Risk-Based Thinking & Process Approach – Two New Concepts in ISO 9001:2015

Risk-Based Thinking & Process Approach – New Concepts In ISO 9001:2015

Risk-Based Thinking & Process Approach – Two New Concepts in ISO 9001:2015

Before moving forward, let us first understand two new concepts process approach and risk-based thinking which are also one of the three building blocks of this standard. The three building blocks are:

  1. PDCA
  2. Process Approach
  3. Risk based Thinking

What is a process?

Set of activities, in which there are defined “inputs” which are interacting to give an “output”. The inputs can be anything like (raw material, information, investment) and output can be (finished product, processed data, profit).

What is the process approach?

The process approach means that an organization must be able to identify all the processes going on inside its QMS and be able to do their sequencing and interaction. Basically, showing the interaction of various processes visibly.

What is the benefit?

There are several benefits of implementing the concept of process approach, for example:

  1. Streamlining of the process
  2. Visual representation of the process becomes easy
  3. The overall system will be easier to understand
  4. The identification of the redundant process
  5. Due to these steps, implementation of any management system becomes more feasible

Steps of process approach:

Step No. Step Name Elaboration
01 Determination of processes and their inputs and outputs Firstly, define those processes which are mandatory to satisfy the customer and meet the organization’s objectives
02 Determination of interaction and sequencing of processes Secondly, define how these all processes fit together, how one process is adding value and connected with the other
03 Performance and monitoring criteria Thirdly, define the criteria so you would answer these two questions: 1) Is the process completed? 2) How well is the process completed?
04 Making the resources available Identify what resources are required, for example, investment, infrastructure, people, knowledge, information, approvals, licenses, raw material, machinery, equipment training, And make them available.
05 Designation of responsibilities To complete each process there are numerous amount of tasks. Top management should assign each task to an individual, everyone must be trained and communicated on those tasks
06 Address risks and opportunities For every task, there should be some risks and opportunities associated. Here the action point is to address those risks, affix controls and lower the risk to the level at which it becomes acceptable for the company. However, this concept will be further elaborated in the next section “risk-based thinking”
07 Evaluation of processes and implement any changes Weigh the objectives vs reality. Identify if the intended planning is done accordingly or it requires any changes/alterations for further improvement
08 Improvement After the previous step if there are any findings, then changes to the process will be done and the overall system will be improved

Is the process approach worth the time?

The answer is “yes”. It is a detailed procedure, it will take time, a lot of observation, a lot of discussions, meetings, and brainstorming, which will lead you to a final overall picture of the quality management system which you are going to build. Things will become clearer, surely it’s worth the time.

How process approach identify redundant processes?

As you can see in the picture above, when we make the sequencing and interaction of the processes, we try to fit all the processes in their place then it becomes very clear to identify the redundant process i.e. the process which is not adding any value.

In other words, things are clearer and revision of the process becomes easier.

Risk Based Thinking:

This version of ISO 9001 introduced risk-based thinking. It is a mindset to promote, and proactively avoid shortcomings. Risk Based Thinking can be applied during the development of the quality management system.

It replaces the “preventive action” clause. The ISO 9001:2015 version doesn’t have a preventive action clause at all, risk-based thinking serves this requirement.

However, if you ask me to explain the concept in its simplest form, I will describe it in five words: “identifying what can go wrong?

What is new in Risk Based Thinking?

The main difference between risk-based thinking and preventive action is that preventive action is a “reactive approach” while risk-based thinking is a “proactive approach”.

This flow chart depicts a reactive approach – preventive action, let us break it down into steps:

  1. In a procedure, we have inputs, processes, and output,
  2. Audit: After the output, we verify the process against the defined criteria and if the criteria are fulfilled it is conformance,
  3. NC: if the criteria are not fulfilled then it is a nonconformance (NC), after the NC we usually rectify the issue by corrective action (CA), however, the process doesn’t stop at CA
  4. Root cause analysis (RCA): After CA comes the RCA, in which we find out the root cause of the real problem which is initiating the nonconformity
  5. Preventive action: When we take action on the “cause” identified by the RCA, this is called preventive action and after the preventive action usually 90% of the issues are resolved

For this reason this approach is considered as reactive as we only take actions after “identification of issues” not prior.

What is the proactive approach?

Below is the step by step breakdown of the risk based thinking:

  1. Identification of the “things that can go wrong”. Simultaneously, starting our planning by keeping the risks in mind.
  2. The next step is “evaluation of risks” in which we evaluate if the risk is high or low.
  3. We can ignore or accept the “low risks” – this is “acceptable risk”
  4. If the risk is high then we have to mitigate it
  5. Lastly, we can mitigate it by putting controls

This is how we control the major portion of the risks.

The concept and working of risk-based thinking are not limited to only the development of the mindset but it also includes the following steps which we will discuss during the elaboration of the clause 6:

  1. Risk and opportunity
  2. Assessment of risks
  3. Risk management
  4. What is risk evaluation
  5. How to address risks / what are the risk mitigation techniques
  6. How to make the most of opportunities

Other Post

View All

Leave a Comment

Your email address will not be published. Required fields are marked *