ISO 9001 certified organizations need to identify their potential risks and take action to address them. However, it is not unusual to find companies in the market that have a long list of risks, but that do not focus on those that really affect their operations.
Effective risk management needs to first identify uncertainty in processes and then target mitigation controls. Otherwise, the company may erroneously identify risks and use mitigation controls with no added value.
Yet how can uncertainties be identified correctly? In this article Oscar Combs uses practical examples to show how to identification and mitigation of risks can be done in an effective and meaningful way.