Risk-Base Thinking (RBT)

ISO 9001:2015

Started in 2015, one of the important leap in

international standardization is to form a Risk-Base
Thinking in ISO 9001: 2015. As a novelty, the more
information in a variety of presentation would
facilitate understanding of the principles of thinking
based on risk.

Rais_MR3 ( Bekasi, January 6, 2015)

Overview
2015 Revision Issue
Revision each 5 until 8 years

2015
2008

1987

2000

1994

Plans to publish the ISO 2001: 2015, Sept. 2015

Establish a
systematic approach to
risk in the quality
management system.
Clause 7 on,
preventive actions
removed and replaced by
incorporating risk into
all standard.
Risk-based approach,
making the organization
proactively prevent or
reduce undesirable
effects and promote
continuous improvement.

What is

RBT (Risk-base thinking)

Risk-based thinking is
something that we've all done
automatically.

Example: If I want to
cross the road I will
ensure safe conditions
before my street. I
would not move if there
is a car in front of
moving.

What is

RBT (Risk-base thinking)

Risk-based thinking is taking

into account the risk to the
overall management system.

Risks are taken into

account from the
beginning for the entire
standard, risk-based
thinking is part of the
process approach.

Example:
To cross the road I may directly or use the
pedestrian bridge nearby. I select a process that
will be determined by consideration of risk.

What is

RBT (Risk-base thinking)

Risk is generally understood as

a negative thing. In a risk-based
thinking, remain positive
opportunities of each risk
occurring.

Example:
Crossing the road in a
straightforward manner, will
provide an opportunity to
reach across the road
quickly, but the risk of
injury is high because there
is a car moving.
The risk of using the pedestrian bridge is that
I might be too late. But the chances of getting
hit by a car is very small..

What is

RBT (Risk-base thinking)

Opportunity does not always do with

risk but is directly related to the
purpose. Taking into account the
situation is possible to identify the
increasing opportunities.

Example:
This situation shows that there are
opportunities to make further
improvements:
Prioritize direct subway under way
The traffic light pedestrian, or
Divert the road so that the area
to avoid traffic
Impact and feasibility should be considered in
decision making. Whatever action is taken will change
the context and risks.

Why Use RBT (Risk-Base Thinking)

Taking into account the overall

risk, organizations will:

Improving achievement
of defined objectives,

The output would be

more consistent
Customers increasingly assured of receiving a
product or service that is expected.

Why Use RBT (Risk-Base Thinking)

With the risk-based
thinking,:

Will build a strong knowledge base

Nurture a culture of proactive towards improvement
Ensure consistency of quality of goods or services
Increase customer confidence and satisfaction

Intuitively successful
company always uses a riskbased approach

Where is risk addressed in ISO 9001:2015

DEFINITION
ISO 9001: 2015 defines risk as
the impact of uncertainty on the
expected results.
Effect is a deviation from the
expected can be positive or
negative.
The risk is about what could happen
and whether this effect might occur.

The risk is also considering the possibility of

achieving the target of the management system .

Where is risk addressed in ISO 9001:2015

The emphasis of the risk-based
thinking in ISO 9001: 2015 as
follows:

Clause 4 (Context) the organization is required to

determine and give effect to the level of risk.

Clause 5 (Leadership) top

management is required to
commit to ensure Clause 4
followed.

Clause 6 (Planning) organization shall take action

to identify risks and opportunities.

Where is risk addressed in ISO 9001:2015

Clause 8 (Operations) the
organization is required to
implement a process to address the
risks and capitalize on
opportunities.

Clause 9 (Evaluation of the performance of) the

organization is required to monitor, measure, analyze
and evaluate the risks and opportunities.

Clause 10 (Improvement)
organizations are required to
improve the response to changes
in risk.

How do I do it
Using the approach of risk factors
in the process of your organization

1. Identification
Identify the risks and opportunities of
each option will be taken
Example
Risk crossing the road at a busy time with a lot of
fast moving cars, not the same if the cross on a
deserted road with a bit of a moving car.

Consider things such as the

weather, surroundings and
other factors that could
interfere.

How do I do it
2. Create Priorities

Analysis and set priorities for risk and what

opportunities can be accepted, or not accepted? What
are the advantages or disadvantages derived from the
option taken.
Example
Objective: I have to safely cross the road to reach a
meeting at a specific time. With the condition was not
injured and was not too late.
Opportunity to get faster but
with the possibility of injury.

Might be acceptable, if late arriving across the

street because it uses a bridge rather than the
possibility of injury due to the direct cross.

How do I do it
3. Case Analysis.

250-meter pedestrian bridge will

add to the time of my trip. So
if the weather is good, good
visibility, deserted streets are
not many cars passing.

So I decided to directly cross the street with a low

level of risk of injury and had a chance to reach
the meeting on time.

How do I do it
4. Create a Plan

Plan of action to address

the risks that may occur
are:
How can I avoid or eliminate
the risk when crossing?

How can I reduce the risks that may be

happening?

How do I do it
Sample Case:
I could eliminate the risk of
injury by using the bridge but
I've decided that any risks that
occur when crossing the road is
acceptable.
Plans and considerations:
Reduce the possibility of injury
and injury or effect, the cross
when no cars are moving at close
to me.

Crossing the road in a place that has good visibility

and can stop in the middle to look back on the number
of cars that move.

How do I do it
5. Implement the plan and
take action

Examples:
I cross the street, check
there are no barriers to
cross over and take a safe
place in the middle of moving
traffic.

I check there are no cars coming. I crossed half

way and stopped in the middle in a safe place. I
check again later to continue crossing the street
situation.

How do I do it
6. Check the effectiveness
of the action and how it
works?

Examples:
I came across the street
unharmed and timely. This plan
is executed and undesirable
results can be avoided.

How do I do it
7. Learning from experience
and continuous improvement.

Example
I repeat the plan for a few days, at different times
and in different weather conditions.? Experience
teaches, that cross the road at a certain time of day
is very difficult because there are too many cars.

To limit the risk of me

revise and improve the process
by using a bridge on the
condition.
I continue to analyze the effectiveness of the
process and revise them if there is a change of
context.

How do I do it
8. Some considerations
innovative opportunities:

Move the meeting place so it

does not have to cross the
street.

Change the meeting time so I cross the

street when the quiet of the vehicle.
I can have a meeting with the use of
equipment electronic.

Conclusion
Risk-based thinking is not a
new thing and something that you
have done and continuously
Risk-based thinking:
Ensure greater knowledge and readiness.
Increase the likelihood of achieving the goal.
Make a habit of prevention
Reduce the possibility of a bad outcome.

Source readings:
....
ISO 31000: 2009 Risk Management Principles and
guidelines
PD ISO / TR 31 004: 2013, Guidelines for the
implementation of risk management - ISO 31000