In this final blog on the benefits of being accredited to ISO 9001:2015, we will discuss Risk Based Thinking (RBT) – a core element of ISO 9001:2015 – and the benefits it can bring to an organisation.
The only logical way to start a discussion on RBT is to understand the definition of the word RISK. The Oxford English Dictionary defines risk in a few ways:
- A situation involving exposure to danger
- The possibility that something unpleasant or unwelcome will happen
BS EN ISO 14971:2012, the ISO standard that relates the application of risk management to medical devices, defines risk as:
- Combination of the probability of occurrence of harm and the severity of that harm
As per the above definitions, risk is generally seen as a negative condition. ISO 9001:2015 takes a slightly different approach and defines risk as the effect of uncertainty, which includes negative factors (risks) and positive factors (opportunities). More information on ISO’s take on RBT can be found in ISO 9001:2015 clause 0.3.3 and appendix A, A.4.
RBT is not new; it has been implicit in previous revisions of ISO 9001. However, the main difference in ISO 9001:2015 is that the concept of RBT is explicit from the outset and is built into the entire Quality Management System (QMS). The new approach ensures that risk (positive or negative) is considered from the very beginning and forms part of strategic and operational planning activities. For example, you will find risk-based thinking is present in clauses 4 to 10 and is implied where the standard uses the following words: Determine, Suitable, Appropriate.
“That’s all very good but how do I actually do it?” I hear you say. The good news is that on a personal level you have already been doing it and may not recognise it as such. The easiest example and the one provided by the ISO Technical Committee ISO/TC/176 (responsible for producing ISO 9001:2015) is crossing the road! We don’t just walk out into the road hoping it will all work out. On a sub-conscious level we perform the following risk-based thinking:
- We plan the best place to cross the road i.e. between two cars or in a space with clearer visibility.
- We assess the risks involved i.e. number, type and speed of vehicles and the distance of the crossing compared with the speed we walk.
- We determine actions to address the risks i.e.
- Avoidance – Cross the road when it is quieter or take a different route to our destination.
- Elimination – Look for opportunities to eliminate the risk totally i.e. introduction of a pedestrian crossing or can we do on-line what we need to cross the road for?
- We prioritize and carry out actions or implement opportunities as planned.
- Once at the other side we wonder, “was that the best way to do that?”. If not, we analyse and improve our approach for next time.
The above is the same approach that ISO 9001:2015 requires of organisations when conducting its operations, for example: identify the risks & opportunities, prioritize & develop actions to address risks or implement opportunities, implement the actions, assess action effectiveness and finally learn from the situation and improve for the future.
Benefits of risk-based thinking include:
- Creating a QMS that is PROactive rather than REactive
- Establishing a culture of improvement
- Increased compliance
- Enhancing the consistency of quality products or services
- Improved customer confidence and satisfaction
To finish, I will leave you with a quote from Gary Cohn – an American investment banker who was also Director of the National Economic Council: “If you don’t invest in risk management, it doesn’t matter what business you’re in, it’s a risky business.”
Look out for the next blog from us here at Lorit Consultancy where we plan to discuss the application of risk management in industry.
By Stuart Hardie, Quality Management Consultant