Risk-based thinking is an approach to managing quality that focuses on identifying potential problems before they occur. It involves taking a systematic look at how products or services are produced and then considering what could go wrong and what steps can be taken to reduce the likelihood of this happening.
By implementing risk-based thinking into your Quality Management System, you can create a culture where staff members feel comfortable discussing risks and managers have the tools to take action when necessary. The risk-based thinking process helps organizations think through risks by considering them holistically.
Risk-based thinking helps organizations make better decisions, improve performance, and reduce the likelihood of future problems occurring.
Your risks depend on the context of the organization
The risk-based approach of ISO 9000:2015 requires the organization to understand its context (see clause 4.1) and determine the risks and opportunities that need to be addressed (see clause 6.1).
This means that each organization must identify their own unique set of risks and opportunities. To do this, ask questions such as:
- What are our customers’ expectations?
- How does our business operate?
- What are our capabilities?
- What are our resources?
- Where will our growth come from?
- What are our goals?
- What are our priorities?
- What are our values?
- What are our beliefs?
- What are our assumptions?
- What are our competitors doing?
- What are our suppliers telling us?
- What are our employees saying?
- What are we hearing from our stakeholders?
- What are our partners telling us?
- What is going on in the industry?
- What are the trends?
- What are our internal strengths and weaknesses?
- What are our external opportunities and threats?
Risk-based Thinking as Stated in ISO 9001:2015
There is one important clause of ISO 9001:2015 that specifically mentions risk-based thinking.
Clause 5.1.1 d (Leadership) promoting the use of the process approach and risk-based thinking;
In addition, there are various mentions of risks and opportunities in the standard. For example:
Clause 6.1 is on planning actions to address risks and opportunities. These actions should be proportional to the impact on products and services.
Clause 5.1.2 requires top management to focus on the risks and opportunities affecting product conformity and customer satisfaction.
Clause 9.1.3 requires analyzing and evaluating the effectiveness of actions to address risks and opportunities.
Clause 9.3.2 requires the effectiveness of addressing risks and opportunities to be a part of the management review inputs.
Clause 10.2.1 e requires updating risks and opportunities identified as a part of planning, based on nonconformities and corrective actions.
ISO 9001:2015: Risk-Based Thinking vs. Preventive ActionRisk-Based Thinking is the New Preventive Action. The risk-based thinking process is a systematic method for identifying risks, analyzing them and then taking action to reduce or eliminate their impact on your business. It provides you with a framework to identify risks, analyze them and take appropriate measures.
Like preventive action, risk-based thinking also focuses on potential problems that have not already occurred. The focus in both of these concepts is on finding out why the potential issue and then fixing it before it happens.
To summarize, risk-based thinking is an effective way for organizations to manage risks. It provides a systematic method for identifying risks and opportunities, taking appropriate measures to prevent or mitigate those risks, and monitoring progress toward achieving the objectives of the quality system.