RISK MANAGEMENT

PROCEDURE

SOP-041
1 Version : 01
 Version Control

Rev. History Description Of Page

DCR No.
No. Date Revision No.

00 06/04/2025 First Issuance - -

2 SOP-04
 Contents

1 Terms & Definitions

2 References

3 SOP Purpose

4 SOP Scope

5 Roles and Responsibilities

6 Procedures

7 Relevant Procedures and Forms

8 SOP Approval Cycle

3 SOP-04
Terms & Definitions

Terminology The Definition

Effect of uncertainty on objectives
• An effect is a deviation from the expected. It can be
positive, negative or both, and can address,
• create or result in opportunities and threats.
Risk
• Objectives can have different aspects and categories, and
can be applied at different levels.
• Risk is usually expressed in terms of risk sources, potential
events, their consequences and their likelihood.
Coordinated activities to direct and control an organization
Risk Management
with regard to risk
Person or organization that can affect, be affected by, or
Stakeholder
perceive themselves to be affected by a decision or activity
Element which alone or in combination has the potential to
Risk source
give rise to risk
Event Occurrence or change of a particular set of circumstances
Consequence Outcome of an event affecting objectives

4 SOP-04
Terms & Definitions

Terminology The Definition

likelihood Chance of something happening
Control Measure that maintains and/or modifies risk
RMR Risk Management Report

5 SOP-04
References

• ISO 9001:2015 titled “Quality management systems —

Requirements”.
• ISO 9001:2015/Amendment 1:2024 “Quality management systems
— Requirements”.
• ISO 45001:2018 titled “Occupational health and safety management
systems”.
• ISO 14001:2015 titled “Environmental management systems”.
• ISO 31000: 2018 Risk management — Guidelines.

6 SOP-04
SOP Purpose

• To establish, document, maintain and continually improve a system for

risk management process.
• To systematically identify, assess, and mitigate risks across all aspects of
our operations to ensure the safety of personnel, protect the
environment, and manage risks in accordance with ISO 9001, ISO
45001, ISO 14001, and ISO 31000 standards.

7 SOP-04
 SOP Scope

This procedure applies to all departments and operations within the textile
manufacturing facility. It covers the systematic identification, assessment,
and control of risks to ensure that risk-based thinking is integrated across all
organizational processes, in alignment with ISO 9001, ISO 45001, ISO
14001, and ISO 31000 standards.
Priority is given to operations that pose higher risks to occupational health
and safety, quality, or the environment, in order to ensure effective control
and mitigation of such risks.
Examples of high-priority operations include, but are not limited to:
• Production processes
• Storage and transportation activities
• Maintenance operations
• Cleaning activities
• Waste management
• Receiving raw materials and dispatching finished products

8 SOP-04
 Roles and
Responsibilities

Role Responsibility
• Provide adequate resources for risk management
activities.
• Ensure relevant roles and responsibilities are assigned
Top Management
and delegated.
• Support implementation of corrective actions and
continual improvement.
• Establish the risk management team.
• Oversee the overall risk assessment and treatment
QA Manager process.
• Ensure proper implementation of the risk procedure in
compliance with ISO standards.
• Identify, analyze, and evaluate risks.
Risk Management
• Implement appropriate control measures.
Team
• Monitor the implementation of risk treatment plans.
• Promptly execute risk-related actions when notified.
• Cooperate with the risk team in data collection and
All Departments verification of effectiveness.
• Report any potential risks or incidents to the Quality
team.

9 SOP-04
 Roles and
Responsibilities

Role Responsibility
• Lead and coordinate risk management activities within
the IMS.
• Develop and maintain risk management procedures in
Quality Assurance
line with ISO 9001, 45001, 14001, and 31000.
Department
• Conduct periodic reviews and drive continual
improvement based on risk outcomes.

10 SOP-04
 Procedures

1 When planning the integrated management system (IMS), the company must
consider internal and external issues, compliance obligations, the scope of its
IMS, and the needs of interested parties as outlined in SOP-03. This includes
identifying risks and opportunities related to its environmental aspects,
compliance obligations, and other issues and requirements to ensure desired
outcomes, enhance positive effects, reduce undesired effects, and achieve
continual improvement.

The company will involve workers and relevant parties in the planning
2
process as per SOP-24. It must also plan actions to address identified risks
and integrate these actions into the management system. Effectiveness will
be evaluated according to SOP-10, ensuring actions are proportional to their
potential impact.

A risk-based approach should guide the management processes. The company

3
must document risk management processes using form F-04-01 and maintain
records according to SOP-01. It should evaluate existing risk management
practices, identify gaps, and address them.

11 SOP-04
 Procedures

Top management must assign and communicate roles and responsibilities for
4
risk management per SOP-05. They should also allocate necessary resources,
including trained personnel and tools for effective risk management.

