by Marc Gardner

Using EQMS to manage risk

To stay competitive in today's market, it's vital you have a good strategy to manage risk. In recent times, some high-profile organisations have learned the hard way that neglecting risk can not only be costly, but undo years of work building a strong brand and reputation.

If your organisation is ISO-certified, or in the process of becoming certified, you'll already be familiar with risk-based thinking and embedding this way of working across the business. ISO standards now require a risk-based approach, where risk is less an isolated part of your quality management system (QMS) and more a feature of the QMS as a whole. With this approach, you can handle risk much more proactively instead of merely reacting when things go wrong.

ISO 27001, for example, requires you to document how you'll assess and treat risk as you implement your information security management system. And while ISO 9001 doesn't formally say you must do a full risk assessment, it does say you must monitor, measure, analyse and evaluate the risks and opportunities.

A commonly used tool for assessing risk is the risk assessment matrix. You've probably seen one before. A grid of reds, ambers and greens telling you what risks are likely to occur and how severe their impact could be.

Manually creating a risk assessment matrix takes a lot of time – you need to identify what risks apply to your business, decide how you'll evaluate them ('likelihood' and 'impact' tend to be the most common) and then assess them based on the criteria you've chosen.

EQMS Risk Manager


EQMS Risk Manager gives you a framework for identifying, evaluating, managing and monitoring risk. By bringing together data into one integrated, central system, EQMS Risk Manager takes away the problem of business units and departments all working in isolation, without transparency or any knowledge of each other's processes.

Identifying risk Any user can log in and suggest a risk. The system directs the suggestion to your Risk Manager, who then decides whether to log the suggestion as a risk to be further assessed, or reject it. The system records the Risk Manager's response and feeds it back to the user who made the suggestion.
Evaluating risk The system keeps a full list of all the risks your business faces. It assesses each risk against the data provided (including likelihood and impact) and uses a formula to calculate a risk level and risk class.  
Managing risk If the risk class and risk level are unsatisfactory, the Risk Manager may take action to lessen the risk (and perhaps lower its class and level) until it becomes acceptable. For higher risks, the Risk Manager may define which action should be taken when a related incident occurs so its impact can be limited.
Monitoring risk The system has powerful risk analysis and monitoring tools such as configurable risk calculators and risk traffic lights. It provides easy access to a bank of assessments so users can see what controls were tested and the results of the assessments. Risk Managers can access a range of reports to analyse metrics, and apply a number of parameters to help with their decision-making.


EQMS Risk Manager saves you time and money by allowing you to assess risks quickly, efficiently and consistently. Its workflow functionality enables you to assign responsibilities and set deadlines to ensure risks are dealt with promptly and never ignored. Your employees know exactly who's responsible for doing what when it comes to limiting risk, which in turn allows you to better demonstrate compliance.


What you should do now

If you'd like to know more about how EQMS Risk Manager can help your organisation manage risk easily, arrange a demonstration by clicking the following link.

Request your EQMS Software demonstration

Tags: Risk Management, Risk Based Thinking