Conducting a SWOT analysis with the relevant people of the organization is the simplest solution when identifying the risks together with a register of the risks found, which is non mandatory document but helps to keep track of the risks and if the actions taken have been successful.
To make this analysis easier you can analyse the risks process by process with the heads of each department who are the ones that better know the activities carried out. In addition, writing a procedure can be also helpful, so everyone follows the same way of identifying and assesing those risks. The register also should be a document as easier as possible to complete, for example, you can include the source of the risk with a description of that risk and actions taken to address it. Make sure everyone understands the procedure before going to the register.
Here you can find a free preview of an example of the Procedure for addressing risks and opportunities -https://advisera.com/9001academy/documentation/procedure-for-addressing-risks-and-opportunities/
You can find more information about risks and opportunities in ISO 9001:2015 in the following links:
- Article - How to address risks and opportunities in ISO 9001: https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Article - Does ISO 9001 require a procedure for addressing risks and opportunities?: https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/
- Enroll for free course - ISO 9001:2015 Foundations Course - https://training.advisera.com/course/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/