ISO 31000:2018 Clause 6.4 Risk assessment

ISO 31000:2018 15 Minutes
https://preteshbiswas.com/wp-content/uploads/2024/01/ISO-31000_2018-Risk-Assessment_-A-Comprehensive-Overview.wav

Clause 6.4.1 General

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. Risk assessment should be conducted systematically, iteratively and collaboratively, drawing on the knowledge and views of stakeholders. It should use the best available information, supplemented by further inquiry as necessary.

ISO 31000:2018 Clause 6.4.1 provides guidance on the general principles and requirements for conducting risk assessments. Here are the key points from Clause 6.4.1 – Risk Assessment General:

  1. Context Establishment:
    • Clearly define and establish the context for the risk assessment process.
    • Consider the internal and external context, as well as the scope, criteria, and constraints.
  2. Risk Identification:
    • Systematically identify risks that could affect the achievement of objectives.
    • Consider all relevant sources of information, including historical data, stakeholder input, and expert knowledge.
  3. Risk Analysis:
    • Analyze each identified risk to understand the potential consequences and the likelihood of occurrence.
    • Use appropriate methods for risk analysis, such as qualitative, quantitative, or a combination of both.
  4. Risk Evaluation:
    • Evaluate the significance of each risk by comparing the analyzed consequences and likelihood against predefined criteria.
    • Prioritize risks based on their significance to the achievement of objectives.
  5. Risk Treatment:
    • Develop and implement strategies to treat or manage identified risks.
    • Consider the hierarchy of controls, and select the most appropriate risk treatment options.
  6. Monitoring and Review:
    • Establish a systematic process for ongoing monitoring and review of the risk assessment.
    • Regularly update the risk assessment to reflect changes in the organization’s context and objectives.
  7. Documentation:
    • Document the results of the risk assessment, including the identified risks, analysis, evaluation, and treatment plans.
    • Ensure that the documentation is clear, concise, and accessible to relevant stakeholders.
  8. Communication:
    • Communicate information about the risk assessment process and its outcomes to relevant stakeholders.
    • Foster a culture of open communication to facilitate understanding and awareness of risks.
  9. Integration with Decision Making:
    • Integrate the outcomes of the risk assessment into the organization’s decision-making processes.
    • Ensure that risk considerations are taken into account at all levels of decision making.
  10. Continuous Improvement:
    • Promote a culture of continuous improvement in the risk management process.
    • Learn from experience and update the risk assessment process based on feedback and changing circumstances.

By following these general principles outlined in Clause 6.4.1, organizations can establish a robust and effective risk assessment process that contributes to the overall success of the risk management framework as per ISO 31000:2018. Conducting risk assessments is a fundamental component of effective governance and helps organizations navigate uncertainties, make informed decisions, and safeguard their interests and objectives. It is an essential practice for organizations operating in dynamic and complex environments.Conducting risk assessments is crucial for organizations for several reasons:

  1. Decision Making: Informs decision-making processes by providing insights into potential risks and their potential impact on objectives.
  2. Proactive Risk Management: Enables proactive identification and management of risks before they materialize, helping prevent or minimize negative consequences.
  3. Resource Allocation: Assists in the efficient allocation of resources by focusing efforts on addressing the most significant risks that could impact the organization.
  4. Compliance: Supports compliance with legal, regulatory, and contractual requirements by identifying and addressing risks that could lead to non-compliance.
  5. Strategic Planning: Integrates risk considerations into strategic planning processes, ensuring alignment between risk management and organizational goals.
  6. Opportunity Identification: Identifies opportunities that could positively impact the organization, allowing for the exploitation of favorable conditions.
  7. Improved Performance: Enhances overall organizational performance by fostering a culture of risk-awareness and informed decision-making.
  8. Stakeholder Confidence: Builds stakeholder confidence by demonstrating that the organization is actively managing and mitigating risks that could impact its reputation and operations.
  9. Financial Stability: Aids in maintaining financial stability by identifying and managing risks related to financial transactions, investments, and market fluctuations.
  10. Crisis Preparedness: Facilitates crisis preparedness by identifying potential crisis scenarios and developing contingency plans to manage and mitigate them.
  11. Insurance Premiums: Can positively influence insurance premiums by demonstrating effective risk management practices to insurers, potentially leading to lower premiums.
  12. Enhanced Resilience: Builds organizational resilience by preparing for and responding to unexpected events, ensuring the ability to adapt and recover quickly.
  13. Continuous Improvement: Supports a culture of continuous improvement by learning from past experiences, adapting to changing circumstances, and refining risk management processes.
  14. Supply Chain Management: Assists in understanding and managing risks within the supply chain, ensuring continuity and reliability in the delivery of goods and services.
  15. Long-Term Sustainability: Contributes to the long-term sustainability of the organization by identifying and addressing risks that could impact its viability and competitiveness.

