Dilemma about choosing the most applicable clause related to Risk

I audited Quoting and Customer Service and found that Quoting guys had assessed risk and loaded applicable info into the system, but after the customer order is received, CS would not review the risk from there and neither communicate it to the areas involved (such as production, purchasing, scheduling, etc). We also have an internal instruction that requires risk monitoring and communication.

I have raised an audit nonconformance about risk not being reviewed and communicated, against internal requirements and when I got to add the clause from ISO 9001:2015, I had troubles trying to figure out what clause would be the most appropriate to use in this case: 4.4.1 f), 5.1.2 b) or 6.1.2 b)1) ??

I would very much appreciate the help, because really... I am quite troubled about the fact that sometimes I think it's one clause, later I choose another one and after a while return to the first choice, etc... to me, the standard does not appear very clear about some references to risk.
Elsmar Forum Sponsor

John Broomfield

Super Moderator

Having priced for adverse risks and beneficial risks, Quoting have made this information (the basis for pricing) available on the system so it can be used by all the other folk in understanding and fulfilling customer requirements?

Under what circumstances would you expect the other areas to consult this basis for the pricing?

Then we can see if we have a failure to communicate what needs to be communicated (7.4a).


Per our internal instruction CS has to review the risk assessed and communicate it, but it does not happen.

Information posted by Quoting is saved in the system but if nobody knows about it how are they supposed to take actions (either those in the initial mitigation or other)? Quoting and CS have different areas to post information, and everybody checks the information under the order not under the quote. I had the idea to flag those items with risk, to be visible to all... but this is part of the corrective action (beside training and maybe others that we'll decide as a team).

I tried to analyse what clause in the standard would fit this. To me it seems that "we do not take actions" because in this instance communication is also part of the action. Also it may be that we have a problem with "implementation" or about not "addressing risks"... so I am very confused...
I also thought about using "communication" clause but CS did not review the risk + communicate so in the end we did not take actions about the risks we assessed... Right?
Also, only CS may know how to retrieve the quote, nobody else would be able to retrieve the quote for a certain order (different numbers in the system)
Last edited:

John Broomfield

Super Moderator

So, Quoting prices for the risks but the quotes are inaccessible to the team responsible for fulfilling the quote, is that right?

I see little point in CS reviewing the results of the risk assessment after the quote has been sent to the customer.

It would though be handy for the realization team to know the risks so they can watch out for any unforeseen risks.

The nature of the nonconformity is a failure to communicate. What’s more is a failure of management to monitor and correct this particular communication process.

The communication of risks determined by Quoting is ineffective and this would appear to be a 7.4d nonconformity.

But you may also want to find out if management knew this and failed to correct it.


Sidney Vianna

Post Responsibly
Michelle, whenever the organization establishes a process/procedure, but it is not followed, you can claim that the method needed to ensure the effective operation of the processes is not being applied, which violates the (high level) requirement contained in ISO 9001:2015 4.4.1c). You can also look at 4.4.1f) for this specific case.

Sometimes, we get too hung up in finding a pidgeon hole for a finding, non-conformity, observation, etc...The key issue is to report what you found and IF TOP MANAGEMENT IS SERIOUS about the audit results, they will take appropriate action for the sake of business performance.

A very strong suggestion I have for you is to make it clear to TOP MANAGEMENT the problems with CS not doing their share of updating risks along the life cycle of the order. Until you can PROVE, with EXAMPLES (the most recent, the better) of snafus, customer dissatisfaction, financial losses, etc, the issue is REAL, top management might not pay attention to what you are reporting. In other words, what are the REAL BUSINESS IMPLICATIONS for the lack of discipline in CS, in terms of risk updating? They might consider that part of the process a valueless bureaucracy that just drain time (resources) without adding any significant business benefit. Connect the dots to management, if you have actual data. Otherwise, chances are, you might be deemed a nit-picker....

Good luck.
Another place to look would be Management Review. 9.3.2e requires discussion of effectiveness of actions taken to address risk. In your case it appears that no action was taken at all.

Jim Wynne

So, Quoting prices for the risks but the quotes are inaccessible to the team responsible for fulfilling the quote, is that right?
I'm not seeing where the recording of risk by CS had anything to do with pricing. In fact, at this point we don't know what types of risks are involved, so it would be good if the OP could explain. Also, it's almost never a good idea to cite the standard in internal audit NC reports. The organization's own requirements should be cited, in which case it should be clear what requirement was unfulfilled. It should be noted that the organization's internal requirements might not (in some cases) be traceable to the standard at all.
Thank you all very much for your help, your advice is so much appreciated!

