Application of Risk-

Based Thinking For

ISO 9001:2015
Customized for:
SOCCSKSARGEN GENERAL HOSPITAL

(+632) 8583 0962

(0923) 579 0675

(0956) 337 4200
infoadvancecompany@gmail.com
Unit 514, Goldwell Bldg.,
930 Aurora Blvd., Brgy. San Roque,
Murphy, Cubao, Quezon City 1009
A. QMS Fundamentals 1

What is QMS? Process – Set

of activities Inputs
Materials, Resources,
Requirements
ELEMENTS
Key Definitions that converts PEOPLEWARE
q System – set of interrelated inputs into
or interacting elements outputs. Activity
q Management Systems -
system to establish policies, HARDWARE
objectives and processes to Monitoring & Controls
achieve those objectives Measurement

q Quality Management Activity

Systems – part of a Monitoring &
Monitoring &
Measurement
management system with Measurement
regard to quality. SOFTWARE
Controls Activity
q Quality – degree to which a
set of inherent
characteristics of an object Output
fulfills requirements Customer

1
1

A. QMS Fundamentals
Intended Results of the Quality Management System
CLIENT EFFECTIVENESS & CONTINUAL
SATISFACTION EFFICIENCY IMPROVEMENT

1 2 3
To Enhance Client To Become A More To Establish A
Satisfaction Effective & Efficient Framework For Continual
• Determine Customer Organization Improvement
Requirements • Establish goals, policies and • Conduct Internal Audits &
• Meet Customer objectives Management Reviews
Requirements • Set strategies on how to • Monitor, Measure, Analyze
• Exceed Customer achieve objectives & Evaluate
Expectation • Achieve more with fewer use • Improve organizational
of resources performance t
n
veme
Impro

2
2

1
 3

Risk Management Principles

The organization’s risk management
is continually improved. The organization integrate
risk management in all of its
Both human behavior and Continual activities
culture influence heavily the risk, Improvement Integrated
management, therefore these
two characteristics are taken The risk management is
Human &
into account in all aspects of risk Structured & established upon a structure
Cultural
management Value Comprehensive and comprehensive approach
Factors
Creation
Risk management accounts for Best and
any limitations and uncertainties Available Protection The risk management linked
Customized
regarding the provided historical Information to organizational objectives,
and current information and and is tailored to fit the
future expectations. organization’s context
Dynamic Inclusive
The risk management
Considering that both internal
includes the necessary
and external changes happen, stakeholders and takes into
risks management is able to
account their knowledge,
detect and respond to those
views and perceptions.
changes appropriately.
Source: ISO 31000:2018
3
3

Strategic Direction - a plan that

provides overall direction for an
organization and a framework for
decision making.
KEY 1. Where do we want to be?
QUESTIONS
2. What’s our purpose in going
there?
3. What goals should we
establish to get there?
4
4

2
 QUALITY POLICY- Definition (ISO 9000:2015)
“intentions and direction of the organization as
formally expressed by its top management related to
quality”
Note 1: Generally the quality policy is consistent with the overall policy
of the organization, can be aligned with the organization’s vision and
mission and provides a framework for the setting of Quality
Objectives.
Note 2: Quality management principles presented in this international
standard can form a basis for the establishment of a Quality Policy.
5
5

ISO 9001:2015 Quality Management Systems - REQUIREMENTS

5.2 Policy
5.2.1 Establishing the quality policy
Top management shall establish, implement and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization and supports its strategic
direction;
b) provides a framework for setting the quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality management system.

5.2.2 Communicating the quality policy

The quality policy shall:
a) be available and be maintained as documented information;
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate;
6
6

3
 Quality Policy
We, the management and employees of the SOCCSKSARGEN
General Hospital, are committed to ensure the highest
standards of quality healthcare services for the satisfaction of
our clients in partnership with all stakeholders. We practice a
culture of transparency and accountability, observe zero
tolerance against corruption, implement an efficient and
effective Hospital Information System, and continually improve
our Quality management System in Compliance with
regulatory and statutory requirements.
77
7

Vision
SGH as a premier apex hospital in SOCCSKSARGEN region by 2028.

