Apply Risk-Based Thinking in ISO 9001:2015 Quality Processes -Part XII

There are twelve posts in this series. To read Part XI, please click here.

This is the final part in our series on how you might apply Risk Assessment techniques to meet the possible Risk Based Thinking (RBT) requirements of the forthcoming ISO9001:2015 standard. Events are moving along for the new version: the last formal draft of ISO/FDIS 9001 has just been issued, and final publication is scheduled on September 23rd 2015.

To close out the series we take another look at the 6 step process we're recommending and provide links to templates for documenting the outputs that we hope you will find useful. Click on the document icon to download the PDF.

1. Establish the context

This step determines the issues and requirements that can impact on the planning of the quality management system; including: (a) the main objectives and outcomes that are uncertain / subject to risk; and (b) the needs and expectations of the organization’s customers and other relevant interested parties; the products and services it provides; the complexity of processes it employs and their interactions; the competence of persons within or working on behalf of the organization; and its size and organizational structure.

An example statement of context template was introduced in Part X of the series and is available here.

2. Risk identification

This step involves selecting a suitable process for risk identification and for each quality process, identifying and numbering the risks. This process records the risks in a Risk and Opportunities Register (R&O Register) that would form an integral part of the Quality Management System.

We offer two supporting templates - a Risk Description Brainstorming Sheet and a Risks & Opportunities Register.

Risk Description Brainstorming Sheet:

Risks & Opportunities Register:

3. Qualitative risk analysis & risk evaluation

This step considers (for each risk) the effectiveness of the existing controls using a suitable effectiveness scale; the consequences (impact) for each risk; the likelihood of these consequences occurring; and the potential exposure were the controls in place to fail.

4. Semi-Quantitative risk assessment for systems and processes

A semi-quantitative measure of risk is an estimate derived using a scoring approach. Risk indices are used to rate a series of risks using similar criteria so that they can be more easily compared.

An example Semi-Quantitative Risk Assessment Calculator Template was introduced in Part XI of the series and is available here.

5. Risk-treatment

This step considers options for either avoiding or seeking the risk; changing the likelihood; changing the consequences; sharing the risk; or explicitly accepting the risk without further treatment.

We offer two supporting templates - a Risk Treatment Plan Template and a Risk Treatment Options Worksheet.

Risk Treatment Plan Template:

Risk Treatment Options Worksheet:

6. Monitoring & review

Periodically, the team will re-assess risks and decide whether new risks are affecting or could affect quality processes and systems as part of the cycle of continuous quality process improvement.