Are the TC 176 Documents on Risk Based Thinking useful to you?

Are the ISO TC176 RBT documents useful in explaining the concept of risk?

  • Yes

    Votes: 4 16.7%
  • No

    Votes: 19 79.2%
  • I don't have a formed opinion

    Votes: 1 4.2%

  • Total voters
  • Poll closed .

Sidney Vianna

Post Responsibly
Staff member
Super Moderator
The ISO TC 176 develops not only standards, but supporting documents to assist organizations and individuals in understanding the contents of the standards, in terms of implementation and assessing conformance.

With the demise of the requirements for "preventive action" in the 2015 version of ISO 9001, the TC 176 SC2 decided to introduce the concept of Risk Based Thinking (RBT) in the standard. Not surprisingly, controversy ensued. Not necessarily about the concept of risk management, but HOW to make it easily understood, of pragmatic implementation and the facilitation of effective and consistent assessment by (internal and external) auditors.

Realizing that the CD and DIS have been subjected to sharp criticism around the RBT requirements, the TC 176 SC 2 has already released two documents to assist with a better understanding of the subject:

A presentation on ISO 9001 and Risk Based Thinking (here)

A paper on ISO 9001 and Risk (here)

I believe that the documents fall way short of providing practical, actionable and useful guidance for quality management system professionals to clearly understand what is needed to comply with ISO 9001:2015 in terms of RBT. Ditto for auditors.

At the risk of repeating the "process approach" fiasco since it's introduction in the 3rd Edition of ISO 9001, we might end up many diverging ideas of what RBT is. Failure to accomplish an universal comprehension of what RBT is, represents a failure of the standardization process. Standards, by design, MUST allow for effective implementation and conformity assessment practices. If Standards don't promote a COMMON UNDERSTANDING of a subject, it has failed it's mission.

So, I would like to poll Covers from all quadrants and ask if they believe that the documents developed, so far, to assist with an understanding of RBT have succeeded? Especially the paper on ISO 9001 and Risk, with the example of a road crossing. Can you extrapolate from that paper/example to your Quality System? Was the paper useful? Why did the TC cross the road? ;)
Last edited:


Quite Involved in Discussions
I agree with the sentiments regarding the road crossing analogy - it is cringe worthy.

The presentation is a little better but they both seem to concentrate more on risk rather than opportunity - yet the 2 are being pushed forwards together.

I must say that I got more from a video with Nigel Croft but I can't seem to find the link at the moment.

John Broomfield

Fully retired...
DIS 9001 did not specify enough for even the most experienced auditor to audit risk-based thinking (RBT) beyond the auditee knowing what their risks and opportunities are.

RBT may not result in any evidence or action by the auditee.

The FDIS should require the auditee to establish its own criteria for determining the significance of risks and opportunities related to its stakeholders and their needs for quality outcomes, products, processes and system.

Then users of the standard can focus on the processes and controls necessary to manage significant risks and opportunities.

Making up for a weak specification with guidance is not the solution.


Paul Simpson

Quite Involved in Discussions
Thanks for starting the poll, Sidney. I voted 'No'.

I start from the position of not understanding what message we are trying to convey with the phrase 'Risk based thinking'. In kicking the 3 words around in my head for longer than a minute I find questions emerge and, if that is the case, then RBT doesn't cut it as a principle in the same way as, say, 'Process Approach' does.

Now I accept that there is a lot more work to be done with Process Approach and I hope that WG 24 will give it further thought as well as revisiting RBT.

I'm not sure how auditors will take to RBT and what that will mean for assessments. I feel happy that my thinking (RB or not RB :D) about what quality is and how a management system should be aligned to: deliver quality; satisy customers; maximize opportunities; and manage risks remains largely unchanged.

I'll point some people to this thread if we can come up with some sensible guidance as to what RBT is and how to explain it. Or even if we recommend losing the term and deleting the guidance.:notme:

Peter Fraser

Trusted Information Resource

It is bound to fail since it is trying to justify a flawed concept - why on earth attempt to redefine "risk" as potentially positive, when even the rest of 9001 talks of "... and opportunities"? The example makes no sense to me.

The line "The concept of “opportunity” in the context of ISO 9001 relates to exceeding expectations and going beyond stated objectives" makes no sense to me either. An opportunity can be to be achieve an objective more efficiently or effectively, neither of which need impact on customer satisfaction.

And... the implication that preventive action is a "single component of a quality management system" implies a lack of understanding of "preventive action" - every time you accept an order, or allocate a project manager, you should be trying to prevent things from going wrong.

0 out of 10.

insect warfare

QA=Question Authority
I wonder if the next edition of ISO 9004 will be utilized to effectively cover the subject of RBT, and (more particularly) when it will be revised. So far, there seems to be no indication on ISO's website that a revision of ISO 9004 is just around the corner.

Does anyone here know what is in store for ISO 9004 during the ISO 9001:2015 transition period?

Brian :rolleyes:

Sidney Vianna

Post Responsibly
Staff member
Super Moderator
Does anyone here know what is in store for ISO 9004 during the ISO 9001:2015 transition period?
ISO 9004:2009 underwent a review process and was reaffirmed on 2014-06-18. It won't probably be revised for another 4-5 years. After the release of ISO 9001:2015, all the attention will go to the ISO/TS 9002 and hopefully that won't be botched too badly.


Super Moderator
Staff member
Super Moderator
I voted for the No ~~~
RBT aka prospects and consequences of every work, process and the system at large must be viewed keeping customer requirements and product quality in mind at all times. A great deal of considerations must be given to resource and infrastructure that is available on hand and considering the competence of the people involved. In particular I stress the competence because, even though people come under available resource, their measure gets hardly considered in effectiveness terms. At every such place where the consequences weigh large, they have to be brought up with potential loss estimation to the company and must be later compensated by necessary resource to showcase how such investment will directly impact on bringing down the loss estimation. The TC 176 document falls short of bringing this core risk assessment thinking into limelight. It could have done well with several better examples, under several real life scenario.