Mission
SGH is committed to provide quality, holistic, people-centered and sustainable healthcare services.

Core Values
GOD-CENTERED SERVICE – When God is glorified through the service of one’s life
EXCELLENCE- Striving for excellence, taking pride in one's profession, and practicing it in accordance with moral
principles and by using the right technical expertise to serve the public
COMMITMENT- By encouraging innovation, effectiveness, efficiency, pro-active, dynamism, and openness to change,
the SGH continually strives for the best
INTEGRITY - The facility strives for honesty and consistency in carrying out its duties
COMPASSION - While SGH promotes a high standard of care, it also supports human dignity by helping those in need
and acting compassionately toward them
TEAMWORK - The SGH staff collaborates with result-oriented mindset

88
8

4
 Stakeholder Analysis - a process of systematically gathering
and analyzing qualitative or quantitative information to
determine whose interests should be taken into account when
developing and/or implementing a policy or program.
KEY
QUESTIONS
1. Who do we need to satisfy?
2. What makes them satisfied?
3. How can we satisfy them
further?
9
9

4.2 Understanding the needs and expectations of interested parties

REQUIREMENT Interested Parties Requirements
Needs Expectations
§ Know who are your relevant
interested parties Direct Customers
§ Identify their needs and End Users
expectation
External Providers
§ Evaluate these information
Regulators
VALUE ADDING
Employees
§ Better understanding of the Other Interested
customers and key players Parties
within the organization
§ Enhance ability to meet needs
and expectations Monitor and review 10
10

5
 ISO 9000:2015 FUNDAMENTALS AND VOCABULARY

3.6.4 REQUIREMENT (NEEDS & EXPECTATIONS)

Need or expectation that is stated, generally implied or obligatory
Ø “Generally implied” means that it is custom or common practice for the organization
and interested parties that the need or expectation under consideration is implied.
Ø A specified requirement is one that is stated, for example, in a documented
information.
Ø A qualifier can be used to denote a specific type of requirement, e.g. product
requirement, quality management requirement, customer requirements, quality
requirement
Ø Requirements can be generated by different interested parties or by the organization
itself
Ø It can be necessary for achieving high customer satisfaction to fulfil an expectation of
a customer even if it neither stated nor generally implied nor obligatory.

11
11

Stakeholder Analysis
UNDERSTANDING THE NEEDS AND EXPECTATIONS OF THE DIFFERENT INTERESTED
PARTIES OF THE ORGANIZATION
INTERESTED PARTIES NEEDS & POTENTIAL RISKS POTENTIAL
(A) EXPECTATIONS (C) OPPORTUNITIES
(B) (D)
1. End Users
2. Direct Customers
3. NGAs
4. LGUs
5. Central Office
6. Suppliers
7. Employees
8. Other Stakeholders

12
12

6
 Stakeholder Needs & Expectations – SGH Examples
UNDERSTANDING THE NEEDS AND EXPECTATIONS OF THE DIFFERENT INTERESTED PARTIES
INTERESTED PARTIES NEEDS & EXPECTATIONS
1. Citizens (Patients, Sick & Quality Health Facilities & Services, Accurate Health Information, Provision of Drugs and
Healthy People) Medicines, Financial Support (for the Poor), Quick Response During Emergencies
2. Health Facilities & Services Timely Processing of Permits and Licenses, Clearly-defined Policies and Guidelines, Provision
of Technical Assistance, Ease of Doing Business
3. LGUs (PHOs, CHOs, RHUs & Provision of Technical Assistance, Effective Capability Building, Provision of Health
BHWs) Information Materials, Financial Support, Provision of Logistics, Training & Development,
Human Resource for Health Support
4. NGAs (COA, DBM, CSC, Compliance to Statutory & Regulatory Requirements, Accurate & Timely Submission of
PhilHealth, GSIS) Reports, Accurate & Timely Remittance of Government Deductions
5. Central Office (OSEC & Alignment with Strategic Direction, Full Support for Health Programs and Initiatives, Timely
Bureaus) Submission of Reports, Essentials Inputs for Policy Development.
6. Suppliers (External Providers) Clear Specifications for Products & Services, Timely Payment of Claims
7. Employees Timely Salaries & Benefits , Provision of Training & Development, Good Working
Environment, Reward & Recognitions
8. Media Accurate Health Information & Statistics, Strong Partnerships.
13
13

