What is requirement of Risk based Thinking in ISO 9001:2015 & ISO 14001:2015 ?
What is Risk? How to identify? How to assess and control?
How to incorporate Risk based thinking in to QMS & EMS?
Forget Fiverr : Fractional Employment the ins and outs
Risk based thinking
1. ISO 9001:2015 & ISO 14001:2015
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
2. ISO 9001 REQUIREMENTClause No Requirement
4.4.1 (f)
Quality management system and its processes shall Address the risks and opportunities as determined in
accordance with the requirements of 6.1.
5.1.1 (d) Leadership shall Promote the use of the process approach and risk-based thinking
5.1.2
Customer Focus -Ensure the risks and opportunities that can affect conformity of products and services and
the ability to enhance customer satisfaction are determined and addressed
6.1.1
While planning determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
6.1.2
The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
9.1.3 Analysis and evaluate the effectiveness of actions taken to address risks and opportunities;
9.3.2 Discuss the effectiveness of actions taken to address risks and opportunities in MRM.
10.2.1 e) update risks and opportunities determined during planning, whenever NC arises
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
3. ISO 14001 REQUIREMENT
Clause No Requirement
6.1.1
The organization shall determine the risks and opportunities, related to its environmental aspects (see
6.1.2), compliance obligations (see 6.1.3) and other issues and requirements, identified in 4.1 and 4.2, that
need to be addressed to:
- give assurance that the environmental management system can achieve its intended outcomes;
-prevent or reduce undesired effects, including the potential for external environmental conditions to affect
the organization;
-achieve continual improvement.
6.1.1
The organization shall maintain documented information of its risks and opportunities that need to be
addressed and process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are
carried out as planned
6.2.1
The organization shall establish environmental objectives at relevant functions and levels, taking into
account the organization’s significant environmental aspects and associated compliance obligations, and
considering its risks and opportunities.
Review changes in risks and opportunities in MRM
Note: 6.1.2
Significant environmental aspects can result in risks and opportunities associated with either adverse
environmental impacts (threats) or beneficial environmental impacts (opportunities).
Note: 6.1.3 Compliance obligations can result in risks and opportunities to the organization.
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
4. What is Risk?
effect of uncertainty on an expected result.
deviation from the expected, either positive or
negative.
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
5. How to Identify Risk & Opportunities?
SWOT Analysis
PESTLE Analysis
Brainstorming
Surveys
Interviews
Historical data on Failures
Organization's Records
Professional Expertise
On-Site Investigations
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
9. SWOT ANALYSIS-ORGANIZATION
Strengths Weaknesses
Monopoly in market Attrition
Wide market presence High Rejection
Opportunities Threats
New product introduction
Arrival of competitors
Change in design
Change in technology
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
10. SWOT ANALYSIS-QC/QA PROCESS
Strengths Weaknesses
time saving in production More paper work and high consumption of paper
Less chances of defects Spend More time searching documents
clarity for Quality control process No succession planning
improving productivity Shortage of multi skilled QC engineers
Inter departmental Communication
Manual communication -release of test
result/Material acceptance
Hand injuries while cable cutting
Opportunities Threats
On time delivery Delay in delivery
customer satisfaction customer dissatisfaction
Energy saving E&OSH incidents
Conservation of resources More Resource Consumption
Zero incidentents
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
11. SWOT ANALYSIS-PRODUCT
Strengths Weaknesses
New and innovative product High start up and R & D Cost
Customized product line
Opportunities Threats
Increase Lift Height
Color fades in extreme conditions
Reduce total weight Hydraulic cylinder failure
Ramasubramanian.s Management system
consultant/Trainer/Auditor+919952229598
13. RISK=IMPACT * LIKELIHOOD
Impact
5 Catastrophic
4 Significant
3 Moderate
2 Minor
1 Insignificance
Likelihood
5 Probable
4 Possible
3 Unlikely
2 Rare
1 Negligible
Risk Rating
>11 High
6 to 10 Medium
<6 Low
RISK ASSESMENT
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
14. RISK ASSESMENT
Reference
No Category Description Risk Owner Impact likelihood Risk Score
1 Quality
More paper work and high
consumption of paper
Manager-QC 4 5 20
2 Quality
Spend More time searching
documents Manager-QC 3 5 15
3 Quality
No succession planning,Shortage of
multiskilled QC engineers
Manager-QC 4 3 12
4 Quality
Manual communication -release of
test result/Material acceptance
Manager-QC 4 3 12
5 Quality
Hand injuries while cable cutting
Manager-QC 2 3 6
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
15. RISK MANAGEMENT
Actions to address risks/opportunities can include
• Avoiding Risk
• Taking Risk in order to pursue an opportunity
• Eliminating the Risk source
• Changing the likelihood or consequences
• Sharing the Risk
• Retaining Risk by informed decision
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
17. RISK MANAGEMENT
Mitigation 1 Mitigation 2 Mitigation 3
Monitor the
consumption of paper,
set bench marking for
paper consumption,
Reduce, reuse
and recycle paper
Implement
ERP/SAP for
eliminate paper
usage
Identify and Organize
relevant documents.
