You are on page 1of 6

ISO/TC

176/SC2DocumentN1222,July2014

RISK IN ISO 9001:2015

1.Objectiveofthispaper
toexplainhowriskisaddressedinISO9001
toexplainwhatismeantbyopportunityinISO9001
toaddresstheconcernthatriskbasedthinkingreplacesthe
processapproach
toaddresstheconcernthatpreventiveactionhasbeen
removedfromISO9001
toexplaininsimpletermseachelementofariskbased
approach

2.Overview
Oneofthekeychangesinthe2015revisionofISO9001istoestablisha
systematicapproachtorisk,ratherthantreatingitasasinglecomponentofa
qualitymanagementsystem.
InpreviouseditionsofISO9001,aclauseonpreventiveactionwasseparated
fromthewhole.Nowriskisconsideredandincludedthroughoutthestandard.
Bytakingariskbasedapproach,anorganizationbecomesproactiverather
thanpurelyreactive,preventingorreducingundesiredeffectsandpromoting
continualimprovement.Preventiveactionisautomaticwhenamanagement
systemisriskbased.


ISO/TC

176/SC2DocumentN1222,July2014

3.Whatisriskbasedthinking?
Riskbasedthinkingissomethingwealldoautomatically.
Example:IfIwishtocrossaroadIlookfortrafficbeforeIbegin.Iwillnotstepinfrontofamoving
car.
RiskbasedthinkinghasalwaysbeeninISO9001thisrevisionbuildsitintothewhole
managementsystem.
InISO9001:2015riskisconsideredfromthebeginningandthroughoutthestandard,making
preventiveactionpartofstrategicplanningaswellasoperationandreview.
Riskbasedthinkingisalreadypartoftheprocessapproach.
Example:TocrosstheroadImaygodirectlyorImayuseanearbyfootbridge.WhichprocessI
choosewillbedeterminedbyconsideringtherisks.
Riskiscommonlyunderstoodtobenegative.Inriskbasedthinkingopportunitycanalsobefound
thisissometimesseenasthepositivesideofrisk.
Example:
Crossingtheroaddirectlygivesmeanopportunitytoreachtheothersidequickly,butthereisan
increasedriskofinjuryfrommovingcars.
TheriskofusingafootbridgeisthatImaybedelayed.Theopportunityofusingafootbridgeis
thatthereislesschanceofbeinginjuredbyacar.
Opportunityisnotalwaysdirectlyrelatedtoriskbutitisalwaysrelatedtotheobjectives.By
consideringasituationitmaybepossibletoidentifyopportunitiestoimprove.
Example:
Analysisofthissituationshowsfurtheropportunitiesforimprovement:

asubwayleadingdirectlyundertheroad
pedestriantrafficlights,or
divertingtheroadsothattheareahasnotraffic

Itisnecessarytoanalysetheopportunitiesandconsiderwhichcanorshouldbeactedon.
Boththeimpactandthefeasibilityoftakinganopportunitymustbeconsidered.Whatever
actionistakenwillchangethecontextandtherisksandthesemustthenbereconsidered.


ISO/TC

176/SC2DocumentN1222,July2014

4.WhereisriskaddressedinISO9001:2015?
INTRODUCTION
TheconceptofriskbasedthinkingisexplainedintheintroductionofISO9001:2015.
DEFINITIONS
ISO9001:2015definesriskastheeffectofuncertaintyonanexpectedresult.
1. Aneffectisadeviationfromtheexpectedpositiveornegative.
2.Riskisaboutwhatcouldhappenandwhattheeffectofthishappeningmightbe
3.Riskalsoconsidershowlikelyitis

Thetargetofamanagementsystemisachieveconformityandcustomersatisfaction.

ISO9001:2015usesriskbasedthinkingtoachievethisinthefollowingway:
Clause4(Context)theorganizationisrequiredtodeterminetheriskswhichmayaffectthis.
Clause5(Leadership)topmanagementarerequiredtocommittoensuringClause4isfollowed.
Clause6(Planning)theorganizationisrequiredtotakeactiontoidentifyrisksandopportunities.
Clause8(Operation)theorganizationisrequiredtoimplementprocessestoaddressrisksand
opportunities.
InClause9(Performanceevaluation)theorganizationisrequiredtomonitor,measure,analyseand
evaluatetherisksandopportunities.
InClause10(Improvement)theorganizationisrequiredtoimprovebyrespondingtochangesin
risk.


