IJCA - Volume 2 - Flipbook - Page 33
2023 | Volume 2, Issue 1
33
DOI: doi.org/10.55459/IJCA/v2i1/GA.PM.HM
‘Risky Business’: A Comprehensive Risk Analysis
of an Accreditation Body
By Dr. George Anastasopoulos, Senior Vice President, IAS; Patrick McCullen, Senior Program Manager, Management
System Certification Bodies, IAS; and Harry Makam, Accreditation Program Officer, IAS
-ABSTRACTRisk assessment and risk-based thinking are both key aspects considering the multi-faceted activities
inherent in Conformity Assessment. As an Accreditation Body (AB), risk assessment is used to ensure a
consistent, data-based approach towards accreditation of conformity assessment bodies.
The following paper presents methodology, lessons learned, and best practices found while conducting risk
management at the AB level within the Global Conformity Assessment industry. It provides a framework
for conducting a Modified Fink Risk Assessment and Analysis for use by various organizations, including
accreditation and conformity assessment bodies, such as testing and calibration laboratories, inspection
agencies, product and personnel certification bodies, management system certification bodies, etc.
Keywords: Accreditation body, risk assessment, risk analysis, risk-based thinking, conformity assessment bodies,
ISO/IEC 17011, likelihood, contingency plan, mitigation plan, Fink method, impact score
Definitions
Introduction
1. Risk: Effect of uncertainty on objectives (see ISO
31000:2018).
According to clause 4.4.6 of ISO/IEC 17011:2017, the
accreditation body “shall have a process to identify,
analyze, evaluate, treat, monitor and document on
an ongoing basis the risks to impartiality arising
from its activities.” However, risk-based thinking
doesn’t stop with impartiality considerations. In
fact, the ISO/IEC 17011:2017 standard mentions
“risk” a total of 21 times throughout the document.
Accreditation bodies, and accredited conformity
assessment bodies, must consider the impact of
risk on all activities on an ongoing basis.
2. Risk Assessment: A set of techniques and
methods on the system level to predict future
events and their consequences.
3. Mitigation: The action of reducing the severity,
seriousness, or painfulness of something (Oxford
Dictionary).
4. Contingency: A provision for an unforeseen event
or circumstance (Oxford Dictionary).
5. Crisis Impact Value (CIV): Value used to quantify
and convey the “Likelihood” and “Impact” of a
given risk.
6. Likelihood: The probability of occurrence of a
given risk or situation.
7. Impact: The potential severity of consequences of
a given risk or situation.
This risk assessment and analysis deals strictly
with the impartiality/business risks related to
the ongoing sustainability of the International
Accreditation Service, Inc. (IAS) as a global
conformity assessment accreditation provider. The
below analysis considers IAS-specific risks related
to seven broad categorizations related to the overall
organization:
8. Conformity Assessment: Demonstration that
specified requirements relating to a product,
process, system, person, or body are fulfilled (See
ISO/IEC 17000:2004).
1. General and Administrative
9. Accreditation: Third-party attestation related to
a conformity assessment body conveying formal
demonstration of its competence to carry out
specific conformity assessment tasks (see ISO/
IEC 17011:2017).
4. Assessment Resources
2. Global Business
3. IT Systems
5. IAS Policies, Procedures, and Processes
6. Conflicts of Interest/Impartiality
7. Miscellaneous
