The importance of risk in quality management Whitepaper

Similar documents
ISO/IEC 27001:2013 Your implementation guide

ISO 9001:2015 Revision Frequently Asked Questions

ISO 14001:2015 How your ISO audit will be different. Whitepaper

ISO 9001:2015 Your implementation guide

9100:2016 Series of Standards Frequently Asked Questions (FAQs)

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

ISO Revisions Whitepaper

Updates on CD/ISO 9001:2015

NEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013

ISO 14001:2004 vs. ISO 14001:2015

A Risk Based Thinking Model for ISO 9001:2015

ISO 9001 and the Supply Chain

When Recognition Matters WHITEPAPER ISO RISK MANAGEMENT PRINCIPLES AND GUIDELINES.

ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

Preparation for ISO OH&S Management Systems

How to manage the transition successfully ISO 9001:2015 TOP MANAGEMENT - QUALITY MANAGERS TECHNICAL GUIDE. Move Forward with Confidence

Appendix 3 (normative) High level structure, identical core text, common terms and core definitions

Moving from ISO 9001:2008 to ISO 9001:2015

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

ENTERPRISE RISK MANAGEMENT FRAMEWORK

CQI. Chartered Quality Institute

ISO 9001: 2015 EXPECTATIONS OVERVIEW & Presenter Name Paul J. Kunder. Former US Representative to ISO 20 Yrs. Voting Member USTAG - TC 176

GENERIC STANDARDS CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE CUSTOMISED SOLUTIONS INDUSTRY STANDARDS TRAINING SERVICES THE ROUTE TO

What changes will ISO 9001:2015 bring?

Confident in our Future, Risk Management Policy Statement and Strategy

John Tighe ISO 9001 Lead Auditor & Scheme Champion. Alongside CD1, the ballot for 3 specific questions agreed in Sept 2013.

ISO 9001:2015. A look at the Revised Standard 9/23/2015 1

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

ISO 14001:2015 Client Transition Checklist

ISO 14001: White Paper on the Changes to the ISO Standard on Environmental Management Systems JULY 2015

Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI

THE PROCESS APPROACH IN ISO 9001:2015

Need to optimize your assets? Be proactive with ISO

ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

ISO 9001:2015 Revision overview

Concerned about road safety? BS ISO will help you save lives.

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

Disclosure to Promote the Right To Information

Risk Management & Business Continuity Manual

Chapter 2 ISO 9001:2008 QMS

Implementing an Implementation Strategy for ISO 15189:2012

Preparing yourself for ISO/IEC

Quality Manual ISO 9001:2015 Quality Management System

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

Document: ISO/TC 176/SC 2/N 1147

Quality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB GMP BLOG inspiredpharmablog.

RISK MANAGEMENT POLICY (Revised October 2015)

QUALITY RISK MANAGEMENT (QRM): A REVIEW

Internal Quality Management System Audit Checklist (ISO9001:2015) Q# ISO 9001:2015 Clause Audit Question Audit Evidence 4 Context of the Organization

Environmental management systems Requirements with guidance for use

OAC Presentation to UNESCO Member States

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Solihull Clinical Commissioning Group

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

White paper. Corrective action: The closed-loop system

MANAGEMENT SYSTEMS WHITE PAPER OF ISO 9001 REVISION. ISO 9001:2015 Revision. Understanding Changes and Preparing for Transition

Benefit from integrating your management systems. Start now with PAS 99, BSI s world-class framework

Business Continuity Management

Improving Management Review Meetings Frequently Asked Questions (FAQs)

Emerging ISO Standards on Facilities Management. Questions? May 7, Administrative Office of the U.S. Courts

Implementing ISO 9001

Fraud Risk Management

ISO Energy Management It s your cost. Your implementation guide

IFAD Policy on Enterprise Risk Management

The PNC Financial Services Group, Inc. Business Continuity Program

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

Need to protect your information? Take action with BSI s ISO/IEC

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

Risk Management Primer

Corporate Risk Management Policy

RISK MANAGEMENT POLICY

Business Continuity Policy

Business Continuity Management Framework

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

Topic 1 Introduction. to the Fundamentals of Project Management INTRODUCTION LEARNING OUTCOMES

Guidance for Industry: Quality Risk Management

Charles Corrie, Belo Horizonte,

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

ISO 9001:2015 Overview of the Revised International Standard

Space project management

SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach

ISO 9001: 2008 Boosting quality to differentiate yourself from the competition. xxxx November 2008

CORPORATE INFORMATION AND TECHNOLOGY STRATEGY

Enterprise Risk Management: Taking the First Steps

The new ISO standard Standard Template

ISO 14001:2015: Key Changes

Correlation matrices between 9100:2009 and 9100:2016

Quality management/change management: two sides of the same coin?