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation.

Risk assessment is indeed the comprehensive process of identifying, analyzing, and evaluating risks within an organization. Let’s break down the components:

  1. Risk Identification: This involves systematically identifying potential risks that could impact the achievement of objectives. It’s about recognizing both internal and external factors that may pose a threat or offer an opportunity.
  2. Risk Analysis: After identifying risks, the next step is to analyze them. Risk analysis involves assessing the potential consequences and the likelihood of occurrence for each identified risk. It can be done qualitatively, quantitatively, or using a combination of both methods.
  3. Risk Evaluation: Once risks are analyzed, they need to be evaluated. This step involves comparing the analyzed risks against predefined risk criteria. The goal is to determine the significance of each risk in relation to the organization’s objectives. Risks are then prioritized based on their significance.

By going through these three steps, an organization can gain a comprehensive understanding of its risk landscape and make informed decisions on how to manage and treat these risks. This process is iterative and should be regularly reviewed and updated to reflect changes in the internal and external environment of the organization. The information gathered from risk assessments is crucial for developing effective risk management strategies and ensuring the organization’s resilience in the face of uncertainties.

Risk assessment should be conducted systematically

By implementing these systematic approaches, an organization can enhance the effectiveness of its risk assessment process and ensure that it is conducted in a methodical and organized manner.

  • Clearly define the objectives and scope of the risk assessment. This helps in focusing efforts on specific areas and ensuring that all relevant risks are considered.
  • Develop clear criteria for evaluating and categorizing risks. This could include factors such as likelihood, impact, and urgency.
  • Adopt a systematic risk assessment methodology, such as the ISO 31000 or NIST SP 800-30 framework. This provides a structured approach to identifying, assessing, and managing risks.
  • Collect relevant data and information to support the risk assessment process. This could include historical data, incident reports, and expert opinions.
  • Standardize the processes involved in risk assessment to ensure consistency across different departments and projects within the organization.
  • Leverage risk management tools and technologies to streamline the assessment process. These tools can aid in data collection, analysis, and reporting.
  • Ensure that risk information is regularly updated to reflect changes in the organizational environment, technologies, and external factors.
  • Engage key stakeholders, including department heads, subject matter experts, and decision-makers, in the risk assessment process to gather diverse perspectives and expertise.
  • Document all aspects of the risk assessment, including methodologies used, findings, and recommendations. Generate comprehensive reports to communicate the results to relevant stakeholders.
  • Establish a feedback loop to continuously improve the risk assessment process. Learn from past assessments and adjust methodologies based on lessons learned.
  • Provide training to individuals involved in the risk assessment process, ensuring they understand the methodology and criteria used.
  • Consider involving independent parties or external auditors to review the risk assessment process periodically. This can help ensure objectivity and identify potential areas for improvement.

