Clause 6.1 Actions to address risks and opportunities

Clause 6.1 Actions to address risk and opportunities

Clause 6.1 Actions to address risks and opportunities

Addressing risk and opportunities are the main focus of this clause. This is the clause directly describing Risk-Based Thinking. We are going to define risk and opportunities below as per the ISO 9001:2015 standard:

  1. Risk: The effect of uncertainty. The possible dangers which can affect your business continuity or any of the aspects of the business like quality, delivery, etc. As per standard organizations should take measures to lower the risks.
  2. Opportunity: The actions which you can take to boost your business. As per the standard organization should focus on the

How to address risk and opportunities:

In clause 4.1 Understanding the organization and its context, we have discussed the issues, we have to look closely and from that, we can find out that some of the issues can be titled “risks”.

Now that we have found out all the risks then we have to address them. Clause 6.1.1 tells us that:

  • a) give assurance that the quality management system can achieve its intended result(s);
  • b) enhance desirable effects;
  • c) prevent, or reduce, undesired effects;
  • d) achieve improvement.

We have to plan the prevention and reduction of the “risks”, there are several techniques that are used to address those risks, however, the aim is what is mentioned in above points a, b, c, and d which I am summarizing below as:

“The risks should be addressed and all actions should be taken to minimize the effects so that those risks become less harmful and do not hinder the production and service provision, apart from lowering the risks, the opportunities must be exploited to get all benefits from them and eventually achieve improvement”

Risk Controlling Methods:

ISO 9001:2015 standard defines some of the mechanism through which we can control the risks. Here we will discuss them one by one:

Avoiding Risk:

Avoid risk, by not doing what you are going to carry out. This means completely abolishing the task that possesses the risk. The most radical approach. For example, a manufacturing company not pursuing manufacturing a product because of its lack of market.

Taking Risk To Pursue an Opportunity:

Most companies get monetary benefits when they take a risk. For example, construction companies take the risk by putting their machines, workforces, location, and finances in danger to construct a building, and once the task is done they earn by selling and renting the product. They are availing an opportunity because they have taken a risk.

Eliminating the Risk Source:

The risk can be eliminated when the risk sources are eliminated. By removing the hazard the risk is eliminated. For example, if the overall condition of the area is risky, then changing the location of the office will eliminate the risk source because in this case the source (the area) is changed.

Changing the Likelihood or Consequences:

To understand this, we have to first understand what is Likelihood and Consequences. Likelihood means how frequently that risk can affect us. And Consequences mean how high the damage will be. Below are the methods to change the rating of Likelihood and Consequences.

Sharing the Risk:

By a partnering with other parties, or involving insurance companies between them we can share the risk, also called “transfer of risk”. In “partnership”, two or more parties share the risk between them. Also, the best strategy would be to partner with someone who has the technical knowledge of the risk that you are going to have. Outsourcing the employees or renting the vehicle are some examples of sharing the risk.

Retaining Risk by Informed Decision:

Retaining risk also called “acceptable risk”. When you apply control to the risk and the risk lowers down. Sometimes the risk is not low to the extent you wanted and you have to accept the remaining risk. This is acceptable or retained risk.

After addressing the risks:

After the risk is addressed, we have to take two more steps, firstly we have to integrate those actions into our quality management system so that they can become part of the system and not a one-time activity.

Secondly, we have to find out whether those actions are effective or not. This means that we have to evaluate if those actions are actually bearing fruit or not. If yes, then make them part of the quality management system and if not, then some other actions can be formulated which can lower the risk.

Other Post


View All

Leave a Comment

Your email address will not be published. Required fields are marked *