-
TUV Middle EastMember of TV NORD Group
ISO 9001:2015 & Risk Based Thinking(based on ISO DIS
9001:2015)
By: Shibu Davies GM
-
Content
ISO 9001:2015 elements addressing risk management Risk based
thinking Reason for risk based thinking (as per ISO) Risk
definition Types of risk Risk management frame work Risk evaluation
matrix Risk register Risk reporting / communication Risk monitoring
/ review
TUV ME ISO 9001:2015 & Risk Management2
-
ISO 9001:2015 ELEMENTS ADDRESSING RISK MANAGEMENT 0.1 General
QMS is influenced by the context of the organization, (b)
particularly with
respect to the risks associated with its context and
objectives
0.3 Process approach Management of the processes and the system
as a whole can be achieved using a PDCA methodology with an overall
focus on risk based thinking aimed at preventing undesirable
outcomes
0.5 Risk based thinking full clause is about risk, key statement
this international standard makes risk-based thinking more explicit
and incorporates it in requirements for the establishment,
implementation, maintenance and continual improvement of the
QMS
0.6 Compatibility with other management system standards:
- Processes for planning and consideration of risks and
opportunities (Clause 6)
- However, this International Standard enables an organization
to use the process approach, coupled with the PDCA methodology and
risk-based thinking to align or integrate its QMS with the
requirements of other management system standards as it sees
fit
TUV ME ISO 9001:2015 & Risk Management3
-
ISO 9001:2015 ELEMENTS ADDRESSING RISK MANAGEMENT 3.09 risk
(various terms and definitions related to risk)
4.4 QMS and its processes for planning the organization shall
determine (f) the risks and opportunities in accordance with the
requirements of 6.1, and plan and implement the appropriate actions
to address them
5.1.2 Customer focus Top management shall demonstrate leadership
and commitment with respect to customer focus by ensuring that (b)
the risks and opportunities that can affect conformity of products
and services and the ability to enhance customer satisfaction are
determined and addressed
6.1 Action to address risks and opportunities this full clause
is about risk including PDCA elements of risk management
8.5.5 Post-delivery activities - In determining the extent of
post-delivery activities that are required, the organization shall
consider (a) the risks associated with the products and
services
9.3 Management review The management review shall be planned and
carried out taking into consideration (d) the effectiveness of
actions taken to address risks and opportunities (see clause
6.1)TUV ME ISO 9001:2015 & Risk Management4
-
RISK BASED THINKING
TUV ME ISO 9001:2015 & Risk Management5
!!! risk management is an integral part of any
organization's strategic management. It is
the process whereby organizations
methodically address the risks attaching to
their activities with the goal of achieving
sustained benefit within each activity and
across the portfolio of all activities !!!
identify and treat risks
integrate risk management in to
the culture
risk can be internal or externalobjective of risk
management is sustainability
risk management should be an
ongoing process responsibility shall be assigned
better to define and document
this is a preventive measurethis is everyone's
responsibility
-
REASON FOR RISK BASED THINKING (AS PER ISO)
TUV ME ISO 9001:2015 & Risk Management6
Improve customer satisfaction and confidence
Assure consistency of quality of the product
Establish pro-active culture of prevention and improvement
Successful companies intuitively take a risk-based approach
Reason
-
RISK DEFINITION
TUV ME ISO 9001:2015 & Risk Management7
Risk
Effect of uncertainty on an expected result
Note 1: An effect is deviation from expected positive or
negative
Note 2: Uncertainty is the state, even partial, of deficiency of
information related to, understanding or knowledge of, an event,
its consequence, or likelihood
Note 3: Risk is often expressed in terms of a combination of the
consequences of an event and the associated likelihood
occurrence
Ref.: ISO DIS 9000:2014
-
TYPES OF RISK
TUV ME ISO 9001:2015 & Risk Management8
!!! focus should be on product
for ISO 9001:2015!!!
-
RISK MANAGEMENT FRAMEWORK
TUV ME ISO 9001:2015 & Risk Management9
!!! organization can adapt the
framework!!!
-
RISK EVALUATION MATRIX
TUV ME ISO 9001:2015 & Risk Management10
!!! organization can adapt the
risk evaluation
matrix!!!
-
RISK REGISTER
TUV ME ISO 9001:2015 & Risk Management11
!!! organization can
adapt the risk register
!!!
Ref. # Process Risk Mitigation Contigency
Pro. Sev. Sig.
Rating
Responsibility
Pro. Sev. Sig.
Res. Risk Rating
Rating can be done based on 3X3 matrix or 5X5 matrix or any
suitable methods
a. Avoiding riskb. Taking risk in order to pursue an
opportunityc. Eliminating the risk sourced. Changing the
likelihood or consequencese. Sharing the riskf. Retaining risk by
informed decision
This will be the risk rating after the implementation of
mitigation & contingency plan
Product related
-
RISK REPORTING / COMMUNICATION
TUV ME ISO 9001:2015 & Risk Management12
Share holders Board of directors Top management Middle
management Other staff
Internal reporting /
communication
Regulators Associations Other stake holders
External reporting /
communication
!!! organization can adapt according to the nature of
business
!!!
-
RISK MONITORING / REVIEW
TUV ME ISO 9001:2015 & Risk Management13
Did the intended result achieved Did the mitigation and
contingency plan
appropriate
Monitoring / review
-
Thankswww.tuvme.comwww.tuv-nord.com
TUV Middle EastMember of TV NORD GroupContentISO 9001:2015
elements addressing risk managementISO 9001:2015 elements
addressing risk managementRisk based thinkingReason for risk based
thinking (as per ISO)RISK Definition Types of riskRISK MANAGEMENT
FRAMEWORKRISK EVALUATION MATRIXRISK RegisterRISK REPORTING /
CommunicationRisk monitoring / reviewThanks