Risk assessment should be conducted iteratively

To ensure that risk assessment is conducted iteratively, meaning it’s a continual and ongoing process, consider the following practices:

  • Schedule periodic reviews of the risk assessment process to ensure its relevance.Update risk assessments based on changes in the business environment, technologies, and organizational processes.
  • Establish a feedback loop to gather input from stakeholders involved in the risk assessment process.Use feedback to identify areas for improvement and refine the risk assessment methodology.
  • Implement a continuous monitoring system to track changes in the risk landscape.Utilize tools and technologies to automate monitoring processes where possible.
  • Analyze and learn from security incidents and near misses. Use this information to refine risk assessments and improve risk mitigation strategies.
  • Conduct scenario planning exercises to explore potential future risks and uncertainties.Integrate insights from these exercises into the iterative risk assessment process.
  • Embrace an adaptive risk management approach that allows for flexibility in response to emerging threats and changing circumstances.
  • Provide ongoing training and awareness programs to keep employees informed about evolving risks and the importance of risk management.
  • Stay informed about industry trends and benchmark against best practices in risk management.Incorporate relevant external insights into the iterative process.
  • Define and track metrics and KPIs to measure the effectiveness of risk mitigation efforts.Use these metrics to identify areas that require additional attention or improvement.
  • Integrate risk assessments into the organization’s decision-making processes.Ensure that risk considerations are taken into account when planning and implementing new projects or initiatives.
  • Communicate regularly with stakeholders about the status of risk assessments and any changes in the risk landscape.Provide clear and concise reports that highlight key findings and recommendations.
  • Develop and regularly update crisis management and response plans based on the insights gained from ongoing risk assessments.Conduct drills and simulations to test the effectiveness of these plans.

By incorporating these practices, an organization can establish a culture of continuous improvement in risk management, ensuring that the risk assessment process remains relevant and effective over time.

Risk assessment should be conducted collaboratively

Conducting a risk assessment collaboratively involves engaging various stakeholders across the organization to leverage their expertise and perspectives. Here are strategies to ensure a collaborative approach to risk assessment:

  1. Identify and involve key stakeholders from different departments, including management, IT, legal, finance, operations, and compliance.Ensure representation from both technical and non-technical teams.
  2. Form cross-functional teams to bring together individuals with diverse skills and knowledge.Encourage collaboration between teams to gain a holistic view of potential risks.
  3. Foster open communication channels to encourage the sharing of information and insights.Maintain transparency regarding the risk assessment process and its objectives.
  4. Conduct facilitated workshops and collaborative meetings to brainstorm and identify potential risks.Use these sessions to discuss risk scenarios and mitigation strategies collaboratively.
  5. Appoint individuals as risk champions or advocates within each department or team.These individuals can help facilitate communication and promote a risk-aware culture within their respective areas.
  6. Implement collaboration tools to enable real-time sharing of information and collaboration among team members, especially if they are geographically dispersed.Utilize project management and collaboration platforms for documentation and communication.
  7. Conduct training programs to educate employees about the importance of risk management.Raise awareness about how their contributions to risk assessment can positively impact the organization.
  8. Provide regular updates on the progress of the risk assessment.Seek feedback from participants to continuously improve the collaborative process.
  9. Integrate risk assessment into existing business processes to ensure it becomes a natural part of decision-making.Align risk assessment with strategic planning and project management processes.
  10. Encourage coordination and information sharing between different departments.Ensure that risk assessments consider the interdependencies between departments and business units.
  11. Strive for consensus on risk priorities and mitigation strategies.Address conflicting viewpoints through open dialogue and negotiation.
  12. Document the collaborative efforts, decisions, and outcomes of the risk assessment process.Maintain records of discussions, risk registers, and action items.

By adopting these strategies, organizations can create a collaborative environment for risk assessment, leveraging the collective intelligence of their teams to identify, evaluate, and manage risks effectively. This collaborative approach enhances the organization’s ability to proactively address a wide range of potential challenges.

Risk assessment should be conducted drawing on the knowledge and views of stakeholders.

