Risk management is more crucial than ever before as both consumers and government agencies focus on product quality and its impact on personal and public health. However, some within the food and beverage industry are struggling to meet the growing challenges of risk identification within a complex global system and evolving government guidelines. Some organizations make a good faith effort to satisfy customer or regulatory requirements by specific deadlines but are not sure how to best expand beyond meeting these guidelines. When organizations focus only on meeting basic requirements, they can miss opportunities to create proactive policies. Utilizing a more proactive approach to risk management can result in significant cost savings by preventing or mitigating massive recalls. And more importantly, proactive policies help facilities avoid contamination that could cause an outbreak of illness or a public health emergency. 

This is precisely where Exposure Quotient (EQ) comes in. EQ is a tool that helps organizations identify and diagnose where the risks are and what types of risks the organization should manage. Often EQ is expressed as a number or ratio to allow organizations to prioritize categories of particular risks within the bigger picture. When an organization utilizes an exposure quotient, it takes an all-encompassing approach to risk assessment instead of zeroing in on a particular set of risks. This comprehensive methodology helps companies develop a more defensive position for protecting consumers, customers, shareholders, and brand image. In addition, using an EQ helps organizations avoid discovering a previously unidentified risk after it’s too late. 

We’ll explore EQ and how you can use it to your organization’s benefit, including:

  • An in-depth look at EQ and the factors it encompasses
  • The immense benefits of assessing your risk exposure
  • The ways the food industry uses risk assessment
  • The types of risk assessment
  • The many potential factors influencing your company’s EQ
  • The powerful results of assessing various risks


We’ll begin by defining EQ and developing an understanding of how it applies to risk management principles in food and beverage. But first, let’s explain what a risk is and how it differs from a hazard.


The Difference Between a Risk and a Hazard

A hazard is any item or process that can cause harm. It can be an item like a piece of equipment or even an ingredient in the incorrect place—anything that could potentially cause harm. There are several categories of hazards, including:

  • Electrical, such as wiring and power systems
  • Psychological, including interactions with coworkers or the stress of completing a job on time
  • Physical, as in jobs that require lifting, carrying, or other movements
  • Environmental, including working in temperature-controlled facilities 
  • Mechanical, such as navigating a building site or moving between equipment
  • Hazardous substances, including exposure to potentially flammable or poisonous materials

However, risk is how likely harm from that hazard will take place. An organization can determine risk based on the exposure to a hazard by determining how often the risk might be present, the duration of the risk, or the quantity of the hazard, if applicable. It is vital for facilities to determine all hazards and the level of risk associated with each hazard. Additionally, the level of risk can change for different groups of people. Operators who handle a piece of equipment daily may be more at risk than employees who work in another facility area. 

Some organizations become mired in risk assessment, and it becomes overwhelmingly complex. Other organizations under-assess their risks and discover their mistakes after a catastrophic event. Examining risk through an exposure quotient can help bring some perspective into the assessment and help organizations stay focused on the goal—making the workplace and the supply chain as safe as possible.

Rethinking Risk How to Effectively Assess Your Company’s Exposure Quotient


What is an Organization’s Exposure Quotient (EQ)?

Your organization’s exposure quotient (EQ) encourages you to look at risks through a new lens. It encompasses the organizational intelligence of your facilities, factoring in the myriad risks food safety and quality professionals are required to manage daily. Most importantly, EQ aims to take the broadest approach to risk analysis, looking beyond compliance deadlines which tend to consume the most significant level of focus. In other words, our EQ is a calculation that can remind us of the full breadth of risks we face by ensuring we don’t have our blinders on.

An organization’s EQ comprises many factors. It should prompt us to look deeply into both corporate and facility-based risk management programs. It also encompasses the knowledge and training of our personnel. Nowadays, companies are also leveraging Big Data to improve their EQ. Risks can be either qualitative (divided into high, moderate, and low) or quantitative (ranked on a scale of 1-5, for instance). While taking the numerical approach isn’t required, many companies find it helpful.

