My conclusion - there is not any DIRECT requirements in 9001:2015 to identify risks and opportunities for ALL QMS processes.
Any opinions will be appreciated!
I have said it numerous times, RBT should have been coded as another principle in ISO 9000. Just like customer focus, leadership, process approach, etc...
The TC 176 developed this concept of RBT as a "replacement" for the preventive action requirement, which got dropped from 9001, taking into account the mandatory framework brought up by the HLS (annex SL) of the ISO/IEC Directives bla bla bla...
Whenever we are designing, implementing, improving, enhancing, revamping, etc. any business process which has a potential to affect product conformity and/or customer satisfaction, we are touching the "QMS", be it while we are selecting suppliers, packaging the product, designing a fabrication fixture, answering a call in the call centre, etc...
So, in my opinion, ANYTHING that an organization does which might affect product conformity and/or customer satisfaction, IRRESPECTIVE of where it happens, needs to be (AS FORMAL OR INFORMAL, COMMENSURATE TO THE POTENTIAL IMPACT) assessed for it's intrinsic risks.
An example of a typical daily occurrence that is not addressed, from a RBT perspective, in many organizations:
Sales people are allowed, sometimes encouraged to lie to a customer about delivery dates, in order to boost sales performance. In the long term, dissatisfied customers will drop that company as a supplier for chronic late deliveries. In the meantime, however, sales people make their quota, get their bonuses and management is "happy". Until they can't find new customers to replace the ones they lost.
So, is there a risk to allow sales people lying to customers about unrealistic delivery dates? I think it is obvious it does. ISO 9001 has requirements that should prevent that from happening, but does it? In the real world?