In Reply to Parent Post by Helmut Jilling
just to be clear, many companies do not adequately evaluate and control risks.
I agree to some degree, however most of the companies which I have done work for have done, and do, appropriate risk analysis/use "risk based thinking" but many times it is not always formalized and documented, nor is the phrase "risk based thinking" used. In companies where it is formalized and documented, the company usually has high risk aspects (such as death) for end users such as in aviation, medical, pharma, marine and automotive, etc.
RBS is rehashing old stuff (I worked in risk assessment back in the 1980's in aerospace electronics but no one ever used the phrase "risk based thinking") and making "risk based thinking" into an ISO 9001 requirement will just be adding to confusion and complexity. I even remember working in a grocery when I was in high school around 1966-67, and while it wasn't called "risk based thinking", they went through a risk analysis to the point of training us that bagging groceries such as all canned (and other "hard") goods go into separate bags, "soft" items like bread were set aside and bagged last (and point out to customer which bag their bread was in). People don't like squashed bread or cans piled upon a bag of potato chips. Another aspect back then in grocery stores was how high objects must be stacked (and shelf height was figured into how shelving was set up in stores). Etc.Etc.
Philip Scalise did a good quick write up recently on a Linkedin group in which he spoke about "risk" in every day life. Each of us does a risk analysis every day in everything we do. We don't typically think of it as "risk based thinking", but everything we do is a risk assessment/risk based thinking to one degree or another. I was thinking about "risk based thinking" the other day when it was very cold here. My GF said to me, as I was leaving to go to the grocery store, "You better take your cell phone in case your car won't start". Tracey's "risk based thinking" was on and working. Another example: Every time I have bought a house since ground fault outlets have been available, I replaced EVERY outlet in the house with a ground fault outlet before I moved in.
The only good thing (on my end) I see coming out of this is more money for consultants, book writers and such. As they make ISO 9001 more and more prescriptive and complex, it makes ISO 9001 less appropriate and less useful - Especially to "Mom & Pop" businesses.
What matters will be the end ISO 9001:2015 document and the many ways it will be interpreted as each sentence is parsed.
But being a "consultant" this is, of course, good for us financially. To many of my clients, however, formalizing/documenting it is not typically value added (most are already doing it but this will make it more "formal" thus more costly). It is one more (increasing) cost of doing business.
In 2000 the buzz phrase was "The Process Approach" which is still not understood by many. This time around it's "Risk Based Thinking". I don't think this will become a significant issue, since most companies are already evaluating risks appropriately. I think the thing will be to get the phrase "risk based thinking" into their vocabulary.