Process-oriented risk analysis is a method used to identify, analyze, and manage risks within various processes in an organization. Instead of conducting a general risk analysis on facilities or products, a process-oriented risk analysis aims to identify risks that may arise when performing the process. Therefore, the risk analysis assumes that the process has been mapped. The risk analysis preferably carried out in a workshop format. For the same reason as when we map the process, we need to have different competencies in the room when analyzing the process's risks.
Here is a step-by-step description of how a process-oriented risk analysis can be conducted using 2c8 Apps.
Define the purpose and goals of the risk analysis
Determine why the risk analysis is being conducted, for example, to improve safety, reduce costs, or enhance quality. Specify what is to be achieved with the risk analysis and how the results will be handled and by whom.
Create an understanding of the process
As mentioned earlier, a process-oriented risk analysis assumes that the process is mapped. If it is not, it should be done first, as it is when the process is described according to the why, what, who, and how that we have all the details needed for a proper risk analysis. If the process is already mapped, it is beneficial for all participants in the risk analysis to review the process description in advance.
Collect data
In preparation for a risk analysis, it can be advantageous to look at historical data. What has happened in connection with the process in the past? Are there deviations, complaints, or negative events that we should consider? Note that an identified deviation is a risk with 100% propability of having occurred. What has changed? Is it equally likely to occur now?
Identify risks
Review the process, in a workshop format, and place the risk objects in the model. Since the risk can arise in an activity, in a business object, or a resource, it is appropriate to draw the relation arrow "Addresses" from the risk object. Sometimes it can be difficult to differentiate between a problem and a risk, so start the risk’s title with "Risk of..." You don't need to write it out, but at least think of those words.
Assess the risks
Once all the risks are mapped in the process, it's time to assess them. The most common approach is to evaluate the likelihood of the risk occurring (probability) and the consequence if it does. In 2c8, it is possible to create fields with predefined values, such as 1-5 or 1-10. The product of probability and consequence is often referred to as the Risk value. Since it is often a relative assessment between the risks in the process, it is smart to see all risks in a table beneath the model. You will find the button to show the table in the toolbar.
Assign responsibility and create an action plan for risk management
Just as you create fields for consequence and probability, you can create a field for responsibility. Who is responsible for developing measures that reduce the risk value? It is often difficult to eliminate a risk entirely, but much can be done to ensure that it does not occur or has minimal consequences. You can quickly generate a list of all risks, including their risk values and responsibilities, in the explorer within 2c8 Modeling Tool. This list can be copied into an email, to Excel or printed in a report for further distribution.
Follow up on risk management
Often, managing risks, i.e., developing, implementing, and evaluating actions to ensure they achieve the desired effect, is a long-term task. It is beneficial to set a new date for the next workshop during the risk analysis, where you can review the action work and hopefully lower the risk values. By this time, new risks may have emerged that need to be assessed, analyzed, and managed in the next risk analysis workshop – forming a continuous improvement cycle.
Comments
0 comments
Please sign in to leave a comment.