Is Identification of Risks and Opportunities required for QMS Processes?

morteza

Quite Involved in Discussions
#1
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
 
Q

QAMTY

#2
Dear Morteza
Look at here:
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to.....

When you plan, you take into consideration the processes, and into this processes you may have risk and opportunities.

Hope this helps
 

randomname

Involved In Discussions
#3
From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
 

morteza

Quite Involved in Discussions
#4
From section .1:

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise
That's good reference. But as you known it is not a requirement. It is a statement just placed in "Introduction" section.
 

dsanabria

Quite Involved in Discussions
#5
Dear all

I searched in ISO 9001 requirements to find a requirement about the necessity for risk identification for any QMS processes.

As you know, in 4.4.1 f) the standard requires that the QMS process shall address risks and opportunities determined in accordance with the requirement of 6.1.

So, I think that it is only mandatory to identify high level risks and opportunities based on environmental analysis (SWOT, PESTEL,etc) for strategic goals and objectives and there is not any requirement to identify risks and opportunities for any QMS processes. Is it right?

Thanks all
From Annex A.4

Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process.

Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard (e.g., through the application of other guidance or standards).

Not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the effects of uncertainty are not the same for all organizations.


Under the requirements of 6.1, the organization is responsible for its application of risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.
 

MVladimir

Involved - Posts
#6
This is one of ununderstandable topic of 9001:2015. ISO TC 176 does not provide the clear explanation about that. ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 only states:
"These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk-based thinking is used throughout the process approach to:
• Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results
• Define the extent of process planning and controls needed (based on risk)
• improve the effectiveness of the quality management system
• maintain and manage a system that inherently addresses risk and meets objectives."
Very general and poor explanation indeed!
I personally use and suggest you the following approach:
Initially, take into consideration the requirement of 4.4.1 f. "The organization shall ... address the risks and opportunities as determined in accordance with the requirements of 6.1";
Following this statement, cl.6.1 "Actions to Address Risks and Opportunities" is a starting point in the risk-based thinking and the main purpose here is to determine the risks and opportunities that need to be addressed in QMS at a whole.
After risks determined the organization shall integrate and implement the actions into its quality management system processes (cl. 6.1.2). In the other words - divide risks between processes.
Therefore, for some processes risks will be relevant, but for others - irrelevant.
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
 

MVladimir

Involved - Posts
#8
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :)

Vladimir
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
Jen,
As for me - yes, of course. Above mentioned document - ISO/TC 176/SC 2/N1289 THE PROCESS APPROACH IN ISO 9001:2015 has been downloaded from ISO/TC 176 home page. What then? ISO provides very poor explanation with respect to a lot of requirements. :) Vladimir
I feel your pain. There is additional guidance provided in ISO/TS 9002:2016(E), Quality management systems - Guidelines for the application of ISO 9001:2015, and ISO 9000:2015 - Quality management system Fundamentals and vocabulary.

To provide insight on what is expected of auditors to verify conformance to requirements, the ISO 9001 Auditing Practices Group has published a website for auditors, consultants and quality practitioners.

I hope this helps!
 

MVladimir

Involved - Posts
#10
Thanks! I am familiar with all of this ISO guides. No suitable advices have been found there.
But I would like to return to initial question of this threat: Shall organization identify risks and opportunities for every identified QMS process?

Your opinion, please!
 

Top