Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

Informational Is Identification of Risks and Opportunities required for QMS Processes?

dsanabria

Quite Involved in Discussions
#11
Thanks! I am familiar with all of this ISO guides. No suitable advices have been found there.
But I would like to return to initial question of this threat: Shall organization identify risks and opportunities for every identified QMS process?

Your opinion, please!
Overall - RISK should be incorporated into all movement of the Quality Management System and the Products and services that you provide. While no requirements to have a procedure written it is best business practice to implement one that everyone can see and measure.

in reality that is what ISO 9001:2015 wants you to do but they left it to you to define it, implemented and most important - let it add value to your QMS.

However, no auditor can give you an NCR if you do not have it written down.

NOTE: the Aerospace Risk Management System from the handbook has been published in this forum.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#12
My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.

Any opinions will be appreciated!
I have said it numerous times, RBT should have been coded as another principle in ISO 9000. Just like customer focus, leadership, process approach, etc...

The TC 176 developed this concept of RBT as a "replacement" for the preventive action requirement, which got dropped from 9001, taking into account the mandatory framework brought up by the HLS (annex SL) of the ISO/IEC Directives bla bla bla...

Whenever we are designing, implementing, improving, enhancing, revamping, etc. any business process which has a potential to affect product conformity and/or customer satisfaction, we are touching the "QMS", be it while we are selecting suppliers, packaging the product, designing a fabrication fixture, answering a call in the call centre, etc...

So, in my opinion, ANYTHING that an organization does which might affect product conformity and/or customer satisfaction, IRRESPECTIVE of where it happens, needs to be (AS FORMAL OR INFORMAL, COMMENSURATE TO THE POTENTIAL IMPACT) assessed for it's intrinsic risks.

An example of a typical daily occurrence that is not addressed, from a RBT perspective, in many organizations:

Sales people are allowed, sometimes encouraged to lie to a customer about delivery dates, in order to boost sales performance. In the long term, dissatisfied customers will drop that company as a supplier for chronic late deliveries. In the meantime, however, sales people make their quota, get their bonuses and management is "happy". Until they can't find new customers to replace the ones they lost.

So, is there a risk to allow sales people lying to customers about unrealistic delivery dates? I think it is obvious it does. ISO 9001 has requirements that should prevent that from happening, but does it? In the real world?
 

MVladimir

Involved - Posts
#13
So, in my opinion, ANYTHING that an organization does which might affect product conformity and/or customer satisfaction, IRRESPECTIVE of where it happens, needs to be (AS FORMAL OR INFORMAL, COMMENSURATE TO THE POTENTIAL IMPACT) assessed for it's intrinsic risks.
Practically useful point of view. I agree with you. But often Organization identifies a number of processes, not directly related with CS and OTD. For example - HR or Financial Management. Shall organization determined risks for this processes? I'm not sure that it is mandatory.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#14
Practically useful point of view. I agree with you. But often Organization identifies a number of processes, not directly related with CS and OTD. For example - HR or Financial Management. Shall organization determined risks for this processes? I'm not sure that it is mandatory.
We have a post here about the story of a small business that lost it's major customer because, someone in accounting decided out of the blue and unilaterally, that they would no longer accept payment by credit cards.

Financial management is not part of the QMS? We do know, for a fact, that a large percentage of customer dissatisfaction has to do with erroneous billing. Have a look at the Should the billing process....thread..

So, if billing is part of "financial management" and you fail to see the connection between billing mistakes and customer satisfaction, then your RBT needs re-calibration....just kidding.
 

MVladimir

Involved - Posts
#15
If I understood correctly based on our discussion about implementation of the RBT in the process approach - it is up to Organization to decide whether or not to determine risks to any QMS processes. Is it right?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#16
The risks exist, irrespective if the organization identify them, or not. Like the example I offered of sales people being incentivized by management to make the sale, even if they need to lie to the customer.

It is up to each organization to assess how significant the risks are and which ones need mitigation. Once again, the 9001 standard infers that such assessment should be as formal or informal, commensurate with the potential impacts.
 
Last edited:

MVladimir

Involved - Posts
#17
I found our discussion as very effective! Thanks for everybody involved! The final Sidney's statement will help to find right direction as to RBT implementation.:)
 

armani

Involved In Discussions
#18
Maybe it's just me, but it seems like this discussion thread hasn't reached any conclusion regarding the requirement to identify risks and opportunities for any QMS processes or requirement to identify risks and opportunities for all QMS processes.

In my opinion, ISO doesn't impose this requirement, neither for "any process" nor for "all processes" - 4.4.1f and 6.1 are too vague....it's a question of interpretation.

Any other opinions?
 
Last edited:

Mike S.

An Early 'Cover'
Trusted
#19
There are some very vague areas of the standard, but with respect to your question, 4.4.1.f and 6.1 is not that vague, IMO.

In addition, FWIW, I was told by an auditor and trainer who is part of TC176 that auditors will put a great deal of focus on the risks and opportunities associated with your key processes. YMMV.
 

armani

Involved In Discussions
#20
Then, where 4.4.1 and 6.1 says about requirements to identify risks for processes??....I repeat, for processes, not resulting from 4.1 and 4.2?? and much more, for ALL processes?
 
Top Bottom