Menu
Cart 0

I Have a Risk Register - Now What?

Posted by CALA Training on

Many laboratories are introducing risk registers as one way of showing that risk-based thinking is being used in the laboratory. However, once the risk register is set up, some laboratories are struggling with what to with the register.

First of all, remember that a risk register is a tool that should provide your laboratory with benefits such as improved, proactive management of risks. If the risk register is a 'make-work' tool that is not providing benefits it may be time to reassess your approach.

You do not need to track every possible risk throughout your management system on the risk register. This could end up with a massive risk register with 95% of the entries assessed as having a low residual risk and not in need of action. (For more details on assessing risk see the Using a Risk Register webinar.) 

Doing a risk survey where you look at all potential risks throughout your management system can be the initial step you take in developing your risk register. If you opt to do a full risk survey, document the survey, but don't automatically add every potential risk item to the register. Instead look at what makes sense to track. What the risks that could potentially cause you problems? Which are the risks against critical areas of your laboratory that you should keep an eye on? These are the types of risks that go on the risk register.

A risk register is a living document. It is better to start with a few risk items that you want to track and grow the list if there are other risks that make sense to be tracking. 

Risk registers require attention -- but not constant attention! If a new risk that requires tracking is identified, add it to the register. If a risk is manifested, consult your risk register for details on any planned mitigations. Update the risk register for this item as you work the issue. Otherwise, review the risk register every two or three months. Make any required updates. This review should be done in consultation with everyone who is responsible for assessing risks in the laboratory.

Separate project risks from your main risk register. If you are actively working a major project, give the project its own risk register. Project risks typically need ongoing attention. 

Tell us about your experiences working with risk registers in the laboratory in the comment section.

If you are looking for more information on risk-based thinking, check out CALA's course Risk-based Thinking in ISO/IEC 17025:2017. Also watch for our upcoming webinar Care and Feeding of Risk Registers on June 5.

Share this post

← Older Post Newer Post →

2 comments

Leave a comment ›

  • Replying to Jocelyn – Are you referring to the risk matrix that you use to express the risk? This is a straightforward matrix with likelihood on one axis and impact on the other axis. You need to decide whether to use a numeric system (e.g. 1 to 5, 1-10) or a descriptive one (e.g. Low, Medium, High). The risk matrices used for the laboratory is very similar to the examples you will on the web for safety. The main difference is the impact does not usually deal with safety. Instead it deals with operations, reputation, and business outcomes. If I have misinterpreted your question, please let me know.

    Cathy Wylie on

  • Hi, need help here. I am making my manual for 2017 version that is risk based!
    Now, could I some help if you can share a risk matrix appropriate for this?
    Looking forward for your response of our kind request. Thanks a lot!

    Jocelyn Legaspi on

Leave a comment

Please note, comments must be approved before they are published.