For organizations who are completing or have completed their quality management system transition to the current ISO 9001:2015 and IATF 16949:2016 standards, you are well aware by now that RISK takes center-stage in these latest requirements. For instance, ISO 9001 references risk (9) times in five different clauses of the standard, and IATF references risk over (50) times in all seven clauses.
So what does this highly emphasized four-letter word mean for businesses? It means risk-based thinking needs to be at the forefront of quality planning, which in turn will result in better decision-making and improved outcomes.
In ISO 9000:2015 Quality Management Systems - Fundamentals and Vocabulary, RISK is defined as the “effect of uncertainty”, where the effect can be thought of as a deviation (positive or negative) from the known (or expected). Uncertainty is defined as the state of deficiency of information related to its consequence. As such, risk is often characterized by reference to potential events and consequences.
So how does one go about applying risk-based thinking? Here’s a simple scheme that can be applied to all levels and processes of the business:
Analyze → Prioritize → Act → Evaluate → Repeat
Analyze – During risk analysis, you will identify and assess the probabilities and consequences of risk events should they occur. Risk analysis may occur using one or many methods. Luckily for businesses, the ISO/IATF standards do not specify the use of a particular risk-analysis method(s). However, keep in mind, there are various factors that can influence your selection of a risk-analysis method (i.e. availability of resources and information, complexity of the application, etc.).
Prioritize – Once the risk analysis has been completed, the results from this assessment are used to prioritize the risks by establishing an importance ranking. Don’t underestimate the importance of this prioritization because without it, risk mitigation results may prove to be ineffective. Also, risk prioritization becomes especially important for resource allocation purposes.
Act – Based on the risk analysis and prioritization, it’s critical to then take action(s) that will prevent, avoid or reduce the risk(s). This means a clear action plan, with responsibilities and due dates, needs to be defined; and then regular reviews and updates to the plan will need to be made, as appropriate. Don’t be hesitant to modify plans if it’s evident they won’t produce the results intended.
Evaluate – After action plans have been implemented, it’s imperative to follow-up and evaluate the actions taken to ensure they are truly effective. This last step is one that’s often taken lightly or even skipped, but it is as equally important as the other steps and shouldn’t be short-changed. If you don’t evaluate the effectiveness of the actions you’ve taken, the risks initially identified may ultimately present themselves, or new/unidentified risks may generate as an unintended outcome.
How will you make RISK take center stage in your business? Below are some key steps to help guide you in your continual pursuit of improvement.
Using Risk Analysis to Improve Quality Management Systems
- Step 1: Identify how your organization is applying risk-based thinking to key business processes.
- Step 2: Evaluate risk analysis methods that are appropriate for your organization and needs.
- Step 3: Develop and implement processes that support risk-based thinking in your business.
- Step 4: Analyze → Prioritize → Act → Evaluate → Repeat
Over the last 15 years, The Phoenix Group has partnered with various industry leaders to deliver quality systems consulting and assistance including gap analysis assessments, training, supplier audits, and project management.
If you’re interested in determining how The Phoenix Group can support your Quality Management Systems in aligning risk-based thinking to your quality planning, request a consultation with our team today.