because simply addressing a risk is not enough to seize the opportunity.”

Take the implementation of remote work, for example. It can help reduce traffic risks, lower the carbon footprint, and offer customers more flexible hours for contact.