There is a strong connection between quality management and risk management. In this article I will try to explain to you why you should not only look at the requirements in ISO 9001, but also give attention to the guidelines in ISO 31000 to ensure an holistic approach.
In February 2018 the new ISO 31000 Risk management guidelines will be ready. As in ISO 9001:2015 it will include an emphasis on context. The difference between ISO 9001 and ISO 31000 is however that context was given just as much attention in ISO 31000:2009, when the first version was released, as it will be in the new 2018-version.
In risk management, understanding context, understanding the organizations objectives and understanding stakeholders has been in focus for years. Both in establishing a risk management system and in assessing actual risks this has been emphasized. It is considered a prerequisite for success in risk management.
In reviewing the ISO/DIS 31000 I find, however, that there is an aspect that is becoming clearer; there is a stronger focus on dialogue with stakeholders in all steps. Communication and consultation with external and internal stakeholders is not a new concept in risk management, but up till now, the ISO 31000 has been given it more emphasize in the risk assessment process than in the development and design of the risk management system. In the new version of ISO 31000 consultation and communication with stakeholders also play a big part in the development of the system. This is an interesting way to go.
The concept of risk based thinking in ISO 9001 entails a great focus on context and stakeholders. The ISO 31000 is however a much better guideline for ensuring a two-way communication between the organization and its stakeholders because changes and development in the organizations surroundings are continuously taken into account.
I went ahead and made my own visualization of the building blocks ISO/DIS 31000 suggest be taken into account when we design our risk management systems. The result can be seen to the right.
I propose that the continuous two-way communication lines between leaders and stakeholders be taken into account also when you design your quality management systems. I believe you will experience an enhanced perspective of your customers, your markets and your internal affairs, and learn a lot more about what your customers want, how you can better navigate the market and how you can lean your operations by doing so.
Friday tip: In annex A in 31000:2009 there is an extensive description of attributes of risk management. If you don’t know how to approach the requirements in ISO 9001:2015 regarding risk based thinking, take a look there and find good description of what to look for when you want to discover if risk management is an integrated part of your system or not.