Interested Party Int / Ext

Certification Body External

Customer External
Employees Internal
Top Management Internal
Suppliers External
Attorney Internal
CPA Internal
Investors Internal
Labor Union Representatives External
Local Community External
Parent Company Internal
Product End User External
Public External
Regulatory Bodies External
Staffing Agencies External
 COTO Log: Interested Parties List Rev. XX
Reason for Inclusion
Audit for ISO9001 compliance, issue certifications
Purchase our products and services These are fixed, as they
Directly responsible for manufacture of products, delivery of service interested parties
Has direct responsibility for management of the company
Provides our raw materials and critical support services
Provides legal services
Provides accounting services and annual financial reviews
Concerned with financial health of the company
Interfaces with management and labor union
Impacted by our activities in the region
Concerned with financial health of the company
These are suggested add
End user of our products and services
Receive some products
Mandate regulatory requirements
Provide candidates for hiring - conduct initial vetting of candidates
These are fixed, as they represent your minimum
interested parties

These are suggested additional intersted parties.

 Issues of Concern

COTO Log: Issues List Rev. xx

Ln Interested Party Issues, Concerns or Requirements Type of Issue Bias Treatment Method
1 Certification Body Level of compliance to ISO 9001 External Mixed See Appropriate Register
2 Customer Expect high quality services External Risk See Appropriate Register
3 Customer Expect on time delivery External Risk See Appropriate Register
4 Customer Could be source of referrals to new customers External Opportunity See Appropriate Register
5 Customer Flows down their QMS requirements External Risk See Appropriate Register
6 Customer If happy, could award follow-on contracts External Opportunity See Appropriate Register
7 Employees Expect to be compensated Internal Risk See Appropriate Register
These are fixed, but can be edited by
8 Employees Expect satisfactory facilities Internal Risk See Appropriate Register turning off sheet protection (in menu,
9 Employees Expect appropriate training Internal Risk See Appropriate Register go to REVIEW > UNPROTECT SHEET)
10 Top Management Company must remain financially healthy Internal Risk Management to maintain healthy financials; no risk register entry
11 Top Management QMS processes must be efficient Internal Risk See Appropriate Register
12 Top Management Concerned with growth of company Internal Risk Management review activities; no risk register entry
13 Top Management Company must maintain sufficient staff Internal Risk See Appropriate Register
14 Top Management Requires reliable equipment and facilities Internal Risk See Appropriate Register
15 Suppliers Expect to be paid promptly External Risk See Appropriate Register
16 Suppliers Require clearly defined requirements External Risk See Appropriate Register
17 Suppliers Supplier performance impacts on our reputation External Mixed See Appropriate Register
18 Attorney Concerned with company's legal compliance Internal Risk Maintain legal compliance through advice by counsel; no risk register entry
19 CPA Concerned with company's accounting practices Internal Risk Undergo regular financial audits
20 Regulatory Bodies Must comply with all regulations and statutes External Risk See Appropriate Register
21 The remaining rows can be edited as
22 you like.
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Ln Interested Party & Issue
(From prior tabs)

1 Certification Body: Level of compliance to ISO 9001

2 Employees: Expect to be compensated
3 Employees: Expect appropriate training
4 Employees: Expect appropriate training
5 Customer: Expect high quality services
6 Customer: Expect high quality services
7 Customer: Expect high quality services
8 Customer: Expect high quality services
9 Customer: Expect high quality services
10 Customer: Expect high quality services
11 Customer: Expect high quality services
12 Customer: Expect high quality services
13 Customer: Expect high quality services
14 Customer: Expect high quality services
15 Customer: Expect on time delivery
16 Customer: Expect on time delivery
17 Customer: Flows down their QMS requirements
18 Top Management: Company must maintain sufficient staff
19 Top Management: Concerned with growth of company
20 Top Management: QMS processes must be efficient
21 Top Management: QMS processes must be efficient
22 Top Management: QMS processes must be efficient
23 Top Management: QMS processes must be efficient
24 Top Management: Requires reliable equipment and facilities
25 Top Management: Requires reliable equipment and facilities
26 Top Management: Requires reliable equipment and facilities
27 Top Management: Requires reliable equipment and facilities
28 Top Management: Requires reliable equipment and facilities
29 Top Management: Requires reliable equipment and facilities
30 Top Management: Requires reliable equipment and facilities
31 Top Management: Requires reliable equipment and facilities
32 Suppliers: Require clearly defined requirements
33 Suppliers: Supplier performance impacts on our reputation
34 Suppliers: Supplier performance impacts on our reputation
35 Top Management: QMS processes must be efficient
36 Top Management: QMS processes must be efficient
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
COTO Log: Risk Register Rev. xx

