Risk-Based Thinking & Process Approach – New Concepts In ISO 9001:2015

Risk-Based Thinking & Process Approach – Two New Concepts in ISO 9001:2015

Before moving forward, let us first understand two new concepts process approach and risk-based thinking which are also one of the three building blocks of this standard. The three building blocks are:

  1. PDCA
  2. Process Approach
  3. Risk-based Thinking

What is a process?

Set of activities, in which there are defined “inputs” which are interacting to give an “output”. The inputs can be anything like (raw material, information, investment) and output can be (finished product, processed data, profit).

What is the process approach?

The process approach means that an organization must be able to identify all the processes going on inside its QMS and be able to do their sequencing and interaction.

What is the benefit?

There can be several benefits you will see when you go on to implement the concept, for an instance, a few are defined here:

  1. Streamlining of the process
  2. Visual representation of the process becomes easy
  3. The overall system will be easier to understand
  4. The identification of the redundant process
  5. Implementation of any management system becomes more feasible

Steps of process approach:

Step No.Step NameElaboration
PLAN
01Determination of processes and their inputs and outputsFirstly, define those processes which are mandatory to satisfy the customer and meet the organization’s objectives
02Determination of interaction and sequencing of processesSecondly, define how these all processes fit together, how one process is adding value and connected with the other
03Performance and monitoring criteriaThirdly, define the criteria so you would answer these two questions: 1) Is the process completed? 2) How well is the process completed?
DO
04Making the resources availableIdentify what resources are required, for example, investment, infrastructure, people, knowledge, information, approvals, licenses, raw material, machinery, equipment training, And make them available.
05Designation of responsibilitiesTo complete each process there are numerous amount of tasks. Top management should assign each task to an individual, everyone must be trained and communicated on those tasks
06Address risks and opportunitiesFor every task, there should be some risks and opportunities associated. Here the action point is to address those risks, affix controls and lower the risk to the level at which it becomes acceptable for the company. However, this concept will be further elaborated in the next section “risk-based thinking”
CHECK
07Evaluation of processes and implement any changesWeigh the objectives vs reality. Identify if the intended planning is done accordingly or it requires any changes/alterations for further improvement
ACT
08ImprovementAfter the previous step if there are any findings, then changes to the process will be done and the overall system will be improved

Is the process approach worth the time?

The answer is “yes”. It is a detailed procedure, it will take time, a lot of observation, a lot of discussions, meetings, and brainstorming, which will lead you to a final overall picture of the quality management system which you are going to build. Things will become clearer, surely it’s worth the time.

How process approach identify redundant processes?

As you can see in the picture above, when we make the sequencing and interaction of the processes, we try to fit all the processes in their place then it becomes very clear to identify the redundant process i.e. the process which is not adding any value.

In other words, things are clearer and revision of the process becomes easier.

Risk-based Thinking:

This version of ISO 9001 introduced risk-based thinking. It is a mindset to promote, and proactively avoid shortcomings. It can be applied during the development of the quality management system.

It replaces the “preventive action” clause. The ISO 9001:2015 version doesn’t have a preventive action clause at all, risk-based thinking serves this requirement.

However, if you ask me to explain the concept in its simplest form, I will describe it in five words: “identifying what can go wrong?

What is new?

The main difference between risk-based thinking and preventive action is that preventive action is a “reactive approach” while risk-based thinking is a “proactive approach”.

This flow chart depicts a reactive approach – preventive action, let us break it down into steps:

  1. In a procedure, we have inputs, processes, and output,
  2. Audit: After the output, we verify the process against the defined criteria and if the criteria are fulfilled it is conformance,
  3. NC: if the criteria are not fulfilled then it is a nonconformance (NC), after the NC we usually rectify the issue by corrective action (CA), however, the process doesn’t stop at CA
  4. Root cause analysis (RCA): After CA comes the RCA, in which we find out the root cause of the real problem which is initiating the nonconformity
  5. Preventive action: When we take action on the “cause” identified by the RCA, this is called preventive action and after the preventive action usually 90% of the issues are resolved

However, this is the “reactive approach” because things are initiated after the arising of the issue.

What is the proactive approach?

The step by step breakdown of the risk-based thinking is given below:

  1. Identification of the “things that can go wrong: We start our planning by keeping the risks in mind
  2. The next step is called “evaluation of risks” in which we evaluate if the risk is high or low
  3. If the risk is low, we can ignore it or accept it – this is called “acceptable risk”
  4. If the risk is high then we have to mitigate it
  5. We can mitigate it by putting controls

Thus, the major portion of the risk is controlled.

The concept and working of risk-based thinking are not limited to only the development of the mindset but it also includes the following steps which we will discuss during the elaboration of the clause 6:

  1. Risk and opportunity
  2. Assessment of risks
  3. Risk management
  4. What is risk evaluation
  5. How to address risks / what are the risk mitigation techniques
  6. How to make the most of opportunities

Other Post

View All

Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook Twitter Youtube Linkedin Instagram

2024 © ISO9001Learning.com. All rights reserved.