Risk Identification and Risk Assessment for any Process - Is it necessary?

Stijloor

Leader
Super Moderator
Dear all

I asked my question (whether it is necessary to identify and assess risks for any QMS processes) in another thread, but I could not receive a clear answer.

Based on clause 6.1.1, the organization shall determine its risks and opportunities (e.g. emerge of new competitors). Based on clause 6.1.2, the organization shall plan actions to address the determined risks (e.g. reduction of product price for mentioned risk). These action shall implement through QMS processes,(reduction waste in production process, providing raw material with lower price by supply process, etc.) as it has been referred in clause 6.1.2 and has been stated in clause 4.4.1 f).

So, I think ISO 9001:2015 does not require to determine risks and opportunities for any processes. It requires to determine risks that effect on organizational objectives, and plan treatment actions and implement them through processes.

Is it right?

An often overlooked method to help you determine for which processes Risk Analysis should be conducted is to study your historical process performance data. (KPI's, CAR records, lessons learned, etc.)

Take look at process performance information (including previous corrective action requests) from the last 3 years. This will tell you how your processes have historically performed. You will notice quickly what processes would be prime candidates for Risk Analysis. A simple study will tell you what current risk mitigating provisions (if any) are in place and how effective they are.

Bottom line? Let current and past process performance be your guide. Do what makes business sense. "Return on investment" (ROI) also applies to risk mitigating investments.

Good luck!
 
Top Bottom