Document No :

Rev. No. :
Addressing Risk & Opportunities
Page No .

1.0 PURPOSE
This procedure aims to define the method for identifying and analyzing the risk and
opportunities associated with the organizations activities and services in order to address it
thru determining whether existing controls are adequate and effective.

This enables the organization to identify, modify, and establish abatement measures
through management systems with the intention of preventing or reducing their adverse effects
on organizations context.

2.0 SCOPE
The methods specified in this procedure apply to those Risk and opportunities associated
with the processes and services that the organization can control or over which it can be
expected to have an effect, these will include but not limited to:

1.1. facility, utilities and equipment maintenance and repairs;

1.2. operations, commercial;
1.3. personnel management and development;
1.4. management of used materials, parts and wastes;
1.5. supplier communication and control

3.0 DEFINITION OF TERMS

RISK- is the effect of uncertainty and any such uncertainty can have positive or
negative effects. A positive deviation arising from a risk can provide an
opportunity, but not all positive effects of risk result in opportunities.

Opportunities- can arise as a result of a situation favorable to achieving an

intended result, for example, a set of circumstances that allow the organization
to attract customers, develop new products and services, reduce waste or
improve productivity. Actions to address opportunities can also include
consideration of associated risks.

RISK Assessment/ Risk Matrix- combination of the likelihood of an occurrence of an

adverse event affecting organization issues and the severity of the effect that can be caused by the
event. The process of evaluating the risk arising from issues/ context/ processes, taking into
account the adequacy of any existing controls, and deciding whether or not the risk is acceptable.

Acceptable Risk- risk that has been reduced to a level that can be tolerated by the
organization having regard to its legal obligations and its own Quality policy.

This document is a property of Silang Water District and the content are treated confidential therefore, unauthorized reproduction is
strictly prohibited unless otherwise, permitted by SWD Management

FORM No. Rev. No.

 Document No :

Rev. No. :
Addressing Risk & Opportunities
Page No .

4.0 REFERENCE DOCUMENTS

ISO 9001:2015

5.0 PROCEDURE

5.1 Identify Risk thru Assessment- To ensure ongoing identification, risk

assessment, and determination and improvement of necessary controls to prevent or
mitigate the degree of impact associated with the Quality/Business risks, the organization
shall initiate implementation of this procedure based on the following circumstances:
5.1.1 For establishing controls on activities/ process with the highest risk rating;

5.1.2 For establishing controls for activities with the potential to cause severe impact
or consequences

5.1.3 For establishing controls to activities that are new or have undergone changes
in processes and procedures;

5.1.4 For establishing Quality Objectives and programs and prioritize efforts to
address activities with significant risks; and

5.1.5 For ensuring new or modified controls that resulted from corrective and
preventive actions are appropriate prior to implementation.

5.2 Identification of Risk and Opportunities. (This activity must be performed in consultation with
the area personnel). Conduct Division Activity/Process review to identify Risk associated with the
various activities performed by the organization. The review should follow the following steps:

5.2.1 Select the activity to be analyzed. All activities should be subjected Risk
identification. The Risk and Opportunities identification process will be repeated
whenever new processes, or the environment change takes place.

5.2.2 Whenever possible, break the activity down into sequence of steps. After an activity
has been chosen for analysis, customarily the next stage is to break the activity into
steps. A job step is defined as a segment of the operation necessary to advance the
work.

5.3 Identify all Risk and Opportunities. Once the basic steps have been recorded, potential or
existing Risk and Oppurtunities must be identified at each step. Based on observations of
the activity, knowledge of Risk related to each activity, list the things that could go wrong at
each step.

5.4 Identify impact or consequence. The next step is to determine, for each RIsk, the
corresponding actual or potential impact or consequence that can adversely affect the
process.

The assigned analysts should consider the different conditions of the activity being
analyzed and determine whether the impact/ consequence can occur during normal,
abnormal or emergency conditions.

NOTE: It is helpful for the analyst and the area personnel to describe the existing
controls (this will be rated later during the accomplishment of the Risk Assessment
and Control Worksheet/ Matrix) and, initially identify appropriate controls to eliminate

This document is a property of Silang Water District and the content are treated confidential therefore, unauthorized reproduction is
strictly prohibited unless otherwise, permitted by SWD Management

FORM No. Rev. No.

 Document No :

Rev. No. :
Addressing Risk & Opportunities
Page No .

or mitigate risks. Write them down on the fourth and fifth column of the RISK
Identification Matrix.

5.5 Prioritize Actions on Risks Phase 2. Due to the organizations finite resources, Risk that
transpire as significant after conducting Risk assessment/ evaluation shall be tackled by
priority basis. Activities/ Process that have higher Risk Priority Number (RPN) shall be
given precedence over activities with lower RPN. RPN shall be calculated by:

RPN = Severity (S)* x Likelihood (L) x Degree of Control (C);

Assessment for application of appropriate actions should be first directed to significant

Risk; then those with high severity; and lastly, those with high Risk Level based on the RPN
value.

Use the tables on Risk Matrix, Risk Assessment Form, Risk Based Control Plan for
obtaining the ratings for Severity (S), Likelihood (L), and Degree of Control (C) and for
identifying priority of actions based on the Risk Level.

NOTE. The assigned rating for the Degree of Control (C) is based on the result of the evaluation of
the existing controls.

5.6 Establish Controls on Risks. Recommended controls initially obtained using Risk
Assessment Form can be used as basis for determining the appropriate controls to
eliminate or mitigate Risk and Consequence and eventually opportunities for improvement.
The ISO Committee shall ensure that controls are supported by the top management and
suitably maintained.

5.7 Re-assessment of Controls. The ISO Committee shall initiate re-assessment to determine
whether the control measures are effective. The re-assessment shall be carried out on an
annual basis.
Changes to assessment methodologies or major changes to the organizations
infrastructure, products, and process may require the ISO Committee to repeat this process
more frequently than on annual basis.

6 FORMS ATTACHED

Excel File : Risk Matrix, Risk Assessment Form, Risk Based Control Plan

This document is a property of Silang Water District and the content are treated confidential therefore, unauthorized reproduction is
strictly prohibited unless otherwise, permitted by SWD Management

FORM No. Rev. No.

 Document No :

Rev. No. :
Addressing Risk & Opportunities
Page No .

This document is a property of Silang Water District and the content are treated confidential therefore, unauthorized reproduction is
strictly prohibited unless otherwise, permitted by SWD Management

FORM No. Rev. No.