Involving stakeholders in the risk assessment process is crucial for obtaining a comprehensive understanding of potential risks and ensuring that the risk management strategies align with the organization’s goals and values. Here are some key considerations for incorporating the knowledge and views of stakeholders in the risk assessment:

  1. Identify and Engage Stakeholders:Clearly identify all relevant stakeholders, both internal and external, who may have insights into the organization’s risks.Ensure representation from various departments, management levels, and external partners.
  2. Stakeholder Consultation:Conduct consultations with stakeholders to gather their knowledge and views on potential risks.Use interviews, surveys, focus groups, or workshops to facilitate open discussions.
  3. Listen Actively:Actively listen to the concerns, experiences, and perspectives of stakeholders.Create an environment where stakeholders feel comfortable sharing their insights without fear of reprisal.
  4. Subject Matter Experts (SMEs):Identify and involve subject matter experts within the organization who possess specialized knowledge related to specific risks.Leverage their expertise to enhance the depth and accuracy of the risk assessment.
  5. Customized Communication:Tailor communication strategies to suit different stakeholder groups.Use language and formats that are accessible and meaningful to diverse audiences.
  6. Diversity and Inclusion:Ensure diversity and inclusion in stakeholder engagement to capture a broad range of perspectives.Consider different cultural, social, and professional backgrounds.
  7. Regular Updates:Keep stakeholders informed about the progress of the risk assessment.Provide updates on identified risks, mitigation strategies, and any changes to the risk landscape.
  8. Interactive Workshops and Forums:Host interactive workshops or forums where stakeholders can actively participate in risk identification and assessment.Encourage collaboration and dialogue among stakeholders during these sessions.
  9. Feedback Mechanisms:Establish mechanisms for stakeholders to provide ongoing feedback on the risk assessment process.Act on constructive feedback to continuously improve the risk management approach.
  10. Alignment with Stakeholder Objectives:Ensure that the risk assessment aligns with the overall objectives and values of the stakeholders.Consider the priorities and goals of different stakeholder groups when assessing and prioritizing risks.
  11. Transparent Communication:Maintain transparency in the risk assessment process.Clearly communicate how stakeholder input is being utilized in decision-making and risk mitigation strategies.
  12. Collaborative Risk Workshops:Facilitate collaborative risk workshops involving stakeholders to collectively analyze and address risks.Use these sessions to build consensus on risk priorities and mitigation plans.

By actively involving stakeholders in the risk assessment process, organizations can tap into a wealth of collective knowledge, improve the accuracy of risk identification, and enhance the overall effectiveness of their risk management efforts. This collaborative approach also fosters a culture of shared responsibility for risk mitigation throughout the organization.

It should use the best available information, supplemented by further enquiry as necessary.

Utilizing the best available information is fundamental to conducting a thorough and effective risk assessment. Here’s how organizations can ensure they leverage the best information and supplement it with further inquiry as needed:

  1. Information Gathering:Begin by collecting relevant data from various sources, including internal records, industry reports, historical incident data, and regulatory guidelines. Ensure that the information is accurate, up-to-date, and reflects the current state of the organization and its operating environment.
  2. Engage Subject Matter Experts (SMEs):Consult with subject matter experts within the organization who possess in-depth knowledge of specific areas, such as IT security, finance, operations, and legal compliance.Tap into their expertise to enhance the accuracy and completeness of the information gathered.
  3. External Benchmarks:Benchmark against industry best practices and standards to supplement internal data.Stay informed about the latest trends and emerging risks in the relevant industry.
  4. Collaboration with External Partners:Collaborate with external partners, consultants, or industry experts to gather additional insights and perspectives.Consider external viewpoints to obtain a well-rounded understanding of potential risks.
  5. Data Validation:Validate the accuracy and reliability of the data collected through independent verification processes.Cross-reference information from multiple sources to identify any discrepancies.
  6. Continuous Monitoring:Implement continuous monitoring systems to keep track of changes in the business environment, regulations, and technological landscape.Regularly update the risk assessment based on new information.
  7. Surveys and Interviews:Conduct surveys and interviews with relevant stakeholders to gather qualitative insights.Use these methods to supplement quantitative data with real-world experiences and perceptions.
  8. Scenario Analysis:Employ scenario analysis to explore potential future events and their impact on the organization.This technique helps in identifying risks that might not be evident from historical data alone.
  9. Feedback Loops:Establish feedback loops with internal and external stakeholders to gather input on the accuracy and relevance of the information used in the risk assessment.Act on feedback to improve the quality of future assessments.
  10. Technology and Analytical Tools:Leverage technology and analytical tools to process and analyze large datasets efficiently.Use data analytics to identify patterns, trends, and correlations that might not be apparent through manual analysis.
  11. Documentation of Sources:Clearly document the sources of information used in the risk assessment.Provide transparency regarding the reliability and credibility of the data to build confidence in the assessment.
  12. Risk Culture:Foster a risk-aware culture within the organization, encouraging employees to report relevant information and observations.Create channels for open communication about potential risks.

