Risk management challenges #2: Implementing risk-based thinking in quality management systems

As a risk management coach I see first hand some of the challenges organisations have when it comes to risk management. Many of the challenges are recurring and seem to be present regardless of times and trends. Other challenges come with changes in standards and expectations from stakeholders.

A challenge that came with the ISO 9001:2015 was the implementation of risk-based thinking in quality management. When the 2015 version first came out there was a lot of upheaval about the term risk-based thinking and the stronger focus on risk management in the standard, and still quality managers are looking for answers on how to comply with the risk requirements in the standard.

Mastermind - sharing of good ideas

In my opinion, risk management has always been an important part of quality management, and the term risk-based thinking does not really introduce new angles to quality management. Firstly, quality management focuses on producing reliable results and establishing methods to weed out any non-conformances in the end product as early as possible. I am sure you’ve seen the graph that shows how the costs of non-conformances increases the further into the production line we go, on many occasions: Identifying a flawed design during production of drawings cost significantly less than identifying a flawed design in a nearly finished construction. This is risk management with the objective to deliver conforming products at the lowest possible cost.

A second, important aspect of risk management in quality management, is found in ISO 9001:2015’s requirement to evaluate context and stakeholders. As I see it, these activities are mainly representatives for the 7th quality management principle: Managing relations. We can to a certain degree control how we are affected by our context, how we are able to navigate our context and how we can communicate with different stakeholders to increase predictability in their actions and their attitudes towards our activities. By focusing on our relations and how they function we may decrease the uncertainty they represent, and establish a higher certainty with regards to reaching our own objectives. That is risk management!

The third aspect that I want to highlight is the ISO 9001:2015 requirement to assess risks affecting the management systems output requirements. Very often this means that organisations should evaluate their processes, identify areas of risk in their processes and then improve their processes by changing the level of risk they find.

I experience that these three aspects challenge many quality managers and leaders. They seem to think that it is necessary to establish extensive r