Business Risk Management      Risk Assessment       Operational Excellence

Manage Risk

integrate, innovate, involve

We understand that depending on your role, you will have different requirements from our software



With that in mind the system has been designed both bottom-up and top-down so that at each level you have the right tools for the job.


Risk-based Thinking

Identifying, assessing and pro-actively managing risks is a core element of good management practice and is key to protecting your workers, your business and your brand, as well as complying with the law.

The latest versions of the international standards for management systems (ISO 9001, ISO 14001 and ISO 45001) now explicitly require “risk based thinking” (incorporating risk into day to day decision-making) as part of the Plan-Do-Check-Act (PDCA) methodology with actions to address both risks & opportunities for the business or organisation.


Examples of risks and opportunities are:

  • conformity of products and services
  • customer satisfaction
  • changes in operations
  • new product development
  • cost and competitiveness
  • emergency preparedness and response
  • significant environmental aspects
  • energy and resource management
  • health and safety
  • compliance obligations and changing regulations

Operational Excellence

The Management Standards (ISO 9001, ISO 14001, OHSAS 18001, ISO 50001 and ISO 45001) require that an organisation establishes measurable objectives and targets for all relevant functions and levels of the organisation consistent with policies, risks and opportunities. The RISK module provides the ability to set Objectives & Targets and to simultaneously link them to Management Programmes and ultimately to individual tasks. Progress can be easily tracked and viewed on a macro or micro level for use in Management Reviews.


Objectives are strategic goals established by an organisation that are consistent with the organisation’s Policy, such as commitments to product quality, environmental impact or safety, or to comply with legislation. These Objectives must be measurable and are achieved through Management Programmes and in turn by detailed Tasks.


Targets are measurable values and timeframes, linked to the objectives, which the organisation is trying to achieve.

Management Programmes

Management Programmes set out the responsibilities and timing for achieving the various programmes and tasks needed to achieve the objectives and targets. The SCANNELL RISK uses a bottom-up (linked to risks) and top-down (linked to objectives) approach to ensure complete capture.


Integrated Risk Register

Risk Assessments can take many forms and often involve methods and processes that can be difficult to track, monitor and manage in an integrated way, especially in a diverse multi-site organisation.

SCANNELL RISK will enable you to take effective proactive measures at site and group level in real time to ensure the continuity of your business operations and to protect your employees, your reputation and your brand.

Our RISK module is specifically designed to streamline and simplify the risk assessment and risk reduction process by providing:

A flexible and dynamic risk assessment methodology catering for a variety of templates and scoring models
An easy to use step by step process
“Closed-loop” continual improvement – upon task completion, risk ratings are automatically re-evaluated
Prioritised RAG Status (Red, Amber, Green)
Incorporation of photos and other media
Scheduled Review Dates and Verification
Integration with Objectives, Targets and Management Programmes
Integration with the Legal Compliance recorded in the Legal Register module enables the relevant regulations and existing controls to be assessed in line with risk assessments
Integration with the Incident Management module which allows assessments to be reviewed following an accident or incident in line with the requirement of the ISO standards, including effectiveness checks and root cause analysis (Fishbone / Ishikawa)


Responsibility for implementing the necessary measures is distributed across the organisation, which can lead to continual risk improvement.

Ultimately this Risk Management Software will build up a picture of overall risk at one or more sites (grouped) that helps you to see “the wood from the trees.”

Risk Assessment

Risk Assessment is a systematic process for evaluating the potential risks that may be involved in any projected activity so that suitable (reasonable) proactive measures can be put in place to prevent harm to people, the environment or the business.

Risks can include:

  • Hazards to workers or members of the public due to activities in the workplace or during work outside, or from chemicals or other materials, or from products
  • Environmental Impacts arising from aspects of an organisation’s activities, products, or services interacting with the environment (air, water, land, etc)
  • Quality issues
  • Business Continuity
  • Energy or resource inefficiency

Risk assessments should be prioritized, continuously updated and integrated with legal obligations, policies and strategic programmes.

Risk Assessment Process


Identify the Risks (Hazards, Environmental Impacts, Inefficiency, Quality)


Identify who or what might be harmed


Evaluate the level of risk


Record significant findings, controls or actions required




Types of Risk Assessment

Specific Risk Management templates and scoring models can be configured. The following standard models are provided:

  • Severity x Likelihood Matrix (3 x 3 or 5 x 5)
  • Job Safety Analysis (JSA)
  • Ergonomics (Manual Handling) Assessment
  • Chemical Assessment (COSHH)
  • Visual Display (Display Screen or DSE) Assessment
  • Risk Assessment – Method Statement (RAMS)
  • Pre & Post Natal
  • Business Continuity
  • Fine & Kinney Method (Severity, Exposure, Probability)
  • Quality & Operational Risk – FMEA (Failure Mode & Effect Analysis)
  • Business PESTEL Analysis (Political, Economic, Social, Technological, Environmental and Legal Factors)
  • Environmental Aspects

The international standard ISO 31000 provides guidelines, principles and a process for managing risk and the associated IEC 31010 details various risk assessment techniques.