ISO 9001:2015 - Definition of Opportunities (Per 6.1.1)

[QAMTY]

Mike
The opportunities may be detected and actions be taken alone?
I thought that would be addressed always only accompanied by one risk.
Please explain,thanks

 

[QAMTY]

Dear Howste
Please Comment about my assumptions about opportunity.
A case
Risk of not deliver on time.
Ok, an action plan to lower the risk suppose that the cause is lack of trucks, the mitigation could be to buy a truck, is ok? And an opportunity around this risk, may be to use the truck for other services in other area, is it ok? I have a doubt because in the Iso tc 176, in the well known example "to cross the road" they consider as opportunity, to install a bridge, to install light, etc. Which I consider th ese are mitigation (action plans)
Could you clarify this issue?and give some examples of opportunities tied to a risks?
Thanks

 

[charanjit singh]

The example of crossing a busy road to illustrate the positive side of risk (i.e. opportunity) does not seem to have any parallel in its application to quality management system. I have yet to find an example of such an opportunity, envisaged by clause 6.1.1. in this forum (or in other forums that I visit) that could not be covered by clause 10.3 (Continual Improvement)itself.

In fact in a forum I posed this hypothetical case:

"We all know that CB audits are based on sampling only; no sampling plan ensures 100% effectiveness. Taking advantage of this, some clever guys could take a risk and deliberately miss out on compliance with certain requirements and manage to get away with it saving some bucks"

Would that be considered a positive side of risk, comparable to the example of taking a risk and directly crossing a busy road without getting injured, thus save time?

I have received no comments so far.

 

[Oliver Aborque]

Definition of risk: the negative effect of uncertainty

Definition of opportunity: the positive effect of uncertainty.

In my view, that is how it should be defined. Risk in the real world is only associated with negative effects. TC176 defined it as both negative and positive and that is simply not how it is defined and understood in the normal world.

Question: Can I define risk and opportunities as my view if it will help. Since the definition will probably be changed in the future? Risk should only be associated with the negative, and opportunities with the positive. While ISO 9000:2015 is stated as a normative reference in 9001:2015, it isn't really mandatory is it? Opportunities is not even defined in 9000:2015. Why?

My view is if defined as I believe it should be, it doesn't really contradict the intent or definition anyway, it just helps users understand the context.

Now you strict CB auditor's can jump on me!!

Greetings Zearl and Everyone!

I almost had the same definition with Zearl only a little different. The definition which I was working on is shown below but I am not quite happy with it:

[FONT=&quot]1.1. [/FONT][FONT=&quot]Risk – effect of uncertainty on objectives (ISO 31000:2009)[/FONT]
[FONT=&quot]1.1.1. [/FONT][FONT=&quot]Opportunity – desirable effect of uncertainty on objectives or a set of circumstances which makes it possible to do something.[/FONT]
[FONT=&quot]1.1.2. [/FONT][FONT=&quot]Threat – undesirable effect of uncertainty on objectives.[/FONT]

I'm in the process of finishing our Company's Risks and Opportunities Management process document and so far the challenges are as follows:

A) The ISO 9001 is cryptic when it comes to what opportunity is (at least in my opinion).

B) As an effect of A, there seems to be several interpretations of the opportunities in the context of the standard.

With that, it seems obvious that the best way to go about this requirement is to have a clear definition of what risks and opportunities are. For me, I think it is best to say that risk is the universe of the effects of uncertainly on objectives. In that universe, we can have these four basic elements:

1. Strengths (Internal and Helpful)
- Internal context which the organization is good at (performance wise).
- Internal interested parties that are considered key helpful.

2. Weaknesses (Internal and Challenging)
- Internal context which the organization is bad at (performance wise).
- Internal interested parties that are considered harmful or challenging.

3. Opportunities (External and Helpful)
- External context which the organization can take advantage of (PESTLE).
- External interested parties that are considered helpful.

4. Threats (External and Challenging)
- External context which the organization should be cautions of (PESTLE).
- External interested parties that are considered harmful or challenging.

This is my attempt to make sense of SWOT in the context of the ISO 9001:2015 specifically clauses 4.1, 4.2, 6.1.1 and 6.1.2.

Let me know your thoughts.

 

[John Broomfield]

Greetings Zearl and Everyone!