Stakeholder Analysis Risks of Not Meeting Opportunities in

Interested Parties Requirements Requirements Meeting
Needs Expectations Requirements

End Users Customer Customer

Complaints Confidence
Direct Customers
Delayed supply of Quality Good &
Suppliers Services
goods and services
Regulators (Gov’t Risk of NOVs, No NOVs, No
Agencies) Penalties and Closure Penalties
Employees High Turn-Over of Higher Productivity,
Employees Longevity
Other Interested Good partnerships,
parties Loss of partnerships,
negative publicity good publicity
Monitor and review 14
14

7
 15
15
15

Situational analysis refers to a collection of

methods that managers use to analyze an
organization's internal and external environment to
understand the organization's capabilities,
customers, and business environment.
KEY 1. What issues are we facing in
QUESTIONS
realizing our vision and
mission?
2. Are these issues helpful or
harmful to us?
3. How can we improve? 16
16

8
4.1 Understanding the organization and its context
REQUIREMENT: (Mission & Vision, Capability) VALUE ADDING

§ Know the Internal Purpose & Strategic

Ability to achieve § The organization
and External Issues intended results of
Direction
the QMS will have a better
§ Check if these understanding of
issues are being strengths and
addressed or weaknesses in
improved relation to its
purpose and its
ability
EXTERNAL ISSUES: INTERNAL ISSUES: § Consideration of
Legal, technological, Values, culture, knowledge changes and
competitive, market, cultural, and performance of the
social and economic organization trends that
environments (international, surrounds it
national, regional or local) THE ORGANIZATION
17
17

Risks & Opportunities Arising From Issues

• STRENGTHS (Positive Internal Issues)
• Areas that the organization does well or its advantages
S
Positive Internal and
External Issues that can
• WEAKNESSES (Negative Internal Issues)
lead to opportunities by:
• Areas for improvement of the organization or its 1. Capitalizing on Strengths
W disadvantages 2. Taking advantage of
Opportunities

• OPPORTUNITIES (Positive External Issues)

• External factors that can contribute to the Negative Internal and
O organization and help build up its advantages External Issues that can lead
to risks resulting from:
1. Potential Effect of
• THREATS (Negative External Issues) Weaknesses
2. Potential effect threats
• External factors that can possibly have a negative
T effect to the organization in the future

18
18

9
 19
19

INTERNAL ISSUES – Can Be Assessed In Terms of 4Ms & 1E

1. Man – Human Aspects such as competence of personnel, organizational

behavior and culture, organizational knowledge, adequacy of manpower
2. Machine – Resources related to Infrastructure such as machines, equipment,
technology
3. Methods – operational factors related to internal processes such as policies,
rules, regulations, procedures, and capabilities
4. Measurements – factors related to performance of the organization. E.g.
Level of achievement of goals and targets, timeliness of procurement,
market share, passing percentage and related process performance.
5. Environment – factors related to internal environment such as physical, social
and psychological.

20
20
20

10
 INTERNAL ISSUES – SGH EXAMPLES
INTERNAL ISSUES STRENGTHS (POSITIVE) WEAKNESSES (NEGATIVE)
1. Man - Human Aspects such as competence of • Mostly Competent Health • Lack of Manpower
personnel, organizational behavior and culture, Professionals • Organization Knowledge not well
organizational knowledge, adequacy of • Quality Conscious established
manpower • Some are not following the
established procedures.
2. Machine - Resources related to Infrastructure • Wide land area • Inadequate wards
such as machines, equipment, technology • Functioning Hospital Information • Outdated Hospital Equipment
Management System

