Every business faces risk. Why is it such a hot topic in business media?
The latest version of the International Organization for Standardization (ISO) 9001 now requires companies to address risk within the quality management system (QMS). Managing risk via the QMS was implied in previous versions of the standard but is explicit in 9001:2015.
Let’s start with a brief explanation from ISO’s paper, Risk-Based Thinking in ISO 9001:2015, published with the updated standard:
“Risk is inherent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system.” 1
RBT Benefits
While adhering to standards can require additional work, most companies benefit from meeting the requirements because of the order and stability they bring to business strategy, operations, and results.
Risk-based thinking offers benefits:
- Prevention: RBT helps reduce and eliminate delays, costs, and customer dissatisfaction caused by problems that should have been caught earlier in the planning and development stages of products and services.
- Identify opportunities: Every business process should include steps that explicitly ask the question, “Is there an opportunity here we might have overlooked?” when a problem or challenge is encountered. Many of the world’s greatest inventions have their origins in “mistakes.”
A Sample RBT Approach
Risk identified during day-to-day operations is typically addressed as a normal part of doing business through a company’s QMS. However, discovering risks that aren’t generated through day-to-day operations must be done through an orderly process. Here is a suggested approach.
To start with, most company risks stem from the relationships between the company and each of its stakeholders, especially in terms of what each wants or expects from the other.
The following sample table is one way to organize this information.
|
Key Stakeholders (KS) |
What Your Company Wants from Each KS in Order to Prosper |
What Each KS Wants from Your Company |
|
Customer(s) |
Revenue |
To buy from you / meet their need |
|
Shareholders |
Predictable funding |
To invest in you / increase their wealth |
|
Employees |
Productivity / innovation |
To work for you / have job/career |
|
Suppliers |
Quality / on-time delivery |
To supply to you / increase their revenue |
Once the table is completed, ask:
- What’s at risk if the expectations aren’t met?
- Which relationships are at risk and which aren’t? Why or why not?
- What’s the potential impact of the risk? How will it be dealt with?
Incorporating a similar chart and questions into strategic and operational discussions can go a long way to identifying risks early and dealing with them before their impact expands.
Summary
Regardless of the level of interest in ISO 9001, a systematic approach to identifying and addressing risk is essential to prevent or minimize undesired outcomes and to allow business leaders to be more confident when making decisions.
1 https://isotc.iso.org/livelink/livelink/open/tc176SC2public, ISO9001andRisk.docx
About the Author
Lori Cohen, president of Compass Quality Solution, is a Quality Management Consultant specializing in ISO-based Quality Management System implementation and improvement. Lori can be reached at lcohen@compassqs.com or 585-737-8441.