The company must define the scope of its risk management and understand
5
the external and internal contexts, as outlined in SOP-03, to effectively
achieve its objectives. Additionally, risk criteria should be documented,
aligned with the risk management framework, and regularly reviewed to
evaluate risk significance and support decision-making.
Probability
VERY LITTLE LITTLE POSSIBLE MOSTLY CERTAIN
1 2 3 4 5
Less than 5% %5-%29 %30-%69 70%-95% More than 95%
May happen in May happen once May happen once Will happen once a Will happen more
unexpected every 5 years every 3 years year than once a year
circumstances

12 SOP-04
Procedures

Severity
VERY LOW LOW MEDIUM HIGH VERY HIGH
1 2 3 4 5
Risks with very Risks with low Risks with Risks with Risks with severe
low impact do impact do not moderate significant impact on the
not require require specific impact, which impact on the organization
specific plans to plans to address should be organization necessitate the
address them. them. considered when require study establishment of
developing and the measures and plans
general plans. development of to address them.
a treatment
plan.

Risk Value = Severity*Probability

VERY LOW LOW MEDIUM HIGH VERY HIGH
Acceptable Risks Unacceptable Risks Intolerable Risks

1-2 3-4 5-8 9 - 15 16 - 25

13 SOP-04
 Procedures

Risk Matrix
5-Very high 5 10 15 20 25
4-High 4 8 12 16 20
Severity

3-Medium 3 6 9 12 15
2-Low 2 4 6 8 10
1-Very low 1 2 3 4 5
1-Very little 2-Little 3-Possible 4-Mostly 5-Certain

Probability

Risk assessment includes risk identification, analysis, and evaluation.

6
Risk Identification:
The goal is to find and describe risks that may affect the company's objectives.
Relevant and up-to-date information is crucial for this process. The Risk
Management team should identify all hazards related to the evaluated
processes and the harms associated with each hazard, regardless of control.

14 SOP-04
 Procedures

Outputs from the organization context analysis (SOP-03) must inform risk
identification. The process should consider:
• Routine and non-routine activities, including infrastructure,
equipment, and human factors.
• Emergency situations.
• People workplace activities, including workers, contractors, and
visitors.
• Design and organization of work areas and processes.
• Changes in operations and knowledge of hazards.
• Past incidents and their causes.
• Work organization affected by and social factors like workload and
culture.

Risk Analysis:
7
Risk analysis aims to understand the nature and characteristics of risks. Each
risk should be estimated based on severity and probability to determine
acceptability according to established criteria.

15 SOP-04
 Procedures

8 Risk Evaluation:
• The purpose of risk evaluation is to support decisions.
• Risk evaluation involves comparing the results of the risk analysis with the
established risk criteria to determine where additional actions are
required.
For unacceptable & intolerable risks (MEDIUM, HIGH & VERY HIGH-
RISK LEVELS): Control measures shall be taken to minimize each risk to
acceptable levels.
For acceptable risks (LOW & VERY LOW RISK LEVELS): Additional
control measures should be taken to minimize each risk as far as possible.

9 Risk Treatment (Risk Controls):

The organization shall establish a process to reduce occupational health
and safety (OH&S) risks using the following hierarchy of controls:
• Eliminate the hazard.
• Substitute with less hazardous materials, processes, operations, or
equipment.
• Implement engineering controls.
• Adopt administrative controls.
• Provide and ensure the use of adequate personal protective equipment.
16 SOP-04
 Procedures

After establishing these controls, the organization shall select

appropriate risk treatment options by balancing the potential benefits
with costs and disadvantages. Risk treatment options may include:
1. Eliminating the risk source.
2. Avoiding the risk by not starting or continuing the risky activity.
3. Modifying the likelihood of the risk occurring.
4. Adjusting the consequences of the risk.
5. Accepting or increasing the risk to pursue an opportunity.
Additionally, the organization must recognize that implementing risk
treatments can introduce new risks that require effective management.

10 Preparing and Implementing Risk Treatment Plans

All control measures must follow SOP-10 as preventive actions.
Risk control measures should be implemented promptly, and their
effectiveness must be assessed after implementation according to SOP-10.
The risk should be measured post-implementation to confirm it has been
reduced to an acceptable level.

17 SOP-04
 Procedures

11 Monitoring and Review

The purpose of monitoring and review is to ensure and improve the quality
and effectiveness of processes.
Ongoing monitoring and periodic reviews should be planned, with clear
responsibilities assigned.
Feedback from SOP-13 should be used to identify new risks, and the RMR
report should be updated as needed.

10 Recording and Reporting

The implementation of the risk management process and results should be
recorded using form F-04-01. Each report must have a unique code (RMR-XX-
YYYY), where RMR stands for risk management report, XX is the serial
number, and YYYY is the issuance year.
Outputs must be documented, kept up to date, and shared with relevant
interested parties.

18 SOP-04
 Relevant
Procedures/Forms

Forms/SOPs No Title
F-04-01 Risk Management Report (RMR)
SOP-01 Document Control Procedure
SOP-03 Organization Context Procedure
SOP-10 Improvement and Corrective Actions Procedure
SOP-13 Feedback and Complaints Handling Procedure
Organizational Roles, Responsibilities & Authorities
SOP-05
Procedure

19 SOP-04
 SOP APPROVAL CYCLE

1st Issuance Date 06/04/2025

Effective Date 06/05/2025
Next Review Date 06/04/2028

Approval Position Name Sign/Date

Prepared by

Reviewed by

Approved by

Copy no.

STAMP

20 SOP-04