I have a new (potential) customer audit coming up. They are asking that I do a self assessment audit. One of their questions is do we perform risk management reviews (under product planning). We are ISO 9001:2000 compliant which does not include this requirement. Can anyone help explain to me what this is and maybe send me an example of one?