Like IQ, EQ does not have to remain static. EQ can improve as an organization grows and improves. It takes data and turns it into actionable information, which is the net objective of any organizational risk assessment.

Indeed, EQ is essentially a risk assessment an organization can perform on a larger scale. While it may be an unfamiliar concept in many organizations, it isn’t complicated. The goal of identifying the EQ is to spur questions such as: 

  • How broad is our risk assessment? 
  • Are we only looking at specific types of risks?


Let’s take a deeper dive into risk assessment in manufacturing.


What Is Risk Assessment in Manufacturing?

Let’s examine how the Safe Food for Canadians Act (SFCA) has spurred a renewed focus on risk assessment, management, monitoring, and communication. The SFCA received Royal Assent in 2012 and came into force in 2019. As the Food Safety Modernization Act (FSMA) in the US, the intent behind SFCA and the creation of the Canadian Food Inspection Agency (CFIA) was to modernize regulations. Preexisting oversight had originated in a time when Canada produced much of the food consumed in Canada in-country, and supply chains were far more straightforward. Today’s supply chains are complex and often multinational, and organizations may utilize food components manufactured or sourced from around the world. The three objectives of SFCA are:

  1. Improving food safety oversight to protect consumers better by addressing deceptive practices, improving traceability, and improving supplier port controls.
  2. Streamlining and clarifying legislative authorities by clearly describing the powers of the CFIA, allowing inspectors to operate with greater efficiency.
  3. Growing opportunities in the global market for the Canadian food and beverage industries by updating how Canada handles export certification and import screening.


The SFCA applies to import, export, and inter-provincial trade. Generally, it does not apply to intra-provincial trade, as provinces still have their systems. For companies that do fall under the Act, here are some of the most noteworthy components to prepare for:

  • Risk Assessment

A full assessment should include risks across all possible areas, including regulatory compliance, crisis management, food fraud, food defense, customer requirements, and any other relevant topics. Identify whether risks warrant a control that your risk management strategy should encompass.

  • Risk Management

The risk assessment is only the start of risk engineering. Next, you must develop a risk management strategy, which informs the actions you’ll take to actively control the identified risks. For example, your vendor management strategy may require high-risk suppliers to do things differently than low-risk suppliers.

  • Risk Monitoring

The work isn’t over once an organization develops a risk management plan. How will you monitor risks on an ongoing basis? Many companies overlook this step, but it is essential to develop mechanisms for monitoring risks regularly. An organization’s processes may include periodic testing of products received from suppliers, self-assessment, and other monitoring steps.

  • Risk Communication

Lastly, how will you communicate risks to employees, other partners, and externally? In the event of a crisis, how will you communicate, and with whom? Having these parties pre-identified allows you to deploy a strategy promptly instead of losing precious time.


These components of risk provide a holistic and proactive approach to dealing with risk. Now, let’s discuss the five types of risk assessment.


What Are the 5 Types of Risk Assessment?

Risks are always present, but there are methods for determining which risks can happen and the likelihood of their occurrence. In addition, organizations can recognize the presence of risk in general, while enacting processes that reduce or eliminate specific risks. Risk assessment allows organizations to understand all facets of the risk, including possible outcomes and their impacts on processes. There are several ways to perform risk assessment, and each type is not mutually exclusive—many situations benefit from using multiple types of risk assessment to evaluate the risk fully. The five types of risk assessment are:

  1. Qualitative Risk Assessment: The most common type of risk assessment, qualitative risk assessment, relies on the assessor’s expertise. However, best practices guidelines and the expertise of the operators also factor into the assessment. Assessors determine what harms or hazards may occur and whether the risk is low, medium, or high.
  2. Quantitative Risk Assessment: Assessors use quantitative risk assessment to assign a numerical value (often on a scale of one to five) to major hazards. 
  3. Generic Risk Assessment: Organizations can use generic risk assessment to reduce or eliminate duplication of tasks and effort and redundant paperwork. A risk assessment template can be a useful tool for assessing similar equipment activities.
  4. Site-Specific Risk Assessment: These risk assessments focus on a particular location or item of work and can be qualitative, quantitative, or both. In some cases, facilities may begin with a generic risk assessment template. Assessors could then add specific detail.
  5. Dynamic Risk Assessment: Sometimes, facilities must assess risk on the spot. While there are always unknowns and some level of uncertainty, some situations contain a heightened amount of uncertainty, especially in fast-moving, changing circumstances like an emergency. Very often, workers, rather than assessors, are the ones performing dynamic risk assessments.

