Informational Is Identification of Risks and Opportunities required for QMS Processes?

John C. Abnet

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Paul Simpson said:
I produced a short article on the 'risk and opportunity' piece on LinkedIn that may be of help.
Click to expand...
Thanks for sharing @Paul Simpson . Good reading.

From my experience (in automotive manufacturing and now as a consultant), I don't see failure to assess risks as much as I see simple confusion with the terms and requirements. Leadership of many (most?) organizations identify and manage risk every day. Some are relatively static (i.e. available workforce), others more dynamic (i.e. fuel surcharges). The METHODS that those organizations perform so called "RBT"....analyzing and managing risk, often vary considerably from company to company....industry to industry.
Regardless, organizations tend to read the standard and determine they need some ADDITIONAL method to articulate for the sake of the auditor. This often results in bulky, non-beneficial matrices with elaborate scoring ranking systems, that add (generally) a non-beneficial burden to one or two individuals....furthermore, these documents are (generally) not ".. .'integrated(ion into the organization’ business processes;".
Why? Because leadership recognizes that there is (generally) no benefit to that approach and they (leadership) become frustrated and jaded by the entire concept of being QMS certified. THIS, I argue is one of the greatest reasons that QMS,s "fail". No. Leadership. Buy-in.

When we take such every day concepts such as "process" and "risk" and give them catchy terms and make them a 'thing'
(i.e.
d) promoting the use of the process approach and risk-based thinking; , ...
...it results in the futile activities and leadership snubbing that I describe above. I. See. This. Daily.

Instead, what if the standard simply came out and stated something like....
- Develop and manage the QMS and the auditing of same around the organization's processes and not the clauses of the standard.
- Demonstrate how the organization analyzes and manages risk.

You know from my previous conversations Paul, that I am actually a fan of ISO9001 and believe it provides a good generic framework that allows/affords ANY industry to build an effective QMS.

Terms like "context of organization" (vs WHO are we....WHAT do we do...WHO cares....WHAT do they care about). and "process approach" and "risk based thinking" however, .....hmmmmm.

Be well.
 
tony s

tony s

Information Seeker
Trusted Information Resource
Is Identification of Risks and Opportunities required for QMS Processes?

If 0.3.2 (PDCA cycle) section of ISO 9001:2015 mentioned: "Plan: establish the objectives of the system and its processes..." and if risk is defined by ISO 31000:2018 as "effect of uncertainty on objectives", then it is very well possible that organizations will implement risk identification on QMS processes. Another reason for identifying risks on processes is that objectives are required to be set on relevant processes as per clause 6.2.1.

ISO/TS 9002:2016 did not only mention SWOT or PESTLE. It also mentioned FMEA, FMECA, HACCP, SWIFT, including brainstorming and consequences and probability matrices, in section 6.1.1. These tools are not just intended for strategic level purposes. Objective, as defined by ISO 9000:2015, is "results to be achieved" and includes a note that says "An objective can be strategic, tactical, or operational". Thus, in satisfying fully the intent of ISO 9001, organizations should not limit risk identification at the strategic level only.
 
Paul Simpson

Paul Simpson

Trusted Information Resource
John C. Abnet said:
Thanks for sharing @Paul Simpson . Good reading.
Click to expand...
Thank you. Despite appearances to the contrary I am interested in helping people to help people. :notme:

