Risk Assessments and Management Methods for ISO Management Systems
Important enhancements have been made to the QMSCAPA™ software module for Risk Assessments and Management.
The QMSCAPA Risk Assessment (RA) module consist of:
- Table of Risk Assessments (current and historical assessments)
- A sub-table of specific aspects of the risk assessments
- A look-up table of the risk impact values with regard to the
- Probability (P) {likelihood}
- Severity (S) {impact}
- Detection (D) {overall detection ability reduces risk
- Five user-defined boundaries, e.g. Very Low, Low, Medium, High, Very High.
The impact values are used to calculate the Risk Priority Number (RPN) for each aspect.
RPN = (P * S * D)
The module is developed around the concepts typically found in a Failure Mode Effects Analysis (FMEA).
The single-user version of QMSCAPA software may be downloaded free of charge, simply click here to join the QMSCAPA users-group.
The Risk Assessments browse table can store a large number of current and/or historical assessments.
The browse window contains sort tabs for instant viewing of data according to the key value of the Tab.- Risk assessments can be performed and recorded for virtually any type of risk related to the organization, relevant interested parties, product, service, staff, logistics, transportation, and cost, including environmental, health and safety.
- View RiskAspects button: Opens a sub-table of related aspects to the highlighted risk assessment may be viewed, added, edited or deleted as needed.
- RIP icon button: Access the Relevant Interested Parties table (RIP).
- Print Assessment button: Use the button to print a Risk Assessment, which includes all aspects and impacts recorded.
- Copy Assessment or Template button: The copy button control copies the currently highlight assessment record.
- The tab 10) Templates applies a filter that only shows the Risk Assessments designed to be templates.
The Risk Aspect module form is configured with 4 main Tabs or sections:
- The General Tab contains information about the failure (generic for incident, breach, non-conformance). The assessment calculation tool (pre and post mitigation results) is designed for rating or assessing a specific aspect of the Risk identified and associated in the Risk Assessment Table. Therefore, a one to many relationship exist between the Risk (parent table) and the Aspects (child table).
- Tab 2) contains fields for additional consequences.
- Tab 3) contains fields for mitigation or risk treatment actions.
- Tab 3) contains a method of generating risk impact statement based upon availability, confidentiality, integrity and financial effect.
1) General tab
(A) In the form image below/right, Describe the failure and the failure mode.
(B) Describe what may cause the failure and the failure effect.
(C) The impact values for calculating the Risk Priority Number (RPN) (pre-mitigation treatments); see the look-up table for impact values:
- RPN = Probability (P) * Severity (S) * Detection
(D) The impact values for calculating the Risk Priority Number (RPN) (post-mitigation treatments);
(E) Look-up Tables for Response to Risk Aspect and the current/last Status of the Risk Aspect.
(F) The RPN can report the pre or post-mitigation action [√] RPN Post Mitigation Action is check-box.
Additional QMSCAPA risk assessment and management information has been published at qmscapa.net.
QMSCAPA™ stands for Quality Management System, Corrective Actions and Preventive Actions. QMSCAPA™ is a Microsoft Windows compatible computer application, which is designed to generate a CAPA log for a Quality Management System based upon the ISO Standards. 
ISO Awareness, Foundations & Internal Auditor Training