Ultimately, the objective of this framework is to help you mitigate, reduce, or perhaps even eliminate the broad range of risks your company faces.

Risk management

The Benefits of Assessing Risk Exposure

A risk exposure assessment’s primary benefit is that it allows you to pause and reflect. The food industry heavily relies on speed: time is not only money; it can mean the difference between survival and failure. As key components of the food and beverage industries have become more interwoven with global markets, industries have had to adjust to making every second count in order to remain competitive. We are constantly racing to achieve more, from launching new products to fulfilling customer orders. While this is the current nature of the business, becoming too deadline-focused can amplify risks by causing organizations to cut out crucial self-assessments. Consider slowing down to speed up: simply taking the time to stop and ask valuable questions allows companies to step up the pursuit of continuous improvement.

Organizations can also use risk exposure as a diagnostic tool. It is especially beneficial for pinpointing potential areas of concern across multiple facilities, as well as risks present on a corporate scale. For instance, if a manufacturer identifies the same risk in many facilities, then risk exposure as a diagnostic tool could allow you to consider how you might appropriately allocate resources to address this widespread risk. Conversely, risks only present at certain facilities (sites where allergens are introduced, for instance) will need their own unique risk management processes. An EQ-based approach gives you the necessary visibility to strategically direct your time, talent, and dollars.


Factors Impacting Your EQ

The factors that impact your organization’s EQ span far and wide. We’ll take a brief look at the different types of risks here, but keep in mind that these risks affect each organization—and even each facility—in unique ways.


Legal Risks and Exposure Quotient

Legal activity in the food industry has spiked significantly in recent years. In particular, litigation by consumer advocacy groups, competitors, individual plaintiffs, and class actions has increased.

Today’s consumers are more educated than ever before. If food companies are incapable or unwilling to divulge information, the public is more likely to mobilize and take action now than in years past. Consumer advocacy groups are also becoming more active, often garnering national or international attention via lawsuits against manufacturers and the Food and Drug Administration (FDA). There have also been recent instances of competitors taking legal action against one another. In addition, the prevalence of class action lawsuits has kept pace with the number of foodborne illness outbreaks, which has persisted in rising steadily.

A final legal consideration to consider is the Department of Justice’s (DOJ) involvement in certain industry happenings. The DOJ has teamed up with the FDA to prohibit repeat offenders from operating. In these instances, regulatory enforcement actually benefits the industry as a whole by helping to eliminate the lawbreakers, thereby giving compliant companies a better ability to self-regulate.


Regulatory Compliance Risks

The US Congress passed the Food Safety Modernization Act (FSMA) in 2011, and over the past decade, the FDA has implemented various aspects of the Act. There are many new rules affecting companies across the industry—in fact, like SFCA, FSMA constitutes a whole new approach to inspection philosophy and a shift to handling risks proactively as much as possible. While accommodating these changes may require some adjustments, we can view post-FSMA inspections as an opportunity to prove facilities are fully prepared and approaching compliance correctly.

To be inspection-ready, ensuring your organization is thoroughly documenting and reviewing all of your programs is vital. Designated personnel should also be able to speak confidently about the facility’s hazard analysis plans, including why a facility has or has not developed preventive controls to address various risks. Everyone should also have a clear idea of their role in risk management. For instance, if an employee at the receiving dock is questioned about supplier approval and verification activities, they should be able to answer regarding facility policy and risk mitigation activities. The more prepared your personnel are to handle these types of questions, the smoother inspections will go.

Risk management

Customer Compliance Requirements

The changing landscape of private standard requirements is manifesting in the form of more in-depth contracting. Many companies are developing robust supplier agreements to protect themselves better and enhance their communication of expectations. Contracts are the best method for getting communications about risks in writing.

