TUV Middle East

Member of TV NORD Group

ISO 9001:2015 & Risk Based Thinking

(based on ISO DIS 9001:2015)
By: Shibu Davies GM

Content

ISO 9001:2015 elements addressing risk management

Risk based thinking
Reason for risk based thinking (as per ISO)
Risk definition
Types of risk
Risk management frame work
Risk evaluation matrix
Risk register
Risk reporting / communication
Risk monitoring / review

TUV ME ISO 9001:2015 & Risk Management

ISO 9001:2015 ELEMENTS ADDRESSING RISK

MANAGEMENT
0.1 General QMS is influenced by the context of the organization, (b) particularly with
respect to the risks associated with its context and objectives
0.3 Process approach Management of the processes and the system as a whole can
be achieved using a PDCA methodology with an overall focus on risk based thinking
aimed at preventing undesirable outcomes
0.5 Risk based thinking full clause is about risk, key statement this international
standard makes risk-based thinking more explicit and incorporates it in requirements for
the establishment, implementation, maintenance and continual improvement of the
QMS
0.6 Compatibility with other management system standards:
- Processes for planning and consideration of risks and opportunities (Clause 6)
- However, this International Standard enables an organization to use the process
approach, coupled with the PDCA methodology and risk-based thinking to align or
integrate its QMS with the requirements of other management system standards as it
sees fit
3

TUV ME ISO 9001:2015 & Risk Management

ISO 9001:2015 ELEMENTS ADDRESSING RISK

MANAGEMENT
3.09 risk (various terms and definitions related to risk)
4.4 QMS and its processes for planning the organization shall determine (f) the
risks and opportunities in accordance with the requirements of 6.1, and plan and
implement the appropriate actions to address them
5.1.2 Customer focus Top management shall demonstrate leadership and
commitment with respect to customer focus by ensuring that (b) the risks and
opportunities that can affect conformity of products and services and the ability to
enhance customer satisfaction are determined and addressed
6.1 Action to address risks and opportunities this full clause is about risk
including PDCA elements of risk management
8.5.5 Post-delivery activities - In determining the extent of post-delivery activities that
are required, the organization shall consider (a) the risks associated with the products
and services
9.3 Management review The management review shall be planned and carried out
taking into consideration (d) the effectiveness of actions taken to address risks and
opportunities (see clause 6.1)
4

TUV ME ISO 9001:2015 & Risk Management

RISK BASED THINKING

identify and treat
risks

!!! risk management is an

integral part of any
organization's strategic
management. It is
the process whereby
organizations
methodically address the
risks attaching to
their activities with the goal
of achieving
sustained benefit within
each activity and
across the portfolio of all
activities !!!

objective of risk
management is
sustainability
risk management
should be an
ongoing process

TUV ME ISO 9001:2015 & Risk Management

integrate risk
management in to
the culture

responsibility shall
be assigned

better to define
and document

this is everyone's
responsibility
5

risk can be
internal or
external

this is a
preventive
measure

REASON FOR RISK BASED THINKING

(AS PER ISO)

Reason

Improve customer satisfaction and

confidence
Assure consistency of quality of the
product
Establish pro-active culture of prevention
and improvement
Successful companies intuitively take a
risk-based approach

TUV ME ISO 9001:2015 & Risk Management

RISK DEFINITION
Risk
Effect of uncertainty on an expected result
Note 1: An effect is deviation from expected positive or
negative
Note 2: Uncertainty is the state, even partial, of deficiency of
information related to, understanding or knowledge of, an
event, its consequence, or likelihood
Note 3: Risk is often expressed in terms of a combination of
the consequences of an event and the associated likelihood
occurrence
Ref.: ISO DIS 9000:2014

TUV ME ISO 9001:2015 & Risk Management

TYPES OF RISK

!!!
focus should be on product
for ISO 9001:2015
!!!

TUV ME ISO 9001:2015 & Risk Management

RISK MANAGEMENT FRAMEWORK

!!!
organization
can adapt the
framework
!!!

TUV ME ISO 9001:2015 & Risk Management

RISK EVALUATION MATRIX

!!!
organization
can adapt the
risk
evaluation
matrix
!!!

10

TUV ME ISO 9001:2015 & Risk Management

RISK REGISTER
Ref. #

Risk

Process

Mitigation

Rating

Contigency

Pro. Sev. Sig.

!!!
organization can
adapt the risk
register
!!!
Rating can be done
based on 3X3 matrix
or 5X5 matrix or any
suitable methods
Product related

11

Res. Risk Rating

Pro.

Sev.

Sig.

a. Avoiding risk
b. Taking risk in order to pursue an
opportunity
c. Eliminating the risk source
d. Changing the likelihood or consequences
e. Sharing the risk
f. Retaining risk by informed decision

TUV ME ISO 9001:2015 & Risk Management

Responsibility

This will be the risk

rating after the
implementation of
mitigation &
contingency plan

RISK REPORTING / COMMUNICATION

Internal
reporting /
communication

Share holders
Board of directors
Top management
Middle management
Other staff

External
reporting /
communication

Regulators
Associations
Other stake holders

!!!
organization can adapt according to the nature of business
!!!
12

TUV ME ISO 9001:2015 & Risk Management

RISK MONITORING / REVIEW

Monitoring
/ review

13

Did the intended result achieved

Did the mitigation and contingency plan
appropriate

TUV ME ISO 9001:2015 & Risk Management

Thanks
www.tuvme.com
www.tuv-nord.com