All written above actually prove that this type of issue may belong to multiple areas, be either communication or actions not completed or risk effectiveness. I know for sure that this is a nonconformance against internal requirements, was just worried about the clause from the standard that I would choose (I know that sometimes we may not have an applicable clause for an internal requirement, but in this case I had a very strong feeling that we had...)
I've already talked with several managers about this and everybody understood the issue, we even talked about some possible solutions, e.g. adding more controls to the process + training/retraining CS. What is the purpose to assess risk if nobody knows about it?? CS personnel receive the orders and are supposed to review that risk, that maybe changed since the Quote was sent, could be either higher or lower or no risk at all... If they are the only ones able to retrieve the quotes, they have to inform those implicated. I think we also need to work more on "how they would inform others".

Again, thank you very much.
Thread starter Similar threads Forum Replies Date
C First Round of QMS Internal Audits - Ethical Dilemma Internal Auditing 10
Sidney Vianna Interesting Discussion (unchecked) Social Media is destroying society (as we know it) - The Social Dilemma documentary and alike videos.... Coffee Break and Water Cooler Discussions 10
shimonv Storage Conditions of 5-40 Celsius - Accelerated and real time aging - Dilemma EU Medical Device Regulations 3
A CAR from 3rd party AS9100D auditor - Root cause dilemma AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 45
Q ISO 9001 Requirement Dilemma - Security Aspects Quality Management System (QMS) Manuals 14
B Histogram beginner dilemma - Manual Calculation vs. JMP 7 Quality Tools, Improvement and Analysis 12
M True Position and MMC (Dilemma Between Engineers) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Training Matrix Dilemma Excel .xls Spreadsheet Templates and Tools 2
D Auditor's Dilemma Imported Legacy Blogs 16
optomist1 Feature Control Frame is applied to the end of a Cylinder - Datum Dilemma Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
V Steve Jobs solved Innovator's Dilemma World News 8
R Another ISO 9001 Clause 7.3 dilemma - Two organizations under one roof Design and Development of Products and Processes 6
S Is it a Medical Device ? a bit of a dilemma? EU Medical Device Regulations 4
F Quality vs. Quality System - My dilemma Design and Development of Products and Processes 4
G Slip fit - Size on size dilemma for pin and plug gages Manufacturing and Related Processes 4
D Consultant's Dilemma - Implementation project is behind schedule Consultants and Consulting 16
M The dilemma of Falsifying Inspection Results - aka Fraud Inspection, Prints (Drawings), Testing, Sampling and Related Topics 56
GStough Auditing Dilemma - New Manager - What To Do? (long) Internal Auditing 13
Ron Rompen CMM Output Dilemma - Splines are not very friendly to work with General Measurement Device and Calibration Topics 3
F Nonconformance dilemma - "Actual" nonconformance vs. "Indicated" nonconformance Nonconformance and Corrective Action 19
J ABS Signal Testing Dilemma Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
S Another TS 16949 Dilemma - Analysis of Data 8.4 a) customer satisfaction (see 8.2.1) IATF 16949 - Automotive Quality Systems Standard 5
D ISO 9001, 7.4.3 - Dilemma: Verification of purchased product ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S Test Engineering Process Dilemma ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Control Chart CpK dilemma - Defect Per Unit data on a single production line Capability, Accuracy and Stability - Processes, Machines, etc. 16
R Design Control - Validation and Verification Dilemma Design and Development of Products and Processes 9
G Gage Pin Dilemma - Is there an "easier" way to put our gage pins in our system? General Measurement Device and Calibration Topics 8
S Help needed in choosing the method of calculating the minimum sample size Internal Auditing 12
T Choosing a Notified Body for MDR - SGS/BSI/DNV/DQS-MED Registrars and Notified Bodies 0
E Choosing correct MOPs IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
Q Choosing Nonconformities to Report ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
Q Old products new class - Dental Devices - Choosing tests EU Medical Device Regulations 2
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
T AS9100D - Scope of QMS for New Company - Only Choosing a Function Subset Due to Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
J Choosing QMS Software for Aerospace Company Quality Assurance and Compliance Software Tools and Solutions 5
B Choosing not to calibrate (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 6
Q Choosing between ISO 9001 (2015) & TL 9000 certifications ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
H On choosing touchscreen displays and ensuring IEC 60601 compliance IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
Q Choosing In-Process Inspection Characteristics Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
L Choosing the correct Distribution for Acceptance Sampling Inspection, Prints (Drawings), Testing, Sampling and Related Topics 19
S Choosing a suitable type of Elisa to Test my Sample Misc. Quality Assurance and Business Systems Related Topics 3
S Choosing the correct Elisa Test Food Safety - ISO 22000, HACCP (21 CFR 120) 1
K Choosing a Six Sigma training organization Six Sigma 4
H Choosing between RABQSA Lead Auditor or ASQ CQA Certification Professional Certifications and Degrees 2
S Choosing ISO 9001 Training and if I need the training for work ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S CE Marking choosing between module A, B CE Marking (Conformité Européene) / CB Scheme 2
A Getting Stuck Choosing a Sampling Plan Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
M Choosing the right Industry Financial Report Manufacturing and Related Processes 1

Similar threads

Top Bottom