In particular, there has been an increase in requirements around testing. Whether testing is required prior to shipping to your customers or you’re asking your suppliers to test to ensure they are providing clean, safe, and wholesome materials, organizations are implementing these efforts to address the rising rates of recalls.

To minimize customer compliance risks, it is essential that an individual or team thoroughly reads through supplier agreements and that everyone in your facilities clearly understands their duties and expectations.


Changing Science

The technology utilized in sensors and detection devices continues to evolve and can detect any materials that are not supposed to be in a product with far greater accuracy. These technological advances have increased our ability to protect the world’s food supply for the consuming public. However, these advances have also presented a new reality for risk checks by regulatory enforcers. You have likely heard the buzzword “swab-a-thon,” for instance, referring to the FDA’s microbiological sampling. The FDA is incorporating whole-genome sequencing (WGS) into its sampling, resulting in a greater capacity to link foods, illnesses, patients, and production facilities. 

Some organizations are exploring the option of implementing WGS in their facilities as a preemptive approach. Those that already have begun to utilize WGS are doing so under strict and prescribed confines to test without facing significant liability. While the full impact of emerging science on the industry has yet to be revealed, it’s clear that we certainly aren’t going backward when it comes to technological advances.



Business Risks

A broad range of inherent business risks impacts food companies. From sole source suppliers to vendor performance monitoring, some risks are business risks while others are regulatory. Others still may encompass both types of risks. What’s important is that you are taking a close look at all of these risks cumulatively. Assess internal risks, as well as those associated with training, documentation, and recordkeeping.

Performing a full assessment helps protect your brand reputation and business while also creating some operational efficiencies. When we fail to build mitigation strategies around business and compliance risks we’ve identified, we lose out on opportunities to improve and avoid complacency. Because risks are relative and constantly changing, organizations must be willing and able to perform assessments on a continual basis.


Brand/Reputation Risks

Lastly, companies must also consider brand and reputation risks and how to address them. Organizations should develop and implement media, social media, and call center contact management strategies as needed. Additionally, companies can think in terms of risk prevention during research and development to minimize hazards proactively. From finding ways to avoid potentially risky ingredients to producing specific products in certain facilities, there are many ways to eliminate risks early on in a product’s lifecycle.

Companies must also consider some of the more serious brand or reputation risks they could face in the wake of a crisis, such as the impact of losing customers, consumer loyalty, adverse regulatory relationships, recalls, and significant brand damage.


Results of Assessing Various Risks

While risk assessments may require time and effort, their results are worth the investment. Assessing various risks gives companies an understanding of what they must do to customize risk management, monitoring, and communications. It also allows us to think ahead in terms of how emerging risks can be identified. A risk assessment can even put plans in place for addressing unforeseen circumstances such as plant shut-downs due to natural disasters.

Risk assessments also shed light on the potential costs of not having risk management strategies. In order to have meaningful conversations with stakeholders, we must be able to provide actionable data. The ability to quantify risks can help ensure companies can successfully request and receive vital capital—and subsequently, better avoid more serious crises.


How EQ Fits into Risk Engineering or Mitigation

Risk assessment is also valuable because it paves the way for the subsequent steps, including risk management, allowing you to close the gap. You can then perform continuous risk monitoring through enforcement and maintenance activities. Finally, conduct risk communication. By adopting this broad framework, your company will be better positioned to address any risk that comes its way.


Food Safety Management Software and Risk Assessment

Ongoing risk monitoring and calculating EQ manually can quickly become unproductive, especially in more extensive facilities and along complex supply chains. Many organizations are incorporating risk assessments into food safety management software platforms like SafetyChain. Employees can access standard operating procedures (SOPs), guides, safety information, audit guidelines and information, and more. The platform can also provide a central place for reporting or logging any new hazards or issues, streamlining many components of the risk assessment process. Real-time analytics can allow facilities to respond much more quickly, mitigating risk levels for potential hazards.


Sign Me Up

Join our list to get Industry Webinars Invites, E-Guides, Customer Success Stories, and More.