Risk-Based Thinking

Why

  • ISO 9001:2015 says we should incorporate risk-based thinking and take actions to address risks and opportunities.

  • It can help prevent, or reduce, undesired effects.[1]

  • It can help achieve continual improvement.[1]

  • To provide customers confidence in the organization’s ability to consistently provide conforming goods and services

  • By taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.

See glossary entry for risk-based thinking.

How

We do not boil the ocean, but rather focus risk thinking.

Actions taken to address risks and opportunities should be proportionate to the potential impact on the conformity of products and services.[1]

Use risk-based thinking to make preventive action part of the routine.[1]

Establish a proactive culture of prevention and improvement.[1]

Maintain a risk register or risk log to record identified risks, their impact, and the actions steps to be taken.[1]

  1. Analyze and prioritize the risks and opportunities in your organization.[1]

    • what is acceptable?

    • what is unacceptable?

  2. Plan actions to address the risks.[1]

    • how can I avoid or eliminate the risk?

    • how can I mitigate the risk?

  3. Implement the plan – take action.[1]

  4. Check the effectiveness of the actions – does it work?[1]

  5. Learn from experience – continual improvement.[1]

  6. Make risk-based thinking an integral part of the organizational culture.[1]


1. A “Risk Based Thinking” Model for ISO 9001:2015 by Bob Deysher, url: http://asq.org/audit/2015/01/a-risk-based-thinking-model-for-iso-9001-2015.pdf
comments powered by Disqus