RISK ASSESSMENTS
At the beginning of a new year, we (humans) have a tendency to assess the previous year and makes resolutions for the up-coming year. The same is true for our work life when we develop our goals and objectives. These are great individual exercises in understanding your strengths, wants and areas for improvement as a professional. However, how often and how diligently do we evaluate the infrastructure that is expected to support your performance? How do you know what the risks and barriers to success are?
The standard response is that the audits ‘catch’ those things that need to be improved. Audits are necessary and mandated by the regulations. An audit is a retrospective review of documentation to identify non-compliance. The interviews conducted are, generally speaking, the conduit to determine what type of documentation to request. That documentation is reviewed to assess if it supports or agrees with the information provided during the interview. In addition, the look back for an audit is usually about two years. Processes and organizational structures change frequently so some of what is reviewed could be moot based on how the company has evolved. Additionally, an audit lasts, on average, three days. Three days is very short timeframe to complete an in-depth review of two years’ worth of content to have absolute confidence that all non-conformances are identified. Audits are conducted as part of the company’s Quality Management System. The Quality organization is conducting audits, choses and qualifies the auditors and produces reports that contain non-compliances. All non-conformances are risks, however, not all risks are non-conformances. As a functional area, this makes it extremely difficult to understand the strengths and weakness of the function and the associated risks which could impede improvement or are barriers to success. Performing an internal assessment is an activity that identifies risks before they become non-compliances.