ISO/TC

176/SC2DocumentN1222,July2014

5.Whyuseriskbasedthinking?
Byconsideringriskthroughouttheorganizationthelikelihoodofachievingstatedobjectivesis
improved,outputismoreconsistentandcustomerscanbeconfidentthattheywillreceivethe
expectedproductorservice.
Riskbasedthinkingtherefore:

buildsastrongknowledgebase

establishesaproactivecultureofimprovement

assuresconsistencyofqualityofgoodsorservices

improvescustomerconfidenceandsatisfaction

Successfulcompaniesintuitivelytakeariskbasedapproach

6.HowdoIdoit?
Useariskdrivenapproachinyourorganizationalprocesses.
IdentifywhatYOURrisksandopportunitiesareitdependsoncontext
Example
IfIcrossabusyroadwithmanyfastmovingcarstherisksarenotthesameasiftheroadissmall
withveryfewmovingcars.Itisalsonecessarytoconsidersuchthingsasweather,visibility,personal
mobilityandspecificpersonalobjectives.
Analyseandprioritizeyourrisksandopportunities
Whatisacceptable,whatisunacceptable?Whatadvantagesordisadvantagesaretheretoone
processoveranother?
Example
Objective:Ineedtosafelycrossaroadtoreachameetingatagiventime.
ItisUNACCEPTABLEtobeinjured.
ItisUNACCEPTABLEtobelate.
Theopportunityofreachingmygoalmorequicklymustbebalancedagainstthelikelihoodofinjury.
ItismoreimportantthatIreachmymeetinguninjuredthanitisformetoreachmymeetingontime.
ItmaybeACCEPTABLEtodelayarrivingattheothersideoftheroadbyusingafootbridgeifthe
likelihoodofbeinginjuredbycrossingtheroaddirectlyishigh.


ISO/TC

176/SC2DocumentN1222,July2014

Ianalysethesituation.Thefootbridgeis200metresawayandwilladdtimetomyjourney.The
weatherisgood,thevisibilityisgoodandIcanseethattheroaddoesnothavemanycarsatthis
time.
Idecidethatwalkingdirectlyacrosstheroadcarriesanacceptablylowlevelofriskofinjuryandan
opportunitytoreachmymeetingontime.
Planactionstoaddresstherisks
HowcanIavoidoreliminatetherisk?HowcanImitigaterisks?
Example:IcouldeliminateriskofinjurybyusingthefootbridgebutIhavealreadydecidedthatthe
riskinvolvedincrossingtheroadisacceptable.
NowIplanhowtoreducethelikelihoodofinjuryand/ortheeffectofinjury.Icannotreasonably
expecttocontroltheeffectofacarhittingme.Icanreducetheprobabilityofbeinghitbyacar.
Iplantocrossatatimewhentherearenocarsmovingnearmeandsoreducethelikelihoodofan
accident.IalsochoosetocrosstheroadataplacewhereIhavegoodvisibilityandcansafelystopin
themiddletoreassessthenumberofmovingcars,furtherreducingtheprobabilityofanaccident.
Implementtheplantakeaction
Example
Imovetothesideoftheroad,checktherearenobarrierstocrossingandthatthereisasafeplacein
thecentreofthemovingtraffic.Ichecktherearenocarscoming.Icrosshalfoftheroadandstopin
thecentralsafeplace.Iassessthesituationagainandthencrossthesecondpartoftheroad.
Checktheeffectivenessoftheactionsdoesitwork?
Example
Iarriveattheothersideoftheroadunharmedandontime:thisplanworkedandundesired
outcomeshavebeenavoided.
Learnfromexperiencecontinualimprovement
Example
Irepeattheplanoverseveraldays,atdifferenttimesandindifferentweatherconditions.
Thisgivesmedatatounderstandthatchangingcontext(time,weather,quantityofcars)directly
affectstheeffectivenessoftheplanandincreasestheprobabilitythatIwillnotachievemyobjectives
(beingontimeandavoidinginjury).
Experienceteachesmethatcrossingtheroadatcertaintimesofdayisverydifficultbecausethere
aretoomanycars.


ISO/TC

176/SC2DocumentN1222,July2014

TolimittheriskIreviseandimprovemyprocessbyusingthefootbridgeatthesetimes.
Icontinuetoanalysetheeffectivenessoftheprocessesandrevisethemwhenthecontextchanges.
Ialsocontinuetoconsiderinnovativeopportunities:

canImovethemeetingplacesothattheroaddoesnothavetobecrossed?
canIchangethetimeofthemeetingsothatIcrosstheroadwhenitisquiet?
canwemeetelectronically?

7.Conclusion

riskbasedthinkingisnotnew
riskbasedthinkingissomethingyoudoalready
riskbasedthinkingiscontinuous
riskbasedthinkingensuresgreaterknowledgeandpreparedness
riskbasedthinkingincreasestheprobabilityofreachingobjectives
riskbasedthinkingreducestheprobabilityofpoorresults
riskbasedthinkingmakespreventionahabit

Usefuldocuments
ISO31000:2009RiskManagementPrinciplesandguidelines
PD ISO/TR 31004:2013. Risk management - Guidance for the implementation of ISO 31000