Management Systems: Identifying and Analyzing RISKS & OPPORTUNITIES
Clause 6.1 “actions to address risks and opportunities” of ISO 9001:2015 replaces the ‘’preventative actions’’ implicitly incorporated in the previous standard to mitigate and avoid risk.
The term ‘’risk’’ as used in the standard is a deviation from the expected. This deviation can be positive or negative. This positive deviation can safely create a path to a new opportunity. Hence, addressing risk could result to pursuing a new opportunity. Effective risk management definitely results to effective preparation for uncertainties.
Opportunities can include such things as:
- Adoption of new customers,
- Manufacture of new products,
- Implementation of new technology or practices.
The following are some specific areas where risk appears and are mandatory in the new standard:
- Organizational context: Specifically, clause 4.4 ‘’quality management system and its processes’’ mandating the overall quality management system (QMS) to consider both risks and opportunities as part of its core planning processes.
- Leadership: Specifically, clause 5.1 ‘’leadership and commitment’’, mandating those leading the organization to promote risk-based thinking. And, clause 5.1.2 ‘’customer focus’’, ensuring that risks and opportunities that affect customers are determined and addressed.
- Planning: Specifically, clause 6.1 ‘’actions to address risks and opportunities’’ mandating determining and addressing risks and opportunities when planning for the QMS.
- Performance evaluation: Specifically, clause 9.1.3 ‘’analysis and evaluation’’ mandating evaluation of the effectiveness of actions taken to address risks and opportunities.
- Improvement: Specifically, clause 10.2 ‘’nonconformity and corrective action’’ mandating update of risks and opportunities determined during planning, if necessary.
Methods of Identifying and Addressing Risk
They include:
- Maintaining a risk register,
- Conducting FMEA study (Failure Mode Effects Analysis),
- Conducting FTA (Fault Tree Analysis),
- Applying a Probability and Impact Matrix.
Steps to Address Risks and Opportunities
Two metrics are needed to effectively evaluate risk and opportunities, they:
- Probability: The possibility that the risk would occur.
- Severity: The seriousness of the risk if it occurs.
Consider the following steps when addressing risks and opportunities:
- Determine the type and source of risk and opportunity: Does it originate from context, process and products/ services.
- Determine Risk Category: What category is the risk classified?
- Determine Risk Impact and Probability: Define the impact and the probability of the risk occurring.
- Determine Risk Treatment and Action: Determine how the organization will treat the risk and create a predefined list of treatments. Also, determine acceptable action to treat the risk.
- Review and Documentation: Regularly review risks and opportunities and ensure proper documentation at each stage of the process as evidence of actions taken.
About the Author
Adebayo is a thought leader in continuous process improvement and manufacturing excellence. He is a Certified Six Sigma Master Black Belt (CSSMBB), Digital Manufacturing Professional and Management Systems Lead Auditor (ISO 9001, 45001 & ISO 22000) with strong experience leading various continuous improvement initiative in top manufacturing organizations.
You can reach him here.