By combining the best available information with further inquiry as necessary, organizations can conduct a more robust and comprehensive risk assessment. This approach helps in identifying, analyzing, and managing risks in a proactive and informed manner, contributing to the overall resilience of the organization.

Documents and records required

  1. Risk Management Policy (Document):A documented policy outlining the organization’s commitment to risk management.Describes the context, objectives, and principles guiding the risk management process.
  2. Risk Management Plan (Document):A documented plan that outlines how the risk management process will be implemented and integrated into the organization’s activities.Includes roles and responsibilities, scope, methodology, and resources.
  3. Criteria for Risk Assessment (Document):Clearly defined criteria used to assess and evaluate risks. This may include factors such as likelihood, impact, and risk tolerance.Provides a basis for consistent and objective risk assessment.
  4. Risk Register (Record):A record that systematically captures identified risks along with relevant information such as risk description, source, and initial assessment. Serves as a dynamic repository for managing and tracking risks throughout their lifecycle.
  5. Risk Assessment Reports (Document/Record):Reports documenting the outcomes of risk assessments, including the identification, analysis, and evaluation of risks.Provides insights into the organization’s risk profile and informs decision-making.
  6. Risk Treatment Plan (Document):A documented plan outlining how the organization intends to treat, mitigate, transfer, or accept identified risks.Includes specific actions, responsibilities, and timelines.
  7. Monitoring and Review Records (Record):Records documenting the monitoring and review activities related to the effectiveness of risk treatments.Captures information on changes in risk levels and the ongoing status of risk management actions.
  8. Communication Plan (Document):A documented plan outlining how communication about risk management will be conducted internally and, where applicable, externally.Describes the methods and frequency of communication.
  9. Records of Stakeholder Engagement (Record):Records capturing engagement with internal and external stakeholders in the risk management process.May include feedback received and actions taken based on stakeholder input.
  10. Documentation of Assumptions and Constraints (Document):Documentation that outlines the assumptions and constraints considered during the risk assessment process.Provides context for understanding the limitations and influencing factors in the risk analysis.
  11. Audit Records (Record):Records from internal or external audits related to the risk management process.Demonstrates compliance with the organization’s risk management framework and the ISO 31000 standard.

Risk Assessment Policy

1. Purpose: The purpose of this Risk Assessment Policy is to establish guidelines and procedures for identifying, assessing, and managing risks within [Organization Name]. The policy aims to ensure a systematic and consistent approach to risk management to protect the organization’s assets, reputation, and stakeholders’ interests.

2. Scope: This policy applies to all employees, contractors, and third parties associated with [Organization Name]. It encompasses all aspects of the organization’s operations, including but not limited to strategic, financial, operational, and compliance-related activities.

3. Principles

a. Risk Ownership and Accountability

  • Clearly define roles and responsibilities for risk owners and accountable parties.
  • Ensure that each department or business unit is responsible for identifying and managing its specific risks.

b. Proactive Risk Management

  • Promote a proactive approach to risk identification, assessment, and mitigation.
  • Encourage reporting of potential risks at all levels of the organization.

c. Integration with Decision-Making

  • Integrate risk assessment into strategic and operational decision-making processes.
  • Ensure that risk considerations are part of project planning and execution.

