6.1.1 Actions to Address Risk and Opportunity
The ISO 9001 standard was revised in September 2015 to include new additions to the clauses and requirements. One of the most significant additions to the standard, risk management, is included in Section 6.1. Risk management requires a shift in focus to consider risk factors when implementing a quality management system (QMS). An organization must identify and control the risks and opportunities that are unique to them and develop a planned approach to risk management. Proper implementation of risk management can be an essential tool for an organization’s long term growth and sustainability.
What is risk?
Risk is any possibility that can affect the organization’s ability to achieve their goals. Risks can yield good or bad outcomes, but uncertainty is still involved. An organization can use their raw data from section 4.1 and 4.2 of the standard requirements as a starting point to identify and develop risk and opportunities relevant to the organization.
Section 4.1 requires the organization to identify internal and external issues that are presented in the context of strengths, weaknesses, opportunities, and threats. The weaknesses and threats are equated to the risks that the organization should address and plan for.
Section 4.2 requires the organization to identify the expectations and requirements of their interested parties. When considering the risks and opportunities of interested parties, it is important to understand their expectations. It is also important to consider corrective actions in case of failure to meet their expectations. Corrective actions are aimed at eliminating the causes of nonconformance and thereby eliminating the risk. If the company does an effective job executing corrective actions, their overall risk would be minimized.
For more information about interested parties, see our previous blog post : Section 4.2 Understanding Interested Parties
Benefits
Risk management is a core leadership approach that ensures any potential threats to success are identified and dealt with before they derail the organization’s efforts. Here are some ways risk management is beneficial:
- It enhances everyone’s risk perception. In their day-to-day activities, employees at all levels start thinking about risk. In the process, they become better managers of the company’s resources and fully involved partners in its successes.
- It focuses the attention of the company on the things that matter the most. A strong method of risk management shows considerable risk and adversity. We can then apply a proportional amount of control to the most threatening risks.
- It helps to build a culture of prevention and risk management. The risk management process will gradually have an effect on the way employees think. It will not prohibit risk-taking, but will promote “informed risk-taking. With this system, all decisions are made while considering the inherent risks and potential benefits.
- It contributes to overall success. A properly implemented risk management system’s ultimate outcome is more success and less failure. The crises that seem to arise frequently in badly managed companies do not happen as often in an organization that has a risk management system.
While implementation of a risk management system can sound intimidating, it can actually be done with moderate effort. The alternative to establishing a risk management system, on the other hand, would be managing crises, which is far worse. Overall, an organization loses valuable time, resources, and credibility when having to do damage control on a problem that could have been prevented with a risk management system in place.