The concept of risk-based thinking has been adopted explicitly by ISO 9001:2015 and replaces the previously stated requirement in ISO 9001:2008 for ‘preventive action’.
In ISO 9001 , risk is defined as ”the effect of uncertainty”. Therefore, risk management in relation to quality, involves the identification, assessment and prioritisation of risks to product or service conformity. The purpose of this activity is to minimize the potential negative effects of opportunities and risks.
Risk in relation to quality
Both internally as externally quality risks can arise to the company. Internal risks include:
- storage of raw materials
- storage of finished products
- after-sales support
External risks, which could extend throughout the supply chain, include:
- legal/regulatory compliance
- suppliers/delivery partners
- political/social/economic factors
- special interest groups/action groups
- general public
Identifying and assessing risks
Tools and techniques to assist in the identification of such risks to quality include brainstorming, fault tree analysis, process mapping and failure modes and effects analysis (FMEA). Effective application of these tools can help to identify risks.
Options to address risks
Options for addressing risks include:
- avoidance of the source of the risk
- taking action to reduce the likelihood of the risk
- taking action to reduce the severity of the risk
- transferring the risk to a third party
- retaining the risk under informed decision (perhaps in order to pursue an opportunity)
Benefits of addressing risks
The benefits of addressing risks include:
- reduced likelihood of occurrence
- reduced insurance premiums
- added assurance for investors/shareholders
- improved customer satisfaction
- improved employee engagement
Following a thorough risk assessment of your business operations, you can formulate a comprehensive, robust and practical Business Continuity Plan and/or Disaster Recovery Plan. As a result, you are able to be proactive in identifying risks and addressing potential pitfalls. This is surely preferable to simply leaving your business success to chance.