3. Methods – operational factors related to
internal processes such as policies, rules,
regulations, procedures, and capabilities
4. Measurements – Factors related to
performance of the organization
5. Environment – factors related to internal
environment such as physical, social and
psychological
21
• Established procedures for key
processes
• 100% compliance to COA Rules
and Regulations
• Less than 2% Mortality Rate
• 96% Discharged Improved Rate
• 93% Client Satisfaction Rate
• Hospital has a calm atmosphere
being away from the city
• No established procedure for
• Some policies are not
documented and not properly
communicated.
• Slow Procurement Process
• Billing and Collection Process 6
hours average
• Some wards are not properly
ventilated
21
21

EXTERNAL ISSUES – Can Be Assessed In Terms of PESTLE

1. Political - factors or conditions such as political stability, political
interventions, political pressures, political priorities
2. Economic – factors or conditions such as inflation forecast, economic
situation, money exchange rates
3. Social factors such as local unemployment rates, safety perceptions,
collective social culture
4. Technological – factors or conditions such as new technology, social media,
patents, online systems
5. Legal – factors or conditions related to existing or proposed statutory and
regulatory requirements, legal litigations, trade regulations, lawsuits.
6. Environmental – factors related to the preservation of the environment such
as wastes, pollution, ecological imbalance and etc.
22
22
22

11
 EXTERNAL ISSUES – SGH Examples
EXTERNAL ISSUES OPPORTUNITIES (POSITIVE) THREATS (NEGATIVE)
1. Political - factors or conditions such as political stability, • With strong support from Local • Political pressures from some
political interventions, political pressures, political priorities Government Officials. LGUs.
2. Economic – factors or conditions such as inflation forecast, • Credit Availability – Health Insurance • Most nearby constituents are
economic situation, money exchange rates below the poverty line

3. Social factors such as local unemployment rates, safety • Culturally sensitive population • Poor Health Seeking Behavior
perceptions, collective social culture • Jobless = Malnutrition/Poor Health
• Negative Publicity – e.g.
Immunization
4. Technological – factors or conditions such as new • Availability of Human Resource
technology, social media, patents, online systems Information System
• Awareness through social media
5. Legal – factors or conditions related to existing or proposed • COA Disallowances
statutory and regulatory requirements, legal litigations, trade
regulations, lawsuits.
6. Environmental – factors related to the preservation of the • Compliant to Waste Management
environment such as wastes, pollution, ecological imbalance System

23
23
23

is defined as the effect of uncertainty on

an expected result.
Ø An effect is a deviation from the expected –
positive or negative
Ø Positive risk is considered as an opportunity
Ø Risk is about what could happen and what
the effect of this happening might be
Ø Risk also considers how likely it is or how
severe 24 24
24

12
 ISO 9001:2015 Quality Management Systems - REQUIREMENTS
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall
consider the issues referred to in 4.1 and the requirements referred to in 4.2 and
determine the risks and opportunities that need to be addressed to:

a) give assurance that the quality management system can achieve its intended
result(s)
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement

25
25

ISO 9001:2015 Quality Management Systems - REQUIREMENTS

6.1 Actions to address risks and opportunities
6.1.2 The organization shall plan:
a) actions to address risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see
4.4);
2) evaluate effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to the potential impact
on the conformity of products and services.

26
26

13
 Elements of
SOURCE EVENT / INCIDENT CONSEQUENCE

RISK /
CAUSE
OPPORTUNITY
EFFECT

Probability Impact

Determining the cause is useful in Determining the effect is useful in

measuring the likelihood of the risk or measuring the severity of the risk or
opportunity opportunity
27
27

Risk-Based Thinking – What It Is?

QUALITY
MINDSET
CULTURE

28 28
28

14
Risk-Based Thinking – What It Is Not?

SEPARATE
PROCESS
COMPLEX
CULTURE PROCESS Operation RIsks

29 29
29

Why Adopt A Risk-Based Thinking?

qTo improve customer confidence
and satisfaction
qTo assure consistency of quality
goods and services
qTo establish a proactive culture of prevention
and improvement
qTo help build a strong knowledge base
30 30
30