Specific Risk

Loss of ISO 9001 certification

Failure to make payroll
Our training is inadequate, staff performs work poorly
Training is not provided at all, staff performs work poorly
Company equipment or facility failure impacts on ability to provide services
Deliverable reports include errors, ommissions, other inaccuracies
Service Level Agreements not met
Our fails to understand prime/customer requirements, contract not satisfied
Loss or damage to customer/supplier property (physical)
Insufficient review of deliverables allows errors to escape to customer
Incorrect invoicing frustrates prime and/or customer
Our procedures include errors, leads to quality escapes to customer
Lack of Our procedures leads to quality escapes to customer
Employees ignore procedures, leads to quality escapes to customer
Deliverable reports not provided when required
Customer makes changes to requirements w/out contract mod, Our cannot comply
We can't comply with customer QMS requirements
Loss of single key Our employee
Loss of single major customer could impact on revenue suddenly
One or more processes fail to meet KPI or process objectives
Internal audits fail to identify process problems, nonconformities
Process metrics are not sufficiently related to customer expectations
External audits reveal serious process nonconformities
Poor equipment, facilities risk safety of employees
Poor equipment, facilities make it harder for employees to satisfy quality
Fire
Theft, break-in / loss of equipment or product
Earthquake leads to company shutdown of > 24 hours
Hack / virus / ransomware / phishing scams
IT: loss of records backup
IT: Catastrophic server failure
Errors in contracts or Purchase Orders lead to supplier mistakes
Supplier delays cause late shipment to customer
Our supplier's reputation harms our own reputation in some way
Pandemic leads to staffing issues, inablity to satisfy contract requirements
Pandemic doesn't affect us, but affects our vendors
 Probability (of risk occurring) Conseq
Prob. Potential Loss of
Rating
Likelihood Previous Occurrences Customer or Entire
Contract
 Consequence (if risk is encountered)
Potential Inability to
Potential Risk to Human Potential Violation of Impact on Company Est. Cost of Correction /
Satisfy Immediate Job or
Order Health Regulations Reputation Financial Penalty
 Detectability
Cons. Det. Risk Factor
Rating Ability to detect the risk Rating (Prob x Cons x Det)
 Mitigation Plan
(Required for risk factors >=30,
suggested for risk factors between 25 and 30)
Ln Interested Party & Issue
# (From prior tabs)

1 Customer: Could be source of referrals to new customers

2 Customer: If happy, could award follow-on contracts
3 Certification Body: Level of compliance to ISO 9001
4 Suppliers: Supplier performance impacts on our reputation
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
COTO Log: Opportunity Register Rev. xx

Specific Opportunity

We can develop ways to ensure current customers refer us to new customers

We can increase efforts to have current customers increase their orders or work with us
We obtain / retain ISO 9001 certification
We must work to help suppliers improve, so that we improve
Probability (of achieving the opportunity)
Prob.
Rating Potential for New
Likelihood Previous Occurrences Business
 Benefit (if opportunity is encountered)

Potential Expansion of Potential improvement Potential improvement

to internal QMS Improvement to
Current Business in satisfying regulations processes Company Reputation
 Ben. Rating Opp Factor
Potential Cost of (Prob x Ben)
Implementation
 Number of active improvement activities: 0

Opportunity Pursuit Plan

(suggested for Opp Factors >=5) Status
May reference external planning document
Post- Implementation
Success?
 OPPORTUNITY LIMIT: RISK RATING LIMIT: Type Priority Bias
5.0 30.0 External Emergency Opportunity
RISK CONSIDERATION LIMIT Internal High Risk
25.0 Medium Mixed
Low

Opportunity Trend Data

Number Open Improvement Initiatives 0
Number Closed Improvement Initiatives 0
Total Improvement Initiatives to Date 4
Opportunity Failed 0
Opportunity Abandoned 0
Met some expectations 0

Met all expectations 0

Exceeded expectations 0

Risk Trend Data

Total risks processed 36

Total risks requiring action 0

Total risks suggesting action 36
Total risks accepted without action 0
 Likelihood Occurrences Potential Violation correction
Cannot occur / not applicable Has never occurred. None / NA None / NA $ 0 or N/A
Unlikely to occur Has not occurred in past 10 years. Minor Unlikely < $5,000
Somewhat likely to occur Has occurred in past 10 years. Moderate Possible < $10,000
Likely to occur Has occurred in past 5 years. High Very likely > $10,000
Very likely to occur Has occurred in past year. Very High Legal Risk > $50,000
 reputation cost of opp reputation score Success
None > $50,000 No impact / NA 1 Opportunity Failed
Minimal > $10,000 Minimal impact 2 Opportunity Abandoned
Moderate < $10,000 Moderate impact 3 Met some expectations
Severe < $5,000 Good impact 4 Met all expectations
Very severe $ 0 or N/A Great impact 5 Exceeded expectations
 detectability detscore
Always detected / NA 1
Easy to detect 2
Somewhat easy to detect 3
Difficult to detect 4
Impossible to detect 5

,
suggeste
d for risk for risk factors >=
(Required
factors
between
(Required for risk factors >=30,
suggested for risk factors between 25 and 30)

Opportu
nity
Pursuit
Plan
(suggest
ed for
Opp
Factors
>=

)
May
referenc
e
external
planning
documen
t
(suggested for Opp Factors >=5)
May reference external planning document