Biomedical Engineering Reference
In-Depth Information
understand the inherent and intrinsic value of risk management, are adequately
trained, and are familiar with risk management tools and the overall risk man-
agement process.
When a company is implementing a risk management system, a key first
step should be an evaluation of the organization's current understanding of risk
management. The evaluation or gap analysis should assess the state of the current
risk infrastructure, including the following:
• written policies and procedures;
• risk management practices; and
• training and personnel skills.
Integration of risk management into an organization is a multistep process that
begins with this gap analysis of the current state compared to the expected state
and ends with the deployment of a fully realized risk management process. As a
part of the current state gap analysis, the use of an
organization risk maturity level
table
, such as the one shown in Table 3.9, can assist in creating an understanding
regarding where the current level of understanding or risk management resides
within the organization. For example,
• Does the organization have an accepting attitude toward risk management?
• Is the organization simply complying with the requirements by using a tick-
the-box method or has it really imbedded risk management into its systems?
Once the gap analysis has been completed, risk management procedures and
activities should be implemented based on the gap analysis findings. Organiza-
tions should consider piloting aspects of the new procedures such as risk-rating
scales, risk acceptance decision charts, and review processes. Full roll out of the
system can occur after collecting feedback on the pilot program.
Organizations should consider a multilayer approach to training. This would
include a high-level risk management overview training program for the general
employee population. This can be followed by a second level of focused policy,
procedure, and tool-based training. Special facilitator-level training for select
individuals who have been designated as the risk subject matter experts should
also be considered. Other key foundations for the successful implementation of
a risk management system are as follows:
• top level management support and commitment;
• understand the path and start simply and avoid complexity;
• understand what are the organization's internal and external risks; and
• a continuous cycle of learning and improvement that creates a robust risk
management organization culture.
Search WWH ::
Custom Search