Certification Encyclopedia │ "Risk Management" in ISO9001 Quality Management System
Release Date:
2020-07-22 13:17
Source:
The risks in ISO9001 mainly refer to quality risks. The ISO9001:2015 standard contains many risk-based thinking elements. "Risk management" occupies a significant part of the ISO9001 standard. Here, the focus is on the definition of risk and related clauses.
◎ Planning
- - - Measures to address risks and opportunities
① Ensure that the quality management system can achieve its intended results
② Enhance beneficial effects
③ Avoid or reduce adverse effects
④ Achieve improvement
Risk management is a systematic procedure used to identify, assess, and control risks. It can be applied both prospectively and retrospectively. The risk management system should ensure: risks are identified, assessed, and controlled based on knowledge and process experience; controls should be linked to the ultimate objective of keeping risks within acceptable limits; the level, form, and documentation of the risk management process input should be commensurate with the level of risk.
◎ Definition of Risk
Risk refers to the effect of uncertainty.
Note 1: Effect means deviation from the expected, which can be positive or negative;
Note 2: Uncertainty is a state of having insufficient understanding or knowledge about an event, or even a partial result or possibility;
Note 3: Risk characteristics are generally expressed through possible events and consequences or a combination of both;
Note 4: Risk is usually described as a combination of the consequences of an event and the likelihood of its occurrence;
Note 5: The term risk is sometimes used only when there is a possibility of negative outcomes;
Risk management is the coordinated activity of directing and controlling an organization with regard to risk-related issues. It manages risk through identification, analysis, and evaluation to ensure whether corrective measures for risks are adopted.
Which clauses in ISO9001:2015 involve risk?
Introduction -- Explains the concept of risk-based thinking.
Clause 4 -- Requires the organization to determine QMS processes and address risks and opportunities.
Clause 5 -- Requires top management to:
-- Enhance the understanding of risk-based thinking;
-- Identify and address risks and opportunities affecting product/service conformity
Clause 6 -- Requires the organization to identify risks and opportunities related to QMS performance and develop appropriate responses.
Clause 7 -- Requires the organization to determine and provide necessary resources.
Clause 8 -- Requires the organization to manage its operational processes.
Clause 9 -- Requires the organization to monitor, measure, analyze, and evaluate the effectiveness of measures addressing risks and opportunities.
Clause 10 -- Requires the organization to correct, prevent, or reduce unintended results and improve the QMS, updating risks and opportunities.
Note: Risks always exist and require appropriate attention at all times (Clauses 7 and 8).
What types of risks can impact an enterprise?
○ Organizational risks: occur at the entity and activity levels of the organization;
○ Strategic risks: occur when the organization's strategic or business planning is insufficiently thorough;
○ Compliance risks: occur when legal and regulatory requirements are not met;
○ Operational risks: divided into seven categories related to the organization's procedures and measures.
1. Organizational Risks
Entity-level risks can be external or internal. External factors include technology, competition, and legal environment; internal factors include security, information systems, loss of goods in transit, changes in personnel capabilities and responsibilities, etc.
Activity-level risks affect individuals and departments, including omissions when inputting information or materials into systems; loss of shipping and receiving records; lax security controls; lack of skilled technicians; and employee negligence. If activity-level risks persist across organizational processes, they will eventually form entity-level risks.
2. Strategic Risks
Strategic risks refer to potential losses resulting from executing an unsuccessful business plan or strategy. Causes may include poor business decisions, ineffective execution, insufficient resources, or failure to adjust timely due to changes in the business environment.
3. Compliance Risks
Compliance risks relate to legal and regulatory requirements. Environmental, health, and safety requirements have always been a concern because issues in these areas can lead to fines, business suspension, or even criminal liability. Compliance with quality and environmental standards and regulations also falls within this scope.
Environmental risks include spills of hazardous liquids, emissions of hazardous gases, and improper disposal of solid waste. Situations may also include:
The procurement department switches from domestic to foreign suppliers;
Key environmental management personnel leave without timely replacement;
New materials are introduced without preparing relevant safety control records.
4. Operational Risks
Operational risks can be detailed in the following seven aspects:
(1) Management system risks
(2) Customer satisfaction risks
(3) Supply chain risks
(4) Revenue recognition risks affecting profit
(5) Information security risks
(6) Logistics risks
(7) Natural disaster risks
Related News
Related Downloads
Related News
undefined
Core Business
Company Overview
Contact Us
Address: No. 170 Beiyuan Road, Chaoyang District, Beijing, Triumph City (Triumph Center)Building C 17th Floor / Building F Room 303
Email:vip-market@uiiso.com
WeChat Official Account
Website QR Code
© 1999-2023 United Intelligence Certification Ltd Copyright United Intelligence Ltd
