Risk assessment

You asked

"1. How should risk assessment be done?

ISO 17025 does not prescribe any particular methodology or formal program.  It requires a planned activity to integrate risk and opportunities assessment into the management system, for example evaluate risks during the audit program. A laboratory must assess the potential impact on objectives and results, and take appropriate, proportional action. You therefore need to introduce an risk level evaluation that results in a risk ranking, so you can prioritise actions. The methodology for a specific risk assessment would generally start with documenting the critical systems or processes, then document the process steps, followed by identifying the risks by looking at the inputs and outputs of each step. Once these are identified you will rate the likelihood of an event happening as high, medium or low; as well as the impact as high, medium or low. Using at a minimum, a 3 x 3 matrix, you then determine the risk level for that specific risk as high, medium or low.

You also asked

2. And in which areas should the risk assessment be performed?"

A laboratory must consider and address risks for all activities which could possibly have a negative impact on the competency, impartiality and / or consistent operation of the laboratory.

Your attention should be focused on spending more time considering risks to performance of tests which are part of your scope of accreditation, along with risks to the overall policies and objectives of the laboratory.  This includes for example, procurement, if a delay in receiving an order could cause a delay in reporting time for a test to a customer.

For a more detailed explanation, you can watch the free webinar How to manage risks in laboratories according to ISO 17025 at https://advisera.com/17025academy/webinar/iso-17025-risk-management-how-to-manage-it-free-webinar-on-demand/

For more information regarding  actions to address risks and opportunities, see the ISO 17025 toolkit document template: Addressing Risks and Opportunities Procedure at https://advisera.com/17025academy/documentation/addressing-risks-and-opportunities-procedure/ 
and for more information on the five steps to address risks, see the article Five-step laboratory risk management according to ISO 17025:2017 at https://advisera.com/17025academy/blog/2019/12/05/iso-17025-risk-management-in-five-steps/

Other responses to similar questions may also be of interest – have a look at What is the efficient way and tricks to address, handle and treat the risk and opportunity? at https://community.advisera.com/topic/what-is-the-efficient-way-and-tricks-to-address-handle-and-treat-the-risk-and-opportunity/