Académique Documents
Professionnel Documents
Culture Documents
If I cross a busy road with many fast-moving cars the risks are not the same as if the
road is small with very few moving cars. It is also necessary to consider such things as
weather, visibility, personal mobility and specific personal objectives.
Example:
It is UNACCEPTABLE to be injured.
It is UNACCEPTABLE to be late.
Reaching my goal more quickly must be balanced against the likelihood of injury. It is
more important that I reach my meeting uninjured than it is for me to reach my meeting
on time.
It may be ACCEPTABLE to delay arriving at the other side of the road by using a
footbridge if the likelihood of being injured by crossing the road directly is high.I analyse
the situation. The footbridge is 200 metres away and will add time to my journey. The
weather is good, the visibility is good and I can see that the road does not have many
cars at this time. I decide that walking directly across the road carries an acceptably low
level of risk of injury and will help me reach my meeting on time.
The Main Objectives Of ISO 9001 to provide confidence in the organization’s ability to
consistently provide customers with conforming goods and services and to enhance
customer satisfaction. The concept of “risk” in the context of ISO 9001 relates to the
uncertainty in achieving these objectives.
I move to the side of the road, check there are no barriers to crossing. I check there are
no cars coming. I continue to look for cars whilst crossing the road.
I repeat the plan over several days, at different times and in different weather
conditions. This gives me data to understand that changing context (time, weather,
quantity of cars) directly affects the effectiveness of the plan and increases the
probability that I will not achieve my objectives (being on time and avoiding
injury). Experience teaches me that crossing the road at certain times of day is very
difficult because there are too many cars. To limit the risk I revise and improve my
process by using the footbridge at these times. I continue to analyse the effectiveness
of the processes and revise them when the context changes. I also continue to
consider innovative opportunities:
can I move the meeting place so that the road does not have to be crossed?
can I change the time of the meeting so that I cross the road when it is quiet?
can we meet electronically?
DEFINITIONS
ISO 9001:2015 defines risk as the effect of uncertainty on an expected result.
Explanation:
Risk is the possibility of events or activities impeding the achievement of
an organization’s strategic and operational objectives. It is the volatility of potential
outcomes. Risk can be defined by two parameters
The organization must integrate the actions to address risks and opportunities into its
QMS processes using the PDCA cycle. Not all processes of a quality management
system represent the same level of risk in terms of the organization’s ability to meet its
objectives and the effects of uncertainty are not the same for all organizations. Each
organization is therefore responsible for the extent it applies risk-based thinking and the
actions it takes to address risk, including whether or not to retain documented
information as evidence of its determination of risks. 5.1.2—Leadership and
commitment with respect to the needs and expectations of customers
ISO 9001:2015, requires that when planning its QMS, the top management must
implement and promote a culture of risk-based thinking throughout the organization to
determine and address the risks and opportunities associated with providing assurance
that the QMS can achieve its intended result(s); provide conforming products and
services, enhance customer satisfaction; promote desirable effects and improvement;
and prevent, or mitigate, undesired effects.
This can be achieved by establishing process capabilities for each process from
manufacturing and assembly to packaging and product delivery and installation. The
computation of a simple indicator of process capability (Cp) or the adjustment of the
process capability toward a specification (Cpk) would help managers quantify their
process risk. The objective would be to achieve the highest economically feasible
capability for each process, thus minimizing the risk of producing so-called unintended
output.
The organization must integrate the actions to address these risks and opportunities
into its QMS processes using the PDCA cycle. Not all processes of a quality
management system represent the same level of risk in terms of the organization’s
ability to meet its objectives and the effects of uncertainty are not the same for all
organizations. Each organization is therefore responsible for the extent it applies risk-
based thinking and the actions it takes to address risk, including whether or not to retain
documented information as evidence of its determination of risks. When planning its
QMS, the organization must consider the risks and opportunities presented by external
and internal issues as well as the needs and expectations of interested parties, relevant
to its purpose and strategic direction Means to address risks may include avoiding risk,
taking risk in order to avail an opportunity, removing the source of the risk, changing the
likelihood or consequences, sharing the risk, or making an informed decision to retain
the risk. Opportunities can derive from favorable circumstances that can lead to the use
of new practices, launch new products, enter new markets, address new clients, reduce
waste or improve productivity, grow relationships, use new technology and other
desirable and viable opportunities to facilitate the organization in achieving its strategic
direction and enhance customer satisfaction.
Planning also requires monitoring and measuring these actions and gathering,
analyzing and evaluating appropriate data and information to determine the
effectiveness of such actions.
This planning must be periodically reviewed and updated as necessary when taking
corrective actions or at management reviews. These actions must be proportional to the
potential impact on the conformity of products and services.
Dates: As the register is a living document, it is important to record the date that
risks are identified or modified. Optional dates to include are the target and
completion dates.
Description of the Risk: A phrase that describes the risk.
Risk Type (business, project, stage): Business risks relate to delivery of
achieved benefit;, project risks relate to the management of the project such as
timeframes and resources, and stage risks are risks associated with a specific
stage of the plan.
Likelihood of Occurrence: Provides an assessment on how likely it is that this
risk will occur. Examples are: L-Low >30%)(, M-Medium (31- 70%), H-High
(>70%).
Severity of Effect: Provides an assessment of the impact that the occurrence of
this risk would have on the project.
Countermeasures: Actions to be taken to prevent, reduce, or transfer the risk.
This may include production of contingency plans.
Owner: The individual responsible for ensuring that risks are appropriately
engaged with countermeasures undertaken.
Status: Indicates whether this is a current risk or if risk can no longer arise and
impact the project. Example classifications are: C-current or E-ended.
Other columns such as quantitative value can also be added if appropriate.
Risk-driven approach in organizational processes.
Identify what risks and opportunities are – it depends on context. For example If I cross
a busy road with many fast-moving cars the risks are not the same as if the road is
small with very few moving cars. It is also necessary to consider such things as
weather, visibility, personal mobility and specific personal objectives.