I am a QMS consultant for ISO, AS9100 and military systems and am looking for a simpler solution for my ISO clients regarding organizational risk management. I currently use a SWOT analysis and Risk register but the register seems too complicated for some of my clients. Your advice on this would be greatly appreciated!
Conducting a SWOT analysis with the relevant people of the organization is the simplest solution when identifying the risks together with a register of the risks found, which is non mandatory document but helps to keep track of the risks and if the actions taken have been successful.
To make this analysis easier you can analyse the risks process by process with the heads of each department who are the ones that better know the activities carried out. In addition, writing a procedure can be also helpful, so everyone follows the same way of identifying and assesing those risks. The register also should be a document as easier as possible to complete, for example, you can include the source of the risk with a description of that risk and actions taken to address it. Make sure everyone understands the procedure before going to the register.