One of the thorniest questions arising from the new ISO 9001 and 14001 standards has been how to deal with the risk based approach required.
What should you do?
For larger organisations this is relatively straightforward – most large companies have a formal risk management system, often consisting of a number of risk registers. Indeed, most companies will be familiar with the concept of Health and Safety assessments – see the following link http://www.hse.gov.uk/pubns/indg163.pdf
Smaller companies need not be scared of this. Preparing the register is simplicity itself if you address it logically. It may even reveal things about your business that you were not aware of, or which you really need to do something about. We would recommend that all businesses go through this process, not least to comply with @isostandards.
Even if you have just a few employees it may come as a surprise just how exposed you are. Take the time to look at each area of the business. Ask yourself what can go wrong. How serious would it be if it did go wrong? What would the effects be? And then, most importantly, what are you going to do about it? You will be equally surprised what you can do to deal with the issues your review has raised. In all probability they will be things that may have been in the back of your mind, but which you have either ignored or put to one side as “too difficult”.
If you have a real and identified risk to your business, you can’t just ignore it. There is always something you can do. If you are worried about the dangers of key employees leaving, look at changing your contract terms. How can you incentivise them to stay? Equally if something unthinkable were to happen to a key person, should you be insured against it? When you break the problem into bite-sized pieces, there is always something you can do in mitigation.