I almost had the same definition with Zearl only a little different. The definition which I was working on is shown below but I am not quite happy with it:

[FONT=&quot]1.1. [/FONT][FONT=&quot]Risk – effect of uncertainty on objectives (ISO 31000:2009)[/FONT]
[FONT=&quot]1.1.1. [/FONT][FONT=&quot]Opportunity – desirable effect of uncertainty on objectives or a set of circumstances which makes it possible to do something.[/FONT]
[FONT=&quot]1.1.2. [/FONT][FONT=&quot]Threat – undesirable effect of uncertainty on objectives.[/FONT]

I'm in the process of finishing our Company's Risks and Opportunities Management process document and so far the challenges are as follows:

A) The ISO 9001 is cryptic when it comes to what opportunity is (at least in my opinion).

B) As an effect of A, there seems to be several interpretations of the opportunities in the context of the standard.

With that, it seems obvious that the best way to go about this requirement is to have a clear definition of what risks and opportunities are. For me, I think it is best to say that risk is the universe of the effects of uncertainly on objectives. In that universe, we can have these four basic elements:

1. Strengths (Internal and Helpful)
- Internal context which the organization is good at (performance wise).
- Internal interested parties that are considered key helpful.

2. Weaknesses (Internal and Challenging)
- Internal context which the organization is bad at (performance wise).
- Internal interested parties that are considered harmful or challenging.

3. Opportunities (External and Helpful)
- External context which the organization can take advantage of (PESTLE).
- External interested parties that are considered helpful.

4. Threats (External and Challenging)
- External context which the organization should be cautions of (PESTLE).
- External interested parties that are considered harmful or challenging.

This is my attempt to make sense of SWOT in the context of the ISO 9001:2015 specifically clauses 4.1, 4.2, 6.1.1 and 6.1.2.

Let me know your thoughts.

Oliver,

After doing all this risk assessment I would very much appreciate knowing what your organization ended up doing differently.

My contention is that organizations that already are process-based and using their management system (not entirely documented) to detect and avoid problems in fulfilling customer requirements are already doing a reasonable job of managing risk.

Did it lead to your colleagues' understanding of their management system being widened to include your organization's mission (reason for existing)? Or was their mission already about creating more satisfied customers?

Many thanks,

John

 

[Oliver Aborque]

Oliver,

After doing all this risk assessment I would very much appreciate knowing what your organization ended up doing differently.

My contention is that organizations that already are process-based and using their management system (not entirely documented) to detect and avoid problems in fulfilling customer requirements are already doing a reasonable job of managing risk.

Did it lead to your colleagues' understanding of their management system being widened to include your organization's mission (reason for existing)? Or was their mission already about creating more satisfied customers?

Many thanks,

John

Hi John,

We all know that in the new ISO 9001, risks and opportunities are cited together except in clause 5.1.1 item d. "promoting the use of the process approach and RISK-based thinking." This partnership of risks and opportunities appears to put the two on the same playing field.

However ISO/TC 176 published a paper entitled, Risk-Based Thinking in ISO 9001:2015 which defined an opportunity as such, "[FONT=&quot]Opportunity is not the positive side of risk. An opportunity is a set of circumstances which makes it possible to do something. Taking or not taking an opportunity then presents different levels of risk."

From that[/FONT] definition, I think they are referring at an opportunity as the chance to take a risk.

Borrowing the definition of risk from Occupational Safety and Health, risk is defined as "the chance or probability that a person will be harmed or experience an adverse health effect if exposed to a hazard." And looking at various Risk Management models, risk is mathematically represented as follows:

Risk = Probability (or Likelihood, Chance, Opportunity) X Hazard (or Threat, Severity)

But again, from SWOT, an opportunity is an external factor that is helpful while a threat is an external factor that is harmful or challenging.

So, in my opinion, the next version of the standard should clarify the risk and opportunities issue - most especially the opportunities' side.

Regards,

Oliver

 

[John Broomfield]

Sure, but ISO 9001:2015 is not specifying such a methodology.

Normally, organizations seek and take opportunities to serve their customers well. In doing this the organization, aided by its management system, obviates eventualities that may be contrary to this goal.

Such is the nature of a process-based organization with a mission to create more satisfied customers.

It is better to understand how the organization naturally works as a system to address the risks that may stop it from exploiting its opportunities to serve customers well than to impose unneeded tools on that organization.

Listen to the system first and then evolve or tweak the tools as a result of learning from the system.

Thankfully, competent auditors ignore vague ‘requirements’ until the standard evolves to reflect more closely the way effective organizations actually work as systems.