HACCP Mentor Amanda Evans-Lara - HACCP Mentor

Evaluating Your Risk Management Framework







If you have been following the risk management steps that we have been discussing in Season 2 of “Off the Menu”, you should have implemented the framework by now. In Episode 5, Peter and I chat about effectively evaluating the risk management framework and how it has been implemented.







































The core focus of the evaluation process is to determine if the implementation has been effective or not. There are several aspects to focus on including:









* How often they are conducted







* What the evaluation should focus on







* How to determine if changes needs to be made to the framework





















Table Of Contents





Frequency of evaluationConducting deeper divesEvaluating behavioural changesPotential issues for annual evaluationsA reactive perspective and root cause analysisThe focus of the evaluationRisk identification and rectifying issuesRequirements for food safety cultureAssessing the success of behavioural changeIgnoring blatant issuesReporting on behavioural changeDetermining if changes are needed to your frameworkWrap Up



















Frequency of evaluation







The frequency of when the risk management framework should be evaluated is related to the confidence in the system. You need to understand your confidence level, and that comes from the amount of data and planning you’ve done to set up in the first place.







You would do more evaluations in the beginning. As time goes along, you reduce the number of evaluations that you need to do because you’re building up a level of confidence not only your team and culture, but also the process to deliver the outcomes. At a minimum, you should be conducting monthly internal assessments to make sure that whatever you have put in place is working.







Conducting deeper dives







When your confidence in the system has grown, you would then go to six monthly deeper dives. We want to see that what we’ve put in place is delivering a change in how we’re doing things in order to get to the desired outcome.







So what does that really mean? It means did we save money somewhere? Did we reduce the number of errors that were occurring in the system? Did we change the way people are thinking about risk on site...

Season 2 of “Off the Menu” dives into the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to risk management activities in your business.

In Episode 4, Peter and I walk through implementing the risk management framework. We also discuss:



* Getting commitment from everyone

* Providing value in the organisation

* Formulating the steering committee

* Who should be on the committee?

* Cross-over with company culture

* Project management tools

* Productivity in the workplace

* Benefits of a multi-functional committee

* Allocating time-based tasks based on motivation

* Getting project engagement

* Ownership for implementation

* Modifications to the implementation process

* Adapting to supply chain issues

* The rouge employee

* Educating staff on modifications





















Adapted Podcast Transcription

The following information provides the key concepts that both Pete and I spoke about in this podcast. Our conversation was inspired from an article that Peter published called “How to Implement the Risk Management Framework”.

























Click to Read













Developing your roadmap

When implementing your risk management framework the first thing you need to do is to create a plan, or a roadmap, for how you’re going to go about your implementation. Your roadmap needs to pan and assign clear responsibilities to each team involved. This also includes identifying who needs to be consulted in the process.

There are a number of project management tools you can use for this process. Here a few to get you started:



Gantt Charts

Microsoft Excel

Google Sheets

Microsoft Project

Trello

(This is my favourite)

Monday

Teamwork Projects

Zoho Projects

Asana



Allocating enough time

One of the hardest resources to manage during the implementation process is time. With human resources, it's important to use that time as efficiently and effectively as possible to avoid overworking your team. That includes being considerate in the day-to-day operations and what lies ahead for them.

It's best to get both the employee and their manager on board. If you establish a plan for this in advance, it will help keep you on track with your time and efforts.

Implementing modifications

As you go through implementing your risk management framework, you may find that modifications will need to be made.

Season 2 of “Off the Menu” dives into the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to risk management activities in your business. In Episode 3, Peter and I walk through integrating and adapting the risk management framework. We also discuss:



* Hanging up the receiver

* Understanding your business structure and context

* The role of governance and strategy

* Is it really organic?

* Risk management accountability

* Responsibility versus accountability

* Being dynamic with your integration approach





















Adapted Podcast Transcription

The following information provides the key concepts that both Pete and I spoke about in this podcast. Our conversation was inspired from an article that Peter published called “Integrating and adapting the risk management framework to your organisation”.

























Click to Read













Understanding the structure of your business

The first step to adapting and integrating the risk management framework is understanding the structure of your business. Structure can be as simple as identifying your organizational hierarchies right through to the assessing the functions and networks that exist within it. The bigger the business the more complex the hierarchies may be.

The majority of GFSI standards require you to document an organizational chart and include roles and responsibilities for key food safety contacts. This is a great starting point to expand and capture additional reporting lines for your business.

Risk management governance

Governance and strategy are key to helping you integrate and adapt the risk management framework in your business. But what is governance? Governance is the steering head of your organisation. It helps to inform the decisions you do and don’t make; it regulates the relationships within and outside of your organisation, and it also ensures that the purpose and goals of your processes and procedures are being achieved to the best of their ability.

Relating governance to strategy

For good governance to be effective, it needs to work closely with your organisation’s strategy. This is because good governance informs your strategy, and strategy is a tool for good governance objectives to be executed. Examples of strategy can include having safe food for consumers to eat.

Risk management accountability

We mentioned in a previous episode that risk management is everyone’s responsibility within a business. It does not matter if you are the CEO or the cleaner, everyone is responsible. This holistic view of responsibility can help with defining specific accountability when integrating risk management throughout the business.  

An example may be allocating a HACCP Team leader for your business. Although everyone in the business is responsible for ensuring food safety, the HACCP team leader is explicitly dedicated to the role of food safety compliance.