Risk Management Policy

Policy : Enterprise Risk Management Policy

DNV GL Assessment Checklist ISO 9001:2015

LeadingAge Maryland. QAPI: Quality Assurance Performance Improvement

Supporting information technology risk management

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Transcription:

The importance of risk in quality management Whitepaper

Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject to review on a regular basis. When considering the 2015 revision, the committee responsible decided that change was necessary in order to: Adapt to a changing world Enhance an organization s ability to satisfy its customers Provide greater focus on the customer Provide a consistent foundation for the future Reflect the increasingly complex environments in which organizations operate Ensure the new standard reflects the needs of all interested parties The research that was carried out as part of the review process recognized that several other important changes were required since the last major change in 2000. These were: Providing a foundation for the integration with other management systems Introducing risk-based thinking, now prevalent in many organizations Aligning the QMS policy and objectives with the strategy of an organization Providing greater flexibility with documentation To facilitate the integration of management system standards by users, a new common format has been developed by ISO to use in all management system standards. This is known as Annex SL or the High Level Structure and provides a standardized core text and structure for all ISO management system standards. The structure of Annex SL and therefore all ISO management system standards in the future is: Clause 1 Clause 2 Clause 3 Clause 4 Clause 5 Clause 6 Clause 7 Clause 8 Clause 9 Clause 10 Scope Normative references Terms and definitions Context of the organization Leadership Planning Support Operation Performance evaluation Improvement The fundamental objective of ISO 9001 however remains the same, which is to provide confidence in the organization s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Why is managing risk important in a quality management system? Risk-based thinking is something we all do automatically and often sub-consciously to get the best result. The concept of risk has always been implicit in ISO 9001 this revision makes it more explicit and builds it into the whole management system. Risk-based thinking ensures risk is considered from the beginning and throughout the process approach Risk-based thinking makes proactive action part of strategic planning Risk is often thought of only in the negative sense. Risk-based thinking can also help to identify opportunities. This can be considered to be the positive side of risk. One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to risk, rather than treating it as a single component of a quality management system. In previous editions of ISO 9001, a clause on preventive action was separated from the whole. Now risk is considered and included throughout the standard. By taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement. For all types of organizations, there is a need to understand the risks being taken when seeking to achieve objectives and attain the desired level of reward. Organizations need to understand the overall level of risk embedded within their processes and activities. The concept of risk in the context of ISO 9001 relates to the uncertainty of achieving the objectives of the system, which is to provide products and services that conform to customers requirements. By understanding those risks and exploring ways in which the risks can be mitigated, the organization will also have an opportunity to drive change and improvement. Also remember that as Annex SL is the framework for all ISO management system standards, risk will be a common theme across them all. In this context it may be worth considering taking an enterprise-wide approach to Risk Management to assist future integration.

How is risk being incorporated into the new ISO 9001:2015 standard? In the Introduction the concept of risk-based thinking is explained. In Clause 4 the organization is required to determine the risks which can affect its ability to meet the system objectives. It recognizes that the consequences of risk are not the same for all organizations. For some, the consequences of delivering a non-conforming product are minor; for others the consequence can be fatal. So risk-based thinking means considering risk quantitatively as well as qualitatively, depending on the business context. In Clause 5 top management is required to demonstrate leadership and commit to ensuring that risks and opportunities that can affect the conformity of a product or service are determined and addressed. So in effect we have the PDCA (Plan, Do, Check, Act) cycle applied to risk. Act Implement changes to your approach and continually review opportunities for improvement Plan Gain leadership commitment. Identify and assess risks. Create plan to address risks and opportunities In Clause 6 the organization is required to take action to identify risks and opportunities, and plan how to address the identified risks and opportunities. Clause 8 looks at operational planning and control. The organization is required to plan, implement and control its processes to address the actions identified in Clause 6. In Clause 9 the organization is required to monitor, measure, analyze and evaluate the risks and opportunities. In Clause 10 the organization is required to improve by responding to changes in risk. Check Monitor your plans through measurents, internal audit and reporting Do Implement your plan to mitigate risks., through communication, training and controls What are the benefits? The outputs from successful risk management include compliance, assurance and enhanced decision-making. These outputs will provide benefits by way of improvements in the efficiency of operations, effectiveness of tactics (change projects) and the efficacy of the strategy of the organization. By considering risk throughout the organization, the likelihood of achieving the stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product or service. Risk-based thinking therefore: Establishes a proactive culture of improvement Assures consistency of quality of goods or services Improves customer confidence and satisfaction Builds a strong knowledge base Proactively improves operational efficiency and governance Builds stakeholder confidence in the use of risk techniques Enables organizations to apply management system controls to analyze risk and minimize losses Improves management system performance and resilience Enables organizations to respond to change effectively and protect their business as they grow