start
implementing 2S
of 5S
immediately
Implement
ERP/SAP for
automation of
documentation
Develop second line
person for all designees
Organize
trainings to
develop multi
skilled
employees
Reward and
recognize for multi
skilled / top
performers
Effective use of
mail/mobile
communication
Implement
ERP/SAP for
automation of
documentation
Provide Hand gloves and
enforce workers
Provide display
of Pictorial
representation/s
afe working
procedures
Train the operators
on safe working
practices
Reference
No Category Description
Risk
Owner
Impac
t
likelihoo
d
Risk
Score
1Quality
More paper work and
high consumption of
paper
Manager-
QC 4 5 20
2Quality
Spend More time
searching documents
Manager-
QC 3 5 15
3Quality
No succession
planning,Shortage of
multiskilled QC
engineers
Manager-
QC 4 3 12
4Quality
Manual communication -
release of test
result/Material
acceptance
Manager-
QC 4 3 12
5Quality
Hand injuries while
cable cutting
Manager-
QC 2 3 6
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
18. Where to Start?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
4.1 & 4.2 Needs & Expectation of Interested parties
List down all interested parties(Internal, external,
Legal & regulatory bodies)
Find all need and expectations of all interested parties
Assess Risk and opportunities in meeting them.
19. Where to Start?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
5.1.2 Customer Focus
Find all requirement for the products &
services(customer, Legal & your own)
List down all the processes for Meeting the
requirements
Assess Risk and opportunities in converting the inputs
in to outputs
20. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
6.1 Action to address Risk & Opportunity
Incorporate Mitigation action in to your
process/procedure wherever required.
Consider Risk mitigation as objectives wherever
required.
Monitor the Risk on regular basis.
21. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
9.1.3 Analysis and evaluation
Monitor the Risk on regular basis.
Analyze the effectiveness of the mitigation plan put in
place.
22. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
9.3.2 Management Review
Discuss the effectiveness of the mitigation plan put in
place.
23. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
10.2 Non conformity & Corrective action
Whenever Non conformity arises, check whether the
particular NC addressed in Risk Register?
If yes, investigate what went wrong with the mitigation
plan ?
If not include it with mitigation plan.
24. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
6.3 & 8.5.6 Changes in Risk & Opportunity
Asses Risk & Opportunities Whenever changes
happening in
Need & expectation of interested parties (4.0)
Leadership, policy, roles & responsibilities (5.0)
Objectives (6.0)
Resources(7.0)
Process /Operations(8.0)
& Update Risk mitigation plan.
25. What is Next?
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
Ensure your Risk Management plan is a dynamic one.
So you can achieve Continual Improvement….
26. ISO 9001 REQUIREMENT
Clause No Requirement
4.4.1 (f)
Quality management system and its processes shall Address the risks and opportunities as determined in
accordance with the requirements of 6.1.
5.1.1 (d) Leadership shall Promote the use of the process approach and risk-based thinking
5.1.2
Customer Focus -Ensure the risks and opportunities that can affect conformity of products and services and
the ability to enhance customer satisfaction are determined and addressed
6.1.1
While planning determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
6.1.2
The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
9.1.3 Analysis and evaluate the effectiveness of actions taken to address risks and opportunities;
9.3.2 Discuss the effectiveness of actions taken to address risks and opportunities in MRM.
10.2.1 e) update risks and opportunities determined during planning, whenever NC arises
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
27. ISO 14001 REQUIREMENT
Clause No Requirement
6.1.1
The organization shall determine the risks and opportunities, related to its environmental aspects (see
6.1.2), compliance obligations (see 6.1.3) and other issues and requirements, identified in 4.1 and 4.2, that
need to be addressed to:
- give assurance that the environmental management system can achieve its intended outcomes;
-prevent or reduce undesired effects, including the potential for external environmental conditions to affect
the organization;
-achieve continual improvement.
6.1.1
The organization shall maintain documented information of its risks and opportunities that need to be
addressed and process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are
carried out as planned
6.2.1
The organization shall establish environmental objectives at relevant functions and levels, taking into
account the organization’s significant environmental aspects and associated compliance obligations, and
considering its risks and opportunities.
Review changes in risks and opportunities in MRM
Note: 6.1.2
Significant environmental aspects can result in risks and opportunities associated with either adverse
environmental impacts (threats) or beneficial environmental impacts (opportunities).
Note: 6.1.3 Compliance obligations can result in risks and opportunities to the organization.
Ramasubramanian.s Management system consultant/Trainer/Auditor+919952229598
29. To know more:
Contact:
Ramasubramanian.s
E.Mail id:ramasubramanian.s@outlook.in
Mobile No:+919952229598/+919042006101
Ramasubramanian.s Management system
consultant/Trainer/Auditor+919952229598
30. Contact For
Implementation of Management systems like ISO
9001,14001,22000,22716,OSHAS 18001,BRC Food,BRC
IOP,USFDA/CGMP Complaince management,Social compliance
management like SEDEX,WRAP,SA8000,Sustainability
management,Legal complaince management Projects and
Certifications.
Training on various topics included ISO
9001,22000,14001,18001,BRC Food ,BRC IOP,TS 16949 awareness
training, Internal auditor training,HACCP,HIRA,Aspect &
Impact,ccGMP,USFDA Compliance
management,5S,TPM,TQM,7QC tools,Industrial safety,safety
audit,EHS compliance management,Industry specific Safety
trainings etc.
Internal audits,supplier audits,certification audits for ISO
9001,TS16949,ISO 22000,18001,14001,SA 8000,SEDEX,BRC Food
and BRC IOP,SEDEX,etc.
Ramasubramanian.s Management system
consultant/Trainer/Auditor+919952229598