Risk Definition: Effects of Uncertainty is called Risk. An effects has two properties, Positive and Negative. Negative effects are also called Risk and Positive Effects is called Opportunity.
All latest business standard like IATF 16949:2016, ISO 9001:2015, ISO
14001:2015 and ISO 45001:2018 are based on Risk –Based Thinking. Comply the
standard requirement we have to identify the Risks and opportunity and need to
do the mitigation plan for those have the significant effects.
Risk Management Process:
Identification of Risks
Analysis of Risks
Evaluation of Risks
Treatment of Risk
Monitoring, Review and Control
Identification of Risks:
Risk Related to ISO 9001:2015 and IATF 16949:2016:
During the identification of Risks we shall consider the  Internal
and external issues,  Needs and Expectations of Interested Parties, 
Significant effects of QMS Intended Results like Significant Objectives,
Process related Significant Effects, warranty, Field Failure, lacking of
technology, Bossiness Competition, market value, Shortage of Raw materials, outsource Process
Effects to Organization etc.
Apart from the above we shall also include in its risk analysis at a
minimum lessons learned from Product recalls, Product audits, Field Return and Repairs,
Scrap and rework etc.
Example of Risks: High Warranty
Percentage, Lack of Technology, High Scrap, High B/D, less selling value, etc.
Identified risks are generally represented in Risk register.
Risk Related to ISO 14001:2015 and ISO 45001:2018:
While Identification of the risks related to ISO 14001, we have to
consider the  Internal and external issues,  Needs and Expectations of
Interested Parties,  Significant environmental Impacts  Compliance
When determining the risks related to ISO 45001, we have to address the
risk with accounting of  hazards  OHS risks,  Legal and other
requirement,  Internal and external issues,  Needs and Expectations of
Example of Risks: High Noise, Water Pollution, Discharge of untreated
Water, Solid Waste Spilled at outside boundary of factory etc.
Analysis of Risks:
The main goal of Risk Analysis is to calculate the risk score/ rank and
categorize the different types of Risk. In this method we have to collect the
data for Probability and Impact score.
 High Noise at XYZ Area, let probability is 3 out of 10 scales and
Impact is 5 out of 10 scales.
Risk Score = 15
In the Above example, High noise is falling under the Low Risk.
Evaluation of Risks:
The Organization will decide for Significant Risks Cut-off Value. Let
we decide here 51 to 100 is the Cut-off value, then we can surely say the above
Risk [High noise] is not coming under the Significant Risk.
Here we just need to evaluate the Risk whether significant or insignificant.
Treatment of the Risks:
Mitigation plan has to be taken to bring down the significant Score to Insignificant Score
Monitoring, Review and Control:
After the implementation of the Action plan, Effectiveness of Risk needs to be done by regular monitoring of data.