Scribd
Upload
66 views5 pages

Iso 9001:2015 Iso 14001:2015

The document discusses risk-based thinking as explained by ISO standards. It states that ISO 9001:2015 and ISO 14001:2015 have shifted the intent of ISO management systems towards risk-based decision making. Risk-based thinking requires decisions to consider the effect of uncertainty on intended outcomes. While formal risk assessments are not required, they are highly recommended to consistently make the right decisions. The document provides guidance on getting started with risk-based thinking, from learning the basics to evaluating risk management processes.

Uploaded by

jaxf001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
66 views5 pages

Iso 9001:2015 Iso 14001:2015

The document discusses risk-based thinking as explained by ISO standards. It states that ISO 9001:2015 and ISO 14001:2015 have shifted the intent of ISO management systems towards risk-based decision making. Risk-based thinking requires decisions to consider the effect of uncertainty on intended outcomes. While formal risk assessments are not required, they are highly recommended to consistently make the right decisions. The document provides guidance on getting started with risk-based thinking, from learning the basics to evaluating risk management processes.

Uploaded by

jaxf001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

http://www.linkedin.

com/pulse/risk-based-thinking-explained-craig-briggs

Industry is buzzing with chatter about the substantial changes the


International Organization for Standardization is making, and will continue
to make, to its management system standards. ISO 9001:2015 and ISO
14001:2015 have already stirred pertinent questions and debate about their
enhancements; showing the strong move towards enhancing accountability,
broadening stakeholder consideration and using good governance to
improve the way organisations perform. The intent behind ISO
management systems is shifting, and shifting fast.
The ability of organisations to prove conformance by simply fulfilling basic
substantive requirements is now a thing of the past. Leadership is being
forced to actively engage issues around Quality, Environmental and other
“non-financial risk” areas of performance, and it is the unassuming concept
of risk-based thinking which is making this all possible.

Those people not familiar with governance frameworks and the value and
importance of corporate sustainability have probably not encountered the
idea behind risk-based thinking and as a result its adoption can be a fairly
daunting task. Thankfully risk-based thinking does not have to be and is
not intended to be complicated, cumbersome or difficult. The idea is
simple, make decisions based on the risks involved.
 

Risk is the tangible representation of the outcome(s) of unexpected or


undesired events. It exists against a background of uncertainty; being a
state of deficiency of information, understanding or knowledge. This state
of deficiency, even partial, pertains to a circumstance, situation or event, its

consequence or its likelihood.

Risk can therefore be understood as being the effect of a deviation from


what we expect or desire to happen, based on factors over which we have
insufficient or inadequate control; due to a state of deficiency. In reality this
is understood more simply as “what, where, why, how can something go
wrong and how much will it cost”.

Globally the most commonly adopted definition of risk is that it is the


“effect of uncertainty on objectives” (ISO Guide 73). We therefore manage
risk so as to better achieve our objectives and herein enters the idea of risk-
based thinking. Sufficient understanding of uncertainty is clearly required
in order to make consistently good decisions about how to cope with the
Volatile, Uncertain, Challenging and Ambiguous conditions challenging
business performance. Specifically, decision makers must understand the
nature and source of the uncertainty, the related potential deviations which
could occur, the likelihood of such deviations and the impact of those
deviations on expected outcomes.
 

Risk-based thinking does not demand advanced or complex risk


assessments or formal risk management processes and systems. Risk-based
thinking requires only that decisions taken to satisfy requirements
(customer, legal or any other stakeholder requirements) are taken with
consideration of the effect that uncertainty may have on the intended
outcomes. In practice it would be near impossible to consistently make the
right decision without a formal means of acquiring the information needed
to do so. As a result, although formal risk management and assessments are
not explicitly required by ISO 9001:2015, ISO 14001:2015 or most other
High Level Structure international standards they are highly
recommended.

The trick for every organisation is


to understand their risk environment. They should decide whether a
rudimentary or detailed risk programme would best suit their stakeholders
needs and expectations, whether qualitative or quantitative assessments
would be most appropriate, understand the quantity and detail of data
available for assessments and the capabilities of their employees to support
the risk management processes. ISO 31000:2009 is the most widely used
guide for risk management and is a framework appropriate to any
organisation, of any size, in any industry. 
 

So if you’re wondering where to begin, here’s what you should do:

 Start by learning about risk and risk assessments, but be wary of courses or
info that’s limited to one or two risk types, like compliance or health and safety. To
be truly beneficial your risk assessments should be designed and performed to
create value in all areas of the organisation and to allow decisions to be taken about
all the risks affecting performance. Specifically, look for dealing which enterprise
risk management or enterprise risk assessments.
 Next, apply what you have learned to analyze the risk related needs of your
organisation. Here you should pay attention to the resources available and the
outputs required so you can decide which and which combination of assessment
techniques you should be using.

 Once you know what you want and how you plan to achieve it, start
performing your risk assessments, gathering the necessary information and making
recommendations. As you do this you will most probably find the need to
formalize aspects of the decision making as well and may also find an opportunity
to improve the risk assessments through a defined risk management process.

 Finally, you should evaluate the results of your efforts and make changes
and improvements to your risk management and risk assessment processes. Here
you will already see value, but will identify ways of growing or increasing that
value. This needs to be shared internally to help promote wider adoption of the
risk-based approach.

The intention of risk-based thinking is not to make anything more


complicated or to create extra work. Rather, risk-based thinking makes
decision making easier by removing the biases that prevent us from acting
consistently. See this move as one of value creation, keep the end in mind
and make the right choices for all of your organisation’s stakeholders.

For more information about enterprise risk assessor, enterprise risk


management, corporate governance or ISO management system standards
training or consulting you can contact Risk ZA Corporate Sustainability by
email ([email protected]) or by phone (0860 642 435 / 031 569 5900).

You might also like