Risk Management is not a mandatory process required for ISO 9001. However, this is a Mandatory process as per AS 9100 and, a Maturity level 2 (ML2) process area for CMMI. Even though the requirements of both AS 9100 and CMMI are similar, there are subtle differences between these two.
To discuss more on the Risk Management (RSKM) we will start with few definitions.
What is Risk?
Risk is an undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.
This is possible at every stage of Production or Service Provision, right from the contract development stage till Post Sales. The potential negative consequence chiefly rely on the Quality, Schedule or Cost. Whatever effort you put in, the process at every stage has some possible slippage (Remember Murphy). The Organization shall look at identifying and mitigating the effects of these likely slippage, at all Levels.
What is risk management?. Why is it needed?
Risk Management is an iterative process to identify, assess, reduce, accept, and control risks in a systematic, proactive, comprehensive and cost-effective way, taking into account the business, costs, technical, quality and schedule programmatic constraints.
Risk Management is needed to reduce the chances of potential negative result of a likely event on the business. This involves a focus on the risks to meeting customer requirements, and preventing product non conformance escapes. The absence of a Risk Management program can result in known, unknown, and unknowable /unforeseen problems for the Customer and Stakeholders about the cost, schedule, and technical performance of programs and about the quality and on-delivery performance of products and services.
In the Second Part, we will discuss the benefits of a Risk management program.