15
6.1 Actions to address risks and opportunities
REQUIREMENT
§ identify the risks and
opportunities Plan
Identify
§ Plan actions to address risks and Actions
opportunities
§ Integrate and implement the plan
§ Evaluate effectiveness of these
actions.
RISKS &
OPPORTUNITIES
VALUE ADDING Make
Implement
§ Enhance ability to react to risks Improvements
& opportunities.
§ Promote a proactive culture.
§ Higher chance of achieving
Evaluate
results.
31 31
31

ISSUES VS RISKS/OPPORTUNITIES
PARTICULARS ISSUES RISKS and OPPORTUNITIES
A. Definition Factors or Conditions for Consideration Effect of uncertainty on an expected result. An
(can be positive or negative) effect is a deviation from expected- positive or
negative
B. Existence Existing in nature whether internal or Characterized by reference to potential events
external and consequences
C. Information Information is already known by the State of deficiency of information. There is
organization some level of uncertainty.
D. EXAMPLES
1. Positive Internal Issue Highly competent staff on health. Opportunity: Use internal experts to conduct
(Strength) training and awareness to new personnel.
2. Negative Internal Issue Slow Procurement Process Risk : Delay in delivery of medical supplies and
(Weakness) equipment
3. Positive External Issue Health Facility Enhancement Program Opportunity: Potential source of budget for
(Opportunities) by DOH additional buildings
4. Negative External Issue Negative media publicity on Risk : Some people will not cooperate in the
(Threat) Immunization Program immunization program.
32 32
32

16
What To Do?
• Identify what risks and opportunities are in your organization
1
• Analyze and prioritize the risks and opportunities in your organization
2
• Plan actions to address risks & opportunities
3
• Implement the plan
4
• Check the effectiveness of the actions
5

6 • Learn from experience – continual improvement

33
33

Methods of Determining Risks & Opportunities

1. Brainstorming
2. Turtle Diagram SIMPLE
3. Checklists
4. Structured What If Technique (SWIFT) TECHNIQUES
5. FMEA/FMECA
6. HACCP/HAZOP
7. Fault Tree Analysis / Event Tree Analysis
8. Cause and Effect Analysis MORE
9. Layers of Protection Analysis COMPLEX
10.Bow Tie Analysis
11.Monte Carlo Analysis TECHNIQUES
34
34

17
 Determining Risks
Source of Risks Examples of Risks Identified
1. Operational Accidents, Hospital Acquired Infections, Delay in Services,
Expired/Compromised Medicines, Machine Breakdowns,
Unavailability of Drugs and Medicines, Unavailability of Process
Equipment, Customer Complaints on Product/Service Quality
2. Financial Losses from Exchange Rates, Unpaid Collectibles, Increase in Interest
Rates due to Inflation, Tax Payables
3. Health and Safety Workplace Accidents, Work-related Injuries or Death, Infections,
Work-related Illnesses, Employee Burn-out, Work-related Stress,
Security Threats, Terrorism
4. Legal Fines and Penalties from Violations, Suspension of Operating Permits
and Licenses
5. Technological Outdated Machines and Equipment, Non-availability of Software
Support, Non-availability of Equipment Parts and Services
35
35
35

36
36
36

18
Assessing Risks

37
37

Evaluating Risks

38
38

19
 Actions To Address
Action Definition
1. Preventive Action (Eliminating the Actions to eliminate the cause of the risk in order to prevent it from
Risk Source) happening.

2. Risk Mitigation (Changing the Actions to change the likelihood of risk from happening or actions to
Likelihood or Consequences) minimize the impact or consequence if ever it occurs.

3. Risk Avoidance (Avoiding the Risks)
4. Risk Transfer (Sharing the Risks)
5. Risk Acceptance (Retaining the Risks
by Informed Decision)
Actions to avoid the risk at all by discontinuing the activity or taking
other actions.
Actions to share the risk with other entity or with the customer. Usually
accomplished by signing a documented information.
Accepting the risks and monitoring the progress of acceptance.

