Have you wondered what risk assessment has to do with the Quality Management System? Risk has always had a definite role in ISO standards, but newer versions of the standards have given risk a more prominent place. In the context of ISO 9001:2015, risk-based thinking replaces what was called the preventive action in the previous standard version.
Where ISO once gave the preventive action a separate clause, it now incorporates risk throughout. Risk-based thinking requires companies to evaluate risk when establishing processes, controls and improvements in a Quality Management System.
It encourages more internal and external partner focus as part of the adoption of a risk-based approach to quality management and emphasizes the importance of adopting a Quality Management System (QMS) as a strategic decision for an organization.
The following processes are identified as good places to look at risk and decide what to do about it. Assessing and dealing with the risks identified in these processes can improve your ability to deal with problems in a time-effective and less costly manner.
The idea is to think about what potential problems could occur and decide what to do about them, with acceptable decisions including risk avoidance, risk reduction and risk acceptance (e.g. if the cost to remove the risk is greater than the cost to fix the problem when it happens, accepting the risk might be a good decision).
Organizations must identify, understand, and control risks that can negatively impact their processes and the QMS. Few areas where risk appears in the new standard requirements include:
Organizational context: When you are looking in the context of the organization, ISO requires companies to identify risks that could impact their quality objectives.
Leadership: Your company’s management must commit to addressing risks and opportunities that could affect product quality.
Planning: This requires you to not just identify risks and opportunities, but also create plans for how to address them.
Operation: ISO requires you to implement and control the actions identified during planning steps.
Performance evaluation: Here’s where you track and analyze the risks and opportunities identified.
When something goes wrong, the worst part of the problem is that it wasn’t anticipated, and due to this, no one knows what to do about it yet. By adding risk assessment of your processes, especially at the planning stage, you can either take steps to ensure that anticipated problems don’t occur or have stepped in place to deal with them when they do.