Being dynamic with your integration approach

Risk management integration is a dynamic process in which you try something, you implement it and if it is not quite right, you adjust and make changes. If the risk is not minimised, mitigated, or eliminated – change it. We need to be flexible because a href="https://haccpmentor.

Welcome to Season 2 of ‘Off the Menu’. The focus of Episode 2 is unpacking the role and importance of leadership and commitment to supporting robust risk management practices. Tune in to listen to Peter and I talk about the – what, why and how of leadership and commitment. We also discuss:



* The importance of leadership and how that relates to section 5.2 of ISO 31000

* How to demonstrate leadership and management commitment in your business

* Thinking about problems in business

* Top-down approach to risk management success (not bottom-up)

* Good and bad examples of a committed leadership

* Developing your organisational policy

* Allocating resources to support risk management

* Resource accountability, responsibility and accountability

* Plan-Do-Check-Act

* The RACI Model

* The risk perspective of external stakeholders



 



















Adapted Podcast Transcription

The following information provides the key concepts that both Pete and I spoke about in this podcast. Our conversation was inspired from an article that Peter published called “Leadership and Commitment in the context of the Risk Management Framework”.

























Click to Read













The Role of Leadership

One of the most important roles that leadership can take on is by developing a solid and consistent commitment to good risk management practices.  Leadership is important because it is charged with writing and directing the policy of risk. This means determining what does ‘risk’ look like in the organisation.

Demonstrating commitment

It is one thing for management to say they’re committed to good risk management practices, actually doing so is a totally different matter. Leadership and commitment can be demonstrated by allocating resources. These include:



Human capital: Providing sufficient people to get the task done

Time: Providing enough time to effectively develop, implement and complete tasks

Finances: Nothing comes for free! Adequate financial resources and capital assets are required for all projects and compliance initiatives to succeed



Food Safety and Quality Policy

When top management designs these statements and policies, they should also be appropriately assigning authority, responsibility and accountability to all team members. Naturally, this acts as a tool which can help ensure that risk is effectively being managed throughout your organisation, not just at the top level. It can be especially helpful to work collaboratively with these people to garner feedback as part of your commitment to continually improving your risk management practices.

The RACI Matrix

The RACI acronym stands for Responsible, Accountable, Consulted and Informed.  For any policy, procedure or practice, there could be multiple people that have one of the RACI activities assigned to them. RACI is a really helpful tool especially if you are trying to implement or maintain a process in your business. You can start using this matrix by asking the following questions for each process in your business:



* Who is responsible for getting the process done?

* Who is accountable to getting it done?

* Who has been consulted to make sure that the process can be done?

Welcome to Season 2 of ‘Off the Menu’. Episode 1 introduces you to the ISO 31000 Standards, the guiding principles, and the risk management framework.  In this podcast Pete and I talk about:





* Why you should care about risk management

* Making choices around risk

* Aligning your business to risk management principles

* Continual improvement in the food industry

* Appetite for risk

* Positive impacts associated with risk

* The minimum level of compliance

* Implementing a positive risk culture

* Integrated systems

* Starting with food safety culture

* Understanding the ‘Why’

* Defining an acceptable level of risk in the business

* Customising your risk management approach

* Stakeholder input

* Levels of acceptable risk

* Evidence-based information to support decision making

* Reanalysis and reassessment of business systems

* Implementing a dynamic system

* Risk management framework

* Risk is a social activity

* Structuring the risk management process

* Who is responsible for risk?

* Completing a cultural risk assessment

* Examples for evaluating risk management 

* Key components of the framework























Adapted Podcast Summary

The following information provides a more structured account of the concepts that both Pete and I spoke about in this podcast. It has been taken from an article that Peter published called “Navigating Risk in our Time - Introduction to the Risk Management Framework”

We always have a lot of fun making the podcast so it will be useful to listen in to get real-life and practical examples of the risk management principles and framework.  

























Click to Read













ISO 31000 Standard

The ISO 31000 Standard was introduced to give organisations practical guidance on how to manage their risk. This risk can be applicable in any aspect of your organisation, whether it be internal or external, current or prospective. Whatever the case may be, the Standard helps organisations customise their risk management practices to their wants and needs.

The guiding principles of risk management

These principles are the foundation and guiding light for our organisation’s operations and processes, as well as how they relate to our risk management practices and procedures. At the core of these principles is one uniting principle - the creation of value and protection of value.



* Continual improvement: this refers to how we leverage our learning experience/s to better develop and improve our current practices and processes.

Integrated: this refers to how well your practices fit within your organisation. Do your risk management practices fit well? Are they cohesive with everything else going on around it? Essentially, is it integrated

Structured and comprehensive: this refers to how well rounded your practices are. Good risk management practices are thorough, of which is usually achieved through a structured and comprehensive approach.

Customised: this refers to whether or not the practices you have are tailored to your organisation’s needs and objectives both internally and externally. Your strategic plan will be helpful here in addressing your objectives.

Inclusive: this principle creates a space for your key stakeholders to be involved with contributing to and developing your risk management practices. In particular, this involvement is to be in a timely manner so you can leverage your stakeholder’s knowledge to strengthen your practices.

Dynamic: this principle refers to the threats that may arise...

Becoming an expert food safety professional does not happen overnight. It can take many years of deliberate practice and dedication to the larger cause. In episode 9 of ‘Off the Menu’, tune in to find out what an expert is, their common traits and how much continuing education contributes to this level of mastery.