What does this mean for organizations and how can they prepare? For many organizations this will be business as usual. But if it s not, they ll need to start using a risk-driven approach in their organizational processes: Identify the risks and opportunities This will of course depend on the context of an organization and its appetite for taking risks. Analyze and prioritize risks and opportunities. What is acceptable, what is unacceptable? What advantages or disadvantages are there to one process over another? Plan actions to address the risks. How can risk be avoided or eliminated? How can risks be mitigated? Implement the plan. Take the necessary actions. Check the effectiveness of the actions. Does it work? Audit the approach, learn from experience, continually improve and also continue to consider innovative opportunities. Reasons to consider ISO 31000 ISO 9001:2015 does not require a formal risk assessment or a specific single document. The information must be kept and available, and could be electronic, audio, video, written or any other type of media. ISO 31000 (Risk management: Principles and guidelines) may be a useful reference for organizations looking for a more formal enterprise-wide risk process, but it s not obligatory. Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty. ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. ISO 31000 gives a useful list on how to deal with risk: Avoiding risk by deciding not to start or continue with the activity that gives rise to the risk Accepting or increasing the risk in order to pursue an opportunity Removing the risk source Changing the likelihood Changing the consequences Sharing the risk with another party or parties (including contracts and risk financing) Retaining the risk by informed decision Using the right solution to manage risk Companies are constantly looking for solutions that can improve business, enhance their operations, and optimize business performance. In today s market, success hinges on developing competitive advantage and profitability while demonstrating good corporate governance. Carefully calculating risk, going beyond the expected, and creating an environment for innovation are what generate the excellence needed to create that edge. Experience teaches that the more successful businesses imbed best practice holistically across the entire organization, not just in one specific area. Instituting an enterprise-wide strategy breaks down long established silos separating departments and divisions, and, for many organizations, can represent a significant change in corporate culture. Initiating such culture change can be a challenge. An effective and successful transition requires a bold, well-planned, demonstrable commitment to enhance systems and critical processes that drive long-term sustainable performance and create a gateway to excellence. Organizations must ensure that institutional knowledge is captured, analyzed, managed, and improved upon so that they can be best in class. Businesses need tools that drive continual business improvement, delivering real-time visibility and providing a consistent framework for automation. Purpose-built software provides your risk team with a complete view that is shared among auditors, managers, and executives in real-time so more effective collaboration can occur on issues that pose risk to the business.

Conclusion Risk-based thinking is not new Risk-based thinking is something you do already Risk-based thinking is continuous Risk-based thinking ensures greater knowledge and preparedness Risk-based thinking increases the probability of reaching objectives Risk-based thinking reduces the probability of poor results Risk-based thinking makes prevention a habit Why BSI? At BSI we create excellence by driving the success of our clients through standards. We enable others to perform better, manage risk and achieve sustainable growth. For over a century our experts have been challenging mediocrity and complacency to help embed excellence into the way people and products work. We make excellence a habit. Our products and services We provide a unique combination of complementary products and services, managed through our three business streams: Knowledge, Assurance and Compliance. Knowledge BSI works with business experts, government bodies, trade associations and consumer groups to capture best practice and structure the knowledge all organizations need to succeed. The majority of the widely used and implemented international standards were originally shaped by BSI, for example ISO 9001 Quality Management and ISO/IEC 27001 for Information Security. Assurance Independent assessment of the conformity of a process or product to a particular standard ensures that our clients perform to a high level of excellence. We help our clients understand how they are performing, thereby identifying areas of improvement from within. Compliance To experience real, long-term benefits, our clients need to ensure ongoing compliance to a standard so that it becomes an embedded habit. We train our clients to understand standards and how to implement them, as well as provide added value and differentiated management tools to facilitate the process of ongoing compliance. To find out more visit: bsigroup.com/iso-9001-revisie bsigroup.nl BSI Group BSI/NL/642/SC/0715/nl/BLD

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information