Informational Risk Management (and Risk Based Thinking) in ISO 9001:2015

[aburaggi]

hello everyone

does anyone made risk identification and assessment to share with us?

i like to see some samples

 

[Marc]

Re: Risk Management in ISO 9001:2015

See: How the addition of "Risk" will affect ISO 9001:2015.

Sidney has an ISO 9001:2015 group on Linkedin which is discussing Risk but I don't have the link off hand. I'm sure Sidney will add it here when he sees this post/thread.

Some Risk Examples: Financial uncertainty, project failure, security aspects, competition, technology problems, the effect on the environment from operations such as wastes produced and dangerous emission(s).

 

[Sidney Vianna]

Re: Risk Management in ISO 9001:2015

Sidney has an ISO 9001:2015 group on Linkedin which is discussing Risk but I don't have the link off hand. I'm sure Sidney will add it here.

This is the link for the discussion group but there is no material there, as requested by the OP.

 

[John Broomfield]

Re: Risk Management in ISO 9001:2015

hello everyone

does anyone made risk identification and assessment to share with us?

i like to see some samples

aburaggi,

We speak as if we are not already managing risk while realizing opportunities.

When we plan a new project or process we agree the objectives then we consider what could happen to stop us fulfilling the objectives and what we must do to be assured of meeting the objectives.

Accordingly, we ensure we have the necessary resources and controls in place to manage the risks while realizing the opportunity.

Resources include facilities, equipment, materials, authorities and competencies. Controls include methods, procedures, responsibilities, care and coordination. Of course, the resources and controls come with the necessary contingencies such as making sure we do not have single points of control.

For example, we are planning to do business with a supplier for the first time. We apply our established selection criteria and then invest in more monitoring than we do for suppliers accomplished in fulfilling our requirements. Another example, our customers are slow to pay. We find out why and may ensure our management system results in accurate invoices issued as soon as possible. Or, we design a product or process but want to ensure it does not cause injury so we organize multidisciplinary reviews between each design iteration.

Just about every decision is predicated by a risk assessment. Naturally, we need our management systems to help us to manage the knowledge proven useful to quickly assess opportunities and their risks.

The greatest risk, as I see it, is forgetting what we already know and do with our processes and projects in favor of chasing what ISO newly specifies explicitly instead of implicitly.

John

 

[heartolearn]

Re: Risk Management in ISO 9001:2015

In order to provide evidence it would seem from the text within Marc's post that the incorporation of risk based thinking will require some form of tool(s) to log in risks as they apply to the appropriate process. (This in itself becomes a process, does it not?) Personnel accepting of risk management seemingly would need guidance and a working structure to operate from. On-going risk to improvement opportunity conversions would require documentation of some type or else how could they be analyzed, reacted upon, measured and monitored, and lastly reported to Leadership?

 

[aburaggi]

Re: Risk Management in ISO 9001:2015

aburaggi,

We speak as if we are not already managing risk while realizing opportunities.

When we plan a new project or process we agree the objectives then we consider what could happen to stop us fulfilling the objectives and what we must do to be assured of meeting the objectives.

Accordingly, we ensure we have the necessary resources and controls in place to manage the risks while realizing the opportunity.

Resources include facilities, equipment, materials, authorities and competencies. Controls include methods, procedures, responsibilities, care and coordination. Of course, the resources and controls come with the necessary contingencies such as making sure we do not have single points of control.

For example, we are planning to do business with a supplier for the first time. We apply our established selection criteria and then invest in more monitoring than we do for suppliers accomplished in fulfilling our requirements. Another example, our customers are slow to pay. We find out why and may ensure our management system results in accurate invoices issued as soon as possible. Or, we design a product or process but want to ensure it does not cause injury so we organize multidisciplinary reviews between each design iteration.

Just about every decision is predicated by a risk assessment. Naturally, we need our management systems to help us to manage the knowledge proven useful to quickly assess opportunities and their risks.

The greatest risk, as I see it, is forgetting what we already know and do with our processes and projects in favor of chasing what ISO newly specifies explicitly instead of implicitly.

John

thanks John
of course risk always is considered that?s why we always add control measures in each and every process we do,,,, and i think incorporating it with the QMS should give a greater value. since the risk will be identified and evaluated. Frequency x Severity = Risk

i just need to see few samples -if exist- to start identifying and categorizing those risks

 

[John Broomfield]

Re: Risk Management in ISO 9001:2015

aburaggi,

Sure, we'd all like a few examples of the evidence expected of risk-based thinking as specified in the DIS.

The DIS also says that it is not specifying requirements for a risk-based management system.

So, are we to generate additional evidence to keep auditors happy or are we to continue managing risk as we now do, without keeping a record?

Hopefully, the FDIS will clarify this.

John

 

[LUV-d-4UM]

Re: Risk Management in ISO 9001:2015

I am taking a big risk by posting the Quality Policy statement for the ISO9001:2015 management system. I welcome everyone to critique this quality policy. Thank you.

"We the employees of XYZ company are committed to deliver quality in every product and service which we provide to all our customers. To meet this commitment we will:

Supply products and services which meet customer expectations and requirements surpassing or equalizing the competition

Develop and introduce innovative products and services to meet emerging expectations and requirements

Maintain an environment which encourages us to continuously strive to improve the quality of work, both individual and as a team.

This commitment to quality is a responsibility accepted by all XYZ Company employees to maintain the loyalty and trust of our customers."

 

[Helmut Jilling]

Re: Risk Management in ISO 9001:2015

thanks John
of course risk always is considered that?s why we always add control measures in each and every process we do,,,, and i think incorporating it with the QMS should give a greater value. since the risk will be identified and evaluated. Frequency x Severity = Risk

i just need to see few samples -if exist- to start identifying and categorizing those risks

just to be clear, many companies do not adequately evaluate and control risks.

 

[somashekar]

Re: Risk Management in ISO 9001:2015

just to be clear, many companies do not adequately evaluate and control risks.

Yes, very true.
They do not anticipate, they do not learn from past experiences.
They get surprises, shocks,
They firefight, they become busy, they get tired, then they also get appreciated, and a false sense of achievement is felt. They take pride in it, they get rewarded too for all the fire fighting.
Each process and process interaction must be assessed from two elements.
1. What is the Goal.
2. What are the prospects and consequences in the actions we plan towards meeting the goal.
Does the prospects weigh good, so we decide to go from Plan to Do, with all the available resources, and planned monitoring.
Are there any consequences likely to come up for which we have to make a Plan 2 as a backup...

How you want to document this is your freedom.