The Cove Business Standards Discussion Forums
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

ISO 9001 Risk control method - What could be the better way to control risks?

Monitor the Elsmar Forum
Courtesy Quick Links

Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services

International Quality Services

Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum

Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining

Ajit Basrur
Claritas Consulting, LLC

International Standards Bodies - World Wide Standards Bodies

AIAG - Automotive Industry Action Group

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology

Some Related Topic Tags
iso 9001:2015, risk management and analysis
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 24th February 2018, 12:39 AM

Total Posts: 157
Question ISO 9001 Risk control method - What could be the better way to control risks?

For those fellows who already have managed risks.
What could be the better way to control risks?

E.g. to use a format where risk is identified, is assigned probability and impact, risk value is calculated, also mentioning causes and so on.
It could have a control of the document, like any other control of Changes, for example the control of the procedure of control the documents.
This way, if a change in a risk is nedeed (impact, probability, action plans), by using this format , the document changes in revision, and changes are tracked.

The other way could be a simple spreadsheet where risk are registered, all data related to the risk, is fed.
But... because this control is is "live" document, it could be very easy to change aspects of risk without having evidences, because is a dynamic document.

So, in the way you manage risks, which method you think is best and why?

Thank you for give some light.

Sponsored Links
  Post Number #2  
Old 25th February 2018, 03:39 AM
John Broomfield's Avatar
John Broomfield

Total Posts: 2,660
Yin Yang Re: ISO 9001 Risk control method - What could be the better way to control risks?


Why not analyze how risks already are managed?

By respecting how your organization already works as a system to convert customer needs into cash you’ll learn a lot and establish a good working relationship with your colleagues.

Reading the standard and imposing new ways of managing risk are unlikely to win the support of your colleagues.

Listen well to the system of which you are part to see for yourself how risks are identified and dealt with so project and process teams are assured of fulfilling objectives and other requirements.

Focus on what they do to prevent failure and be assured of success starting with top management and then with the project managers and process owners.

When doing this your auditor-style “please show me” questions more readily prompt any necessary improvements.

Thank You to John Broomfield for your informative Post and/or Attachment!
  Post Number #3  
Old 8th March 2018, 03:35 PM
Joe Cruse's Avatar
Joe Cruse

Total Posts: 279
Re: ISO 9001 Risk control method - What could be the better way to control risks?

X2 for John.

We did not try to shoe-horn in a SWOT form, or charts, or some other, new/extra form to capture this activity in our QMS when going to 2015. Our organization does this ALL the time, and yours, in like manner, has been too, if it's been around for a while. You just need to take a look at how leadership and the core process (and sub-process) owners are communicating and discussing those risks and opportunities on a regular basis (daily,weekly, etc), and determine a way to capture evidence of that assessment/control activity. No need to have your managers change what they do, for this (unless, of course, it ISN'T happening, lol), just find a way to document it, that makes sense to your organization. And if a formal SWOT form makes sense for your organization, let your freak flag fly with it.

For example, our department heads meet with top mgt 2-3 days per week, and this group are the people responsible for either our QMS' core processes, or the sub-processes that support the core processes. In these meetings, there is TONS of risk/opportunity assessment, and as the person responsible for the QMS, I take notes in these meetings to document that activity, so that it is available for both us and any auditor. Then, when we perform Mgt Review, we look at these same things, in more of an upper level view, and that gets documented too, as part of the Mgt Review requirements of the 2015 revision. No charts or SWOT forms, but fully documented, nonetheless. And NEVER let an auditor TELL you that you MUST be using some SWOT form or other set of forms to document this activity; any method that documents this meets the requirements of the standard. Depending on how you document it, you may have to help an auditor understand it fully, but if it makes sense to you and your organization, that's #1, after meeting the standard's requirements.

Last edited by Joe Cruse; 8th March 2018 at 03:38 PM. Reason: fingers don't follow my brain well...
Thanks to Joe Cruse for your informative Post and/or Attachment!
  Post Number #4  
Old 9th March 2018, 12:51 PM

Total Posts: 157
Re: ISO 9001 Risk control method - What could be the better way to control risks?

Thanks John and Joe for your advise
I understand, regarding that I dont have to worry about the way of documenting

It depends of the organization how to manage this stuff.

But Joe, as you said, people is very interested in the management of risks and you do
the documentation which is reviewed in the MRs.
The ways is being documented, it could be done very simple, (no forms for requirements, no swots, no format, no fishbones), but I think that at least you have a minimal points in control, for example:
Risk detected, process, risk value, actions for mitigations, responsibles of actions, due dates, residual risk evaluation, it isnt so?


Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >


Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off

Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Opportunities only derived from Risks? Detecting Risk & Opportunities in ISO 9001 QAMTY ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1 29th March 2017 10:30 AM
Risk Impact - Risk Assessment Sample/Method per ISO 9001:2015 QAMTY ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1 19th January 2017 07:45 AM
Requirements under OHSAS 18001 for the Control of Risks OzDave Occupational Health & Safety Management Standards 8 5th December 2012 07:36 PM
Customer requires Controls Detection to match Control Plan Control Method Mark Paul FMEA and Control Plans 2 26th June 2011 10:45 PM
Information about Manufacturing Process Self Control and its potential risks mhhosseinipen Quality Tools, Improvement and Analysis 3 5th December 2006 09:04 AM

The time now is 10:42 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.

Misc. Internal Links

NOTE: This forum uses "Cookies"