ISO 9001: 2015 and ISO14001: 2015 both emphasize risk-based thinking and this concept will be applied in other new versions of ISO management systems in the future. The understanding of risk-based thinking is very important for the implementation of ISO management system!
What is risk-based thinking? How can it be applied?
Risk-based thinking is not equal to Risk Management or Risk Assessment. They are not mandatory in the ISO standards. Companies do not need to have complicated risk models to fulfill the requirements of risk-based thinking, so that SMEs can base on to their resources to implement the management system that suits them.
Old versions of ISO 9001 and ISO 14001 have requirements on preventive action, but it no longer appears in the new versions as risk-based thinking already includes preventive action. Risk-based thinking is a precautionary concept, “think back and consider forth”. “Think back” is to identify and analyze the uncertainty which affect the business, “Consider forth” is to analyze the potential impacts of these factors on the business.
“There is threats , there is opportunity too “. The risk in ISO usually appears with opportunity. The uncertain factors are not necessarily negative or positive. The key is how the enterprises analyze the impacts of these factors and the kinds of actions to take.
A small and medium-sized company identified one of the company’s internal factors that affected its business: The excessive turnover of staff led to a shortage of staff, which affected the quality of service and morale of employees. It even led to a vicious circle and affected the operation of the company. After analyzing the causes of staff turnover, they found that the work was too simple and unchallenged. The action plan was to concentrate the loss of staff resources on potential employees to train them knowledge and skills to handle different tasks and raise their salaries at the same time. As a result, the work is no longer a single task, but also challenging, which aim to reduce the risk of staff turnover. The action plan shall also incorporate risk-based thinking. For example, there is risk that employees may not be competent enough to take care of a wide range of tasks. After specially selected and discussed with the them, the risk may not be significant and it is worth taking the risk to achieve the “opportunity” after analysis. After the implementation of the action plan, it is also necessary to evaluate the effectiveness of the result whether it achieves the expected goal. Risk-base thinking is applied throughout the process.
Risk-based thinking in ISO 9001: 2015 and ISO 14001: 2015 is incorporated in the entire standards, from context of organization, leadership by top management, planning, processes, analysis and evaluation of the effectiveness of actions and so on.
ISO 9001: 2015 and ISO14001: 2015 do not have strict restriction on risk-based thinking. As long as the enterprises properly implement the concept of risk and opportunity, it is not difficult to meet the requirements of ISO 9001: 2015 or ISO14001: 2015. More importantly, it helps companies improve the quality of products or services, and enhance the growth of business.