6. Opportunistic Approach (Taking Risk Actions to actively pursue an opportunity while recognizing the risk
in Order to Pursue an Opportunity) involved.
39 39
39

Actions To Address

40 40
40

20
 Determining Opportunities
Source of Opportunities Examples of Opportunities Identified
1. Operational New practices that could improve service delivery, new methods
that could improve quality of outputs, streamlining of processes,
new techniques to increase customer satisfaction
2. Financial Gains from Exchange Rates, Investment Opportunities, Loans to
Increase Budget
3. Health and Safety Adoption of practices to improve health and safety in the
workplace
4. Legal Benefits that could possibly arise from the newly created laws.
5. Technological Available new technology, process automations, new equipment
or infrastructure

41
41
41

Assessing Opportunities

42
42

21
 Evaluating Opportunities
43
Actions To Address
Action
1. Adoption of new practices
2. Launching New Products or
Services
3. Opening New Markets
4. Addressing New Customers
5. Building Partnerships
6. Using New Technologies
7. Other desirable & viable
possibilities
44
43
Usually results from Benchmarking Activities, Innovations,
Attendance to Training and Other Learning Opportunities
Usually results from forums, customer feedbacks, customer requests
Usually results from Market Analysis, Market Visits, Trade Missions,
Client Requests
Usually results from Customer Needs Analysis
Usually comes from linkage with other institutions such NGOs,
Associations, Societies, Government Institutions and others.
Usually results from automation of processes, technology fair, IT
Solutions, New Machinery or Equipment.
Usually address the organization’s or customer’s needs &
expectations. 44
22
 Actions To Address

45
45

Evaluating Effectiveness of Actions To Address Risks and Opportunities

Purpose of Taking Actions To Effectiveness Indicators:

Address Risks & Opportunities
(Clause 6.1.1)
a) give assurance that the
quality management system
can achieve its intended
result(s)
b) enhance desirable
effectives;
c) prevent, or reduce,
undesired effects;
d) achieve improvement
46
• Zero Incidence of
Occurrence of Risks
• Minimizing impact of risks
to an acceptable level
(minimal impact)
• Probability of occurrence
of risks reduced
• Attainment of Objectives
and Targets
• Zero noncompliance
• Improved customer
satisfaction
• Reduced process cycle
time
• Attainment of objectives
and targets
• Improved Process
Performance (Timeliness,
Accuracy, Completeness)
• Improvements
46

23
 Guide in Determining Actions To Address
CALENDAR PEOPLE

K
RIS

Actions must be Actions must have Actions must have

specific – aimed definite timeline – people assigned–
towards addressing when to implement authorities &
the risk the action responsibilities

47 47
47

Considerations in Evaluating Effectiveness of Actions to

Address Risks & Opportunities
1. When To Monitor

• Frequency of Monitoring - Monthly, Quarterly, Semi-annual

2. How To Monitor

• Method For Monitoring – Indicators of effectiveness to be used

3. Who Will Monitor

• Responsibilities and Authorities

48
48

24
Evaluating Effectiveness of Risks - depends on actions to address risks
Action Key Question Indicators
1. Preventive Action Did it prevent the risks from occurring? No Incidence or Occurrence of
(Eliminating Risks Source) Risks
2. Risk Mitigation (Changing Did it reduce the likelihood of risk from Likelihood of risks reduced
Likelihood or Consequences) occurring to an acceptable level?
Did it minimize the consequence or impact Consequence of Risks Minimized
that is acceptable?
3. Risk Avoidance Did it avoid the risks by stopping the activity? No Incidence or Occurrence of
(Avoiding Risks) Risks
4. Risks Transfers Questions in 1-3, can also be used when risks is Indicators in 1-3 can also be
(Sharing Risks) shared. used when risks is shared.
5. Risks Acceptance (Retaining Were occurrences of risks when retained is still Consequence of risks
Risks) acceptable? maintained still acceptable
6. Opportunistic Approach Were the benefits from the opportunity worth Benefits gained from the
(Taking Risk in Pursuing the costs of risks taken? opportunity vs costs of risks
Opportunity) 49
49

Ø Risk-based Thinking is a culture that everyone in

the organization must embrace;
Ø It’s an integral part of planning;
Ø QMS Requirements should help the
organization perform better;
Ø Everyone in the organization should see the
BIG PICTURE;
Ø Make Quality A Way of Life for Everyone!
50
50

25