Risk Management and ISO 9001 Quality Management

Defining Risk

The term risk can be defined as those factors that companies have little to no control of. Risk can further be described as a situation involving exposure to danger. The danger is the possibility of exposing someone or something of value to harm or loss. This definition also refers to the result of uncertainty in situations that can be avoided through pre-emptive action.

The presence of risk in running a business is not at the absence of opportunity. Although risks are often thought of only as hazards, they can present significant opportunities and possibilities. Some of these possibilities include organisational innovation and an increase in competitive advantages which can lead to short and long-term profitability.

If there are significant measures in place to ensure that the risk doesn’t threaten the continuity of the organization, the business can thrive in the long run. In order to successfully do this, businesses need to make sure that they are thinking about operations on a grounds level, which is the foundation of risk-based thinking.

What is risk-based thinking and how does it work?

What is risk-based thinking exactly, and how does it translate to mitigating and monitoring risk efficiently? Risk-based thinking involves using a systematic approach to management towards risk. This means that at every turn, the business already has a built-in system of protocol and a set of processes and systems to combat any risks that it may face. There is a reason why risk-based thinking is an approach revered and used by businesses everywhere, simply because it works. Risk-based thinking means that there’s no operating behind potential threats, but rather way ahead of them. It also means that there’s a designated unit of personnