Risk Register

Hello all, Glad to meet you all
I'm new to ISO 2015
I'm look for a template of how people/companies are tracking internal risk.
Thanks

 

We use FMEA. You can google for forms and such online.

 

There's a risk register on here under resources.

I'm unfamiliar if ISO: 9001: 2015 requires a risk register or FEMA?

Whats the difference @Golfman25?

 

You don't need a risk register -- ie; a list of risks. We basically look at two types of risks -- global business risks and process risks. The global risks we use a SWOT analysis. The process risks we use process FMEAs -- basically where can we mess up.

 

My approach is: I determine risks and/or opportunities for every process then determine actions to address them. The results of actions are reviewed during our monthly management meeting. We treat our tool as a "living document" and should be updated whenever we identify new risks/opportunities, nonconformity, new internal/external issues or new requirements. Updating of this tool may trigger revision of our documented procedures. See my sample template below:

 

Tony's Would you find useful to use like a technical sheet to evaluate risks.
To use one sheet for each risk, having such document controlled?
In This way if a change ocurrs in the risk , is a controlled change, compared to have a live excel document, in which is not easy to have control.
Thanks

 

A spreadsheet like MS Excel is okay for documenting risks/opportunities and the actions to address them.
Use of one sheet per risk might be impractical.
Should you use an excel spreadsheet, put a date on when each risk/opportunity and action is entered into the spreadsheet rows. So every time you update the list (e.g. new risk is identified), you only need to indicate the date of the latest entry. See sample of my old template below:

 

Thanks
But I refer when a risk is changed or actions, in an individual sheet you can have control of that change, while in a spreadsheet (because is live document) is not possible to have control of changes.
Would it be convenient such management?

 

Nice Sir Tony!

lodi petmalu

 

Dear Tony s

Just lasts questions

I´ll try to implement an approach like yours for the RBT, for that
just want to make questions.

1. Do you manage the residual risk? and how
2-What is your criteria to close out a risk?
3- What do you do if actions of risks were not effective?
4- You say that in MR meetings effectiveness of actions are reviewed, for this
is enough that in MR records, after asked to managers, to state " yes or Not", or evidences are required to be shown?
e.g. a production record, records of training, corrective action closeout?
5- Only to confirm, I know you dont rank risks, nor use probability and impact
you only do an approximate feeling of the risk, without using formulas or special equations, and you dont have a written procedure
to manage the risks.

Hope my questions are clear.
I really appreciate your help