ISO 9001 Consulting, Training
        and Auditing Services



Understanding ISO 9001:2015

Clause 6.1 - Risk-based Thinking                     

An organization's external and internal environment is subject to constant change and change is characterized by uncertainty which in turn pose risks. 

Uncertainty  may be defined as having insufficient or no knowledge of a potential event to determine whether or not it will happen or if it does happen, whether the outcomes of the event will be positive or negative. So uncertainty presents both risk and opportunity, with the potential to hinder or grow the business.

Risk is generally defined as participating in an event and thereby being exposed to the ‘uncertainty of the event and its consequences’. 

For example in a poker game there is always uncertainty as to who will win the pot. But unless you’re in the game there is no risk to you that you will lose your stake in it. In other words, to be at risk, you must participate in the event and be exposed to the uncertainty of the event and its consequences. You can have uncertainty without risk, but you cannot have risk without uncertainty.  

ISO 9000 gets more technical and defines risk as the “effect of uncertainty”. Effect is described as a “deviation from the expected”, either positive or negative. An organization may embark on a risky business venture expecting a 10% return on investment. The risk or effect of uncertainties related to the venture may in fact result in a loss (negative) of 50% or a gain (positive) of 20% (i.e. deviation from the expected 10% ROI).  

Risk management is about using processes, methods and tools for managing these risks. Risk management focuses on proactively identifying what could go wrong, prioritizing and evaluating risks and implementing strategies to deal with them. Organizations that proactively identify risks will be better positioned to achieve its business goals and strategies.

Risk based thinking takes a narrower focus in that it applies the above risk management definition to contextual risks and opportunities that relate to the organization's QMS as opposed to a full blown risk management system that covers the entire organization. The concept of preventive action is expressed through the application of risk based thinking in planning and implemeting QMS processes.

The ISO 9001:2015 standard does not call for formal methods for risk management or a documented risk management system. Organizations can decide whether or not to develop a more extensive risk management methodology through the application of other risk management guidance, standards and tools.

The organization must integrate the actions to address these risks and opportunities into its QMS processes using the PDCA cycle. Not all processes of a QMS represent the same level of risk in terms of the organization’s ability to meet its objectives and the effects of uncertainty are not the same for all organizations. Each organization is therefore responsible for the extent it applies risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks. 

Planning also requires monitoring and measuring these actions and gathering, analyzing and evaluating appropriate data and information to determine the effectiveness of such actions. This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews. These actions must be proportional to the potential impact on the conformity of products and services. 

When planning its QMS, the organization must consider the risks and opportunities presented by external and internal issues as well as the needs and expectations of interested parties, relevant to its purpose and strategic direction 

Opportunities can derive from favorable circumstances that can lead to the use of new practices, launch new products, enter new markets, address new clients, reduce waste or improve productivity, grow relationships, use new technology and other desirable and viable opportunities to facilitate the organization in achieving its strategic direction and enhance customer satisfaction.  

The ”Understanding ISO 9001:2015 eCourse provides more details on risk based thinking and management and shows you how to easily and effectively IMPLEMENT the action items required by  clause 6.1 of the Standard.  

    Copyright 2015 Toronto Copyright material askartsolutions 2015 Toronto

Protected by Copyscape Original Content Checker

ISO 9001 Home
◦  ISO 9001:2015 FAQ
◦  Purpose of the Standard
◦  Scope of the Standard
◦  Normative References, Terms and Definitions
◦  Context of the organization
◦  Understanding the needs of interested parties
◦  Determining the Scope of your QMS
◦  QMS and its processes
◦  Leadership and Commitment
◦  Customer Focus
◦  Quality Policy
◦  Organizational roles, responsibilities and authorities
◦  Risk Based Thinking
◦  Quality Objectives
◦  Planning For Changes
◦  Resources - General
◦  clause 7.1.2 -People
◦  clause 7.1.3 Infrastructure
◦  Environment for the operation of processes
◦  Measuring and Monitoring Resources
◦  Organizational Knowledge
◦  Competence
◦  Awareness
◦  Communication
◦  Documented Information
◦  Operational Planning and Control
◦  Customer Communication
◦  Determining requirements related to products and services
◦  Design and Development Planning
◦  Customer Communication
◦  Review of requirements related to products and services
◦  Design & Development Inputs
◦  True False Questions
◦  Sample Test Questions
ISO 9001 Consulting
◦  How To Select An ISO 9001 Consultant
◦  Compelling Reasons To Use An ISO 9001 Consultant
◦  What Services Can An ISO 9001 Consultant Provide?
◦  How To Select a Certification Body (Registrar)
◦  What Is The Process Approach?
◦  Useful Resources To Help You Implement ISO 9001
◦  What Are Outsourced Processes?
◦  What Are Quality Objectives?
◦  What Is Continual Improvement?
◦  What Is Customer Satisfaction?
ISO 9001 Implementation Guide
◦  Free Resources To Help You Implement ISO 9001
◦  Quality Policy
◦  Quality System Documentation
ISO 9001 Certification

Understanding ISO 9001:2008