Risk Based Thinking is over. It's time for doing.
It has already been two years, since the latest edition of ISO 9001, ISO's flagship quality management systems standard, has been published. A lot of ink has been used since then to interpret, the innovative requirements that the new standard introduced. All the new concepts introduced - new to the ISO 9001 but not new as business concepts- aimed to keep the Standard current with business developments and still be consistent with its primary aim, i.e to provide confidence in the products and services thereby improve customer satisfaction. Concepts like Process Approach, Risk Based Thinking, Context of the organisation and Leadership, transformed the new Standard into a fresh and powerful framework for managing today's organisations.
Where does ISO 9001 new version stand today?
According to the latest ISO survey, released in September 2017, among the 1 million plus ISO 9001 valid certificates in 2016, only 80,500 certificates have been issued to the 2015 version. This shows that organisations take advantage of the transition period of three years to certify to the new version of the Standard. Now, this time is running out and organisations must make one critical decision.
Will the organisations embrace the new concepts for the sake of compliance or for the actual value?
Regarding the new concepts, there is one big question: Will the organisations take advantage of the new concepts and make the necessary changes to actually add value to their enterprises, or they will water everything down so as to achieve the minimum requirements for compliance to the new version of the Standard? This is a decision between getting the 'new ISO certificate' or getting better and more resilient.
One good example is the "Risk- based thinking" which was implicit in the previous versions of ISO 9001 and for the first time, the Standard diffuse risk management in its requirements. Although it doesn't specify the level of this risk based approach, the Standard provides of a free choice for organisations to choose how extensive their approach to risk will be. It is clear that this free choice cannot be used as an excuse to 'cheat'. The Standard offers the opportunity to leaders that up to now didn't embrace a Risk Based Thinking to start their efforts and cascade risk management in the organisation. For those organisations that have mature risk management frameworks, this is an excellent opportunity to showcase to external ISO auditors and put these frameworks under test.
Very closely and actually part of the Risk Based Thinking is the "Context of the organisation". No Risk Based Thinking can begin without setting the scene, i.e. where the organisation stands vis-a-vis strategic direction, objectives, stakeholders (internal and external) and ultimately what can impact these objectives, namely risk. ISO 9001 guides organisations to think issues relating to regulations, technology, competition, society, economy and other contextual variables.
Is 'Risk Based Thinking' an ISO exclusivity?
Risk management is key in today's business regulatory framework. Risk based approach is being included in regulations and other legislative actions, codes of conduct and trade associations around the globe. For example the General Data Protection Regulation (GDPR) requires explicitly, organisations to determine the risks related to the rights and freedoms of natural persons by reference to the nature, scope, context and purposes of the processing (Recital 76). Risk management resides in an increasing number of board rooms, it affects leaders decisions and it is required by customers and regulators.
It is evident that Risk Based Thinking is not another ISO template or a 'tick the box' exercise. It is a first class chance provided by the new era ISO Standards for organisations to transform their thinking, protect their value and enable growth, through the implementation of an effective risk management framework.
Share:
Διαβάστε Επίσης
Αποδεικνύεται κρίσιμο για την επαγγελματική επιτυχία και την ανάπτυξη των εταιρειών.
One of the most impactful strategies that organizations can employ