John C. Abnet said:
From my experience (in automotive manufacturing and now as a consultant), I don't see failure to assess risks as much as I see simple confusion with the terms and requirements. Leadership of many (most?) organizations identify and manage risk every day. Some are relatively static (i.e. available workforce), others more dynamic (i.e. fuel surcharges). The METHODS that those organizations perform so called "RBT"....analyzing and managing risk, often vary considerably from company to company....industry to industry.
Click to expand...
This is a factor of application of a generic standard like ISO 9001. While other sector-based standards (16949, AS 9100 etc.) can be more specific, 9001 has to apply to organisations of all shapes and sizes operating in all the relevant sectors across profit/not for profit ... you get the idea. What works for you rarely works for me. The principles are the same, however.
John C. Abnet said:
Regardless, organizations tend to read the standard and determine they need some ADDITIONAL method to articulate for the sake of the auditor. This often results in bulky, non-beneficial matrices with elaborate scoring ranking systems, that add (generally) a non-beneficial burden to one or two individuals....furthermore, these documents are (generally) not ".. .'integrated(ion into the organization’ business processes;".
Click to expand...
That is our job as quality professionals to look at what the organisation currently does and point to it saying 'That satisfies clause 6.1 of ISO 9001' (for example). I am no fan of adding words for words' sake or, worse still, unnecessary processes and activities.
John C. Abnet said:
Why? Because leadership recognizes that there is (generally) no benefit to that approach and they (leadership) become frustrated and jaded by the entire concept of being QMS certified. THIS, I argue is one of the greatest reasons that QMS,s "fail". No. Leadership. Buy-in.
Click to expand...
Most leaders buy into the concept of the QMS being certified. They know it puts a foot in the door when talking to a customer. What they don't like doing is activities that they see as not adding value to the business just because an auditor says so or, as some say quality professionals say, 'for ISO'.

John C. Abnet said:
When we take such every day concepts such as "process" and "risk" and give them catchy terms and make them a 'thing'
(i.e.
d) promoting the use of the process approach and risk-based thinking; , ...
...it results in the futile activities and leadership snubbing that I describe above. I. See. This. Daily.
Click to expand...
I can't speak to your experience, John. I get the point about labels and agree, to a point. The reason we do this is the same as for any other area of quality (or life). Labels help to capture some complex subjects and make them accessible. I'll make the point further in the next piece. If you don't believe me, have a look at other labels outside of ISO:
  • Six sigma
  • Lean
  • Quality 4.0

John C. Abnet said:
Instead, what if the standard simply came out and stated something like....
- Develop and manage the QMS and the auditing of same around the organization's processes and not the clauses of the standard.
- Demonstrate how the organization analyzes and manages risk.
Click to expand...
The process approach is much more than the clauses of ISO 9001. Clause 4.4.1 of ISO 9001:2015 simply summarizes the extent of the work involved in developing a QMS that is aligned around the organisation's processes.

You also can't use negatives in describing a requirement in ISO 9001.

Re risk: What I tried to do in the article is to explain that RBT in ISO 9001 is different from a 'full scale' risk management approach and especially Enterprise Risk Management. Nevertheless, as quality professionals, we should consciously be considering risk in all aspects of our quality control, quality assurance and quality improvement activities. I know when I started in quality a lifetime ago we made cables that we sold to utility providers and they othen buried them under the earth. It cost a lot more than the price of a cable to dig it up and replace it!

John C. Abnet said:
You know from my previous conversations Paul, that I am actually a fan of ISO9001 and believe it provides a good generic framework that allows/affords ANY industry to build an effective QMS.

Terms like "context of organization" (vs WHO are we....WHAT do we do...WHO cares....WHAT do they care about). and "process approach" and "risk based thinking" however, .....hmmmmm.

Be well.
Click to expand...
If the labels are the worst bit of ISO 9001 then I'm happy! :agree1:
 
You must log in or register to reply here.

Similar threads

Richard Regalado
6.1 Actions to address risks and opportunities to the ISMS
Replies
0
Views
679
Richard Regalado
Richard Regalado
L
AS9102 C requires a documented process to evaluate changes?
Replies
4
Views
403
louie22
L
S
ISO 9001 Quality Management System and its processes
2
Replies
16
Views
3K
John Broomfield
John Broomfield
P
Specific Software verification / validation requirements written in a standard?
Replies
5
Views
626
Tidge
T
C
AS 9100 D
Replies
6
Views
978
Big Jim
B
Top Bottom