Map your business risks and manage your action plans

The 2015 version of ISO 9001 and 14001 as well as the 2016 versions of IATF 16949 and EN 9100 explicitly introduce the notion of “risks related to threats and opportunities.” Control through risk management ensures the robustness of the Quality Management System (QMS) and the sustainability of the organization.

Why analyze and map business risks?

Recent versions of the ISO 9001, ISO 14001, EN 9100 and IATF 16949 introduce explicitly introduce the notion of “risks related to threats and opportunities.”
ISO 9001:2015 gives companies the freedom to choose the method by which the risks associated with the threats and opportunities are determined. This method may involve a straightforward qualitative process or a comprehensive quantitative assessment, depending on the context (for example, size of organization, technology sector, and maturity of the environmental management system).
If you want to opt for an approach based on the risk extended as required by ISO 9001, ISO 31000 provides guidelines on the formal risk management.

We propose that you take a different point of view than the simple SWOT matrix: 

Enterprise Risk Management allows you to work by sectors and processes in a structured and quantified way. SWOT is an interesting brainstorming tool, but it does not allow the quantitative assessment of threats and opportunities, nor to prioritize them, let alone to manage action plans and then revaluations. 

Our Risk Management software guides you through this risk assessment, providing consistent content and enabling you to manage the resulting action plans.

Accessible from your usual internet browser, it is easy to implement.


Bruneau: Gestion des risques opérationnels

Bruneau Customer opinion: Operational risks and ISO 9001:2015




Methodological guide for risk management

Our Risk Management software allows you to systematically ask yourself questions about risk management across the company.

It proposes an approach and extensive libraries that allow you to verify that you don’t forget any point of the four categories of threats described in the ONR 49000 standard:

  • Strategic threats – products and customers
  • Threats inherent to management, employees, and know-how
  • Threats inherent to business processes
  • Financial risks.

For each category, you will specify the areas at risk and the control points. You will need to quantitatively assess the impacts of each threat: effects, severity and probability of occurrence using a grid on 4 levels of more or less acceptable risks.

As a result, you will obtain a document summarising the areas where the risk is the strongest, with Kiviat diagrams (radar diagrams). We also propose, using the same method transposed on opportunities, an analysis table and reports allowing you to take into account the opportunities to drive your continuous improvement process. 

This awareness will allow you to target priorities and action plans.

An optional module to ensure GDPR compliance 

Since May 25th, 2018, organisations (companies, authorities and associations) managing personal data of European citizens will have to comply with the General Data Protection Regulation

Knowllence offers an optional GDPR module: in addition to managing risks on your processes, you can centralize risk management on your data. 

Learn more about the GDPR software module…

Action Plan Management

The follow-up of the actions resulting from your company risk analysis will allow you to be part of a continuous improvement process and thus to be able to promote your best practices for limiting risks to banks, insurance, and also to your shareholders and customers.
This action plan can be managed either internally to the software, or be injected into your usual action plans management tool if you have one.

Easy implementation and traceability (historical)

You automatically generate a corporate risk summary document and action plan sheets. 
The management of risk analysis changes is facilitated by the systematic and automatic recording of all changes made: changes in the organisation, new hazards, results of action plans, etc. This will make it easier for you to involve the various stakeholders by having the tools to delegate (and control) the progress of the various tasks.

3-minute video: Overview of enterprise risk management software (in French)


Some examples of screens and printed reports


This enterprise and GDPR risk management solution can be customized to your work habits: do not hesitate to consult us!

Skip to content