Embed Size (px)
Citation preview
TUV Middle EastMember of TÜV NORD Group
ISO 9001:2015 & Risk Based Thinking(based on ISO DIS 9001:2015)
By: Shibu Davies – GM
Content
ISO 9001:2015 – elements addressing risk management Risk based thinking Reason for risk based thinking (as per ISO) Risk definition Types of risk Risk management frame work Risk evaluation matrix Risk register Risk reporting / communication Risk monitoring / review
TUV ME │ ISO 9001:2015 & Risk Management2
ISO 9001:2015 – ELEMENTS ADDRESSING RISK MANAGEMENT 0.1 General – QMS is influenced by the context of the organization, (b) particularly with
respect to “the risks associated with its context and objectives”
0.3 Process approach – Management of the processes and the system as a whole can be achieved using a PDCA methodology with an overall focus on “risk based thinking aimed at preventing undesirable outcomes”
0.5 Risk based thinking – full clause is about risk, key statement – “this international standard makes risk-based thinking more explicit and incorporates it in requirements for the establishment, implementation, maintenance and continual improvement of the QMS”
0.6 Compatibility with other management system standards:
- “Processes for planning and consideration of risks and opportunities (Clause 6)”
- However, this International Standard enables an organization to use the process approach, coupled with the PDCA methodology and “risk-based thinking” to align or integrate its QMS with the requirements of other management system standards as it sees fit
TUV ME │ ISO 9001:2015 & Risk Management3
ISO 9001:2015 – ELEMENTS ADDRESSING RISK MANAGEMENT 3.09 – risk (various terms and definitions related to risk)
4.4 – QMS and its processes – for planning the organization shall determine (f) the “risks and opportunities” in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them
5.1.2 Customer focus – Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that (b) “the risks and opportunities” that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed
6.1 Action to address risks and opportunities – this full clause is about risk –including PDCA elements of risk management
8.5.5 Post-delivery activities - In determining the extent of post-delivery activities that are required, the organization shall consider (a) the “risks associated with the products and services”
9.3 Management review – The management review shall be planned and carried out taking into consideration (d) the effectiveness of actions taken to address risks and opportunities (see clause 6.1)TUV ME │ ISO 9001:2015 & Risk Management4
RISK BASED THINKING
TUV ME │ ISO 9001:2015 & Risk Management5
!!! risk management is an integral part of any
organization's strategic management. It is
the process whereby organizations
methodically address the risks attaching to
their activities with the goal of achieving
sustained benefit within each activity and
across the portfolio of all activities !!!
identify and treat risks
integrate risk management in to
the culture
risk can be internal or externalobjective of risk
management is sustainability
risk management should be an
ongoing process responsibility shall be assigned
better to define and document
this is a preventive measurethis is everyone's
responsibility
REASON FOR RISK BASED THINKING (AS PER ISO)
TUV ME │ ISO 9001:2015 & Risk Management6
• Improve customer satisfaction and confidence
• Assure consistency of quality of the product
• Establish pro-active culture of prevention and improvement
• Successful companies intuitively take a risk-based approach
Reason
RISK DEFINITION
TUV ME │ ISO 9001:2015 & Risk Management7
Risk
Effect of uncertainty on an expected result
Note 1: An effect is deviation from expected – positive or negative
Note 2: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood
Note 3: Risk is often expressed in terms of a combination of the consequences of an event and the associated likelihood occurrence
Ref.: ISO DIS 9000:2014
TYPES OF RISK
TUV ME │ ISO 9001:2015 & Risk Management8
!!! focus should be on product
for ISO 9001:2015!!!
RISK MANAGEMENT FRAMEWORK
TUV ME │ ISO 9001:2015 & Risk Management9
!!! organization can adapt the
framework!!!
RISK EVALUATION MATRIX
TUV ME │ ISO 9001:2015 & Risk Management10
!!! organization can adapt the
risk evaluation
matrix!!!
RISK REGISTER
TUV ME │ ISO 9001:2015 & Risk Management11
!!! organization can
adapt the risk register
!!!
Ref. # Process Risk Mitigation Contigency
Pro. Sev. Sig.
Rating
Responsibility
Pro. Sev. Sig.
Res. Risk Rating
Rating can be done based on 3X3 matrix or 5X5 matrix or any suitable methods
a. Avoiding riskb. Taking risk in order to pursue an
opportunityc. Eliminating the risk sourced. Changing the likelihood or consequencese. Sharing the riskf. Retaining risk by informed decision
This will be the risk rating after the implementation of mitigation & contingency plan
Product related
RISK REPORTING / COMMUNICATION
TUV ME │ ISO 9001:2015 & Risk Management12
• Share holders• Board of directors• Top management• Middle management• Other staff
Internal reporting /
communication
• Regulators • Associations• Other stake holders
External reporting /
communication
!!! organization can adapt according to the nature of business
!!!
RISK MONITORING / REVIEW
TUV ME │ ISO 9001:2015 & Risk Management13
• Did the intended result achieved• Did the mitigation and contingency plan
appropriate
Monitoring / review
Thankswww.tuvme.comwww.tuv-nord.com