4. Risk Assessment Process

a. Risk Identification

  • Conduct regular risk identification exercises at the organizational and departmental levels.
  • Encourage reporting of emerging risks from employees and stakeholders.

b. Risk Analysis

  • Utilize both qualitative and quantitative methods for risk analysis.
  • Evaluate the likelihood and impact of identified risks.
  • Prioritize risks based on their significance.

c. Risk Evaluation

  • Establish criteria for determining the acceptability of risks.
  • Determine the organization’s risk appetite and tolerance levels.
  • Evaluate risks against established criteria.

d. Risk Treatment

  • Develop and implement risk treatment plans for high-priority risks.
  • Explore risk mitigation, transfer, acceptance, or a combination.
  • Allocate necessary resources for effective risk management.

e. Monitoring and Review

  • Implement monitoring mechanisms to track the effectiveness of risk treatments.
  • Regularly review risk assessments in light of changing circumstances.
  • Update risk assessments based on new information or evolving risks.

5. Documentation and Reporting

  • Maintain a centralized risk register with details on identified risks.
  • Document methodologies, assumptions, and criteria used in risk assessments.
  • Prepare regular reports for management and stakeholders.
  • Ensure transparency in reporting and communication of risk information.

6. Training and Awareness

  • Provide training on risk management principles and procedures.
  • Foster a risk-aware culture throughout the organization.

7. Continuous Improvement

  • Periodically review the effectiveness of the risk management process.
  • Solicit feedback from stakeholders and incorporate lessons learned.
  • Update the Risk Assessment Policy and procedures based on changing needs.

8. Policy Compliance

  • Ensure that all employees and stakeholders adhere to this policy.
  • Establish consequences for non-compliance with the policy.

9. Policy Review

  • Review this policy periodically to ensure its continued relevance and effectiveness.
  • Update the policy as needed based on changes in the organization’s risk landscape.

10. Approval and Ownership

This Risk Assessment Policy is approved by [Name and Position] and is owned by [Department/Team]. Any changes to the policy require approval from [Appropriate Authority].

[Date]

[Signature]

[Name and Position of Approving Authority]

Risk Assessment Register

Risk IDRisk DescriptionCategoryLikelihood (1-5)Impact (1-5)Risk Level (LxI)Risk OwnerMitigation ActionsStatusNext Review Date
R001IT System FailureOperational3412IT ManagerRegular system backupsIn Progress2024-02-15
R002Market FluctuationsFinancial4312CFODiversify investment portfolioNot Started2024-03-01
R003Supplier ReliabilitySupply Chain2510ProcurementIdentify backup suppliersCompleted
R004Regulatory Compliance ChangesCompliance4416LegalRegularly monitor regulatory changesIn ProgressOngoing
R005Key Employee TurnoverHuman Resources3412HR ManagerImplement retention strategiesNot Started2024-02-28

Legend:

  • Likelihood (1-5): 1 = Rare, 2 = Unlikely, 3 = Possible, 4 = Likely, 5 = Almost Certain
  • Impact (1-5): 1 = Negligible, 2 = Minor, 3 = Moderate, 4 = Major, 5 = Catastrophic
  • Risk Level (LxI): Likelihood x Impact
  • Status: In Progress, Completed, Not Started, Ongoing, etc.

Risk Assessment Register Notes:

  1. Risk ID: Unique identifier for each risk.
  2. Risk Description: Clear and concise description of the identified risk.
  3. Category: Categorization of the risk (e.g., Operational, Financial, Supply Chain).
  4. Likelihood: Subjective assessment of the likelihood of the risk occurring.
  5. Impact: Subjective assessment of the potential impact if the risk materializes.
  6. Risk Level: Calculated as Likelihood x Impact.
  7. Risk Owner: Individual responsible for managing and monitoring the risk.
  8. Mitigation Actions: Specific actions or strategies to mitigate the risk.
  9. Status: Current status of the risk management actions (e.g., In Progress, Completed).
  10. Next Review Date: Planned date for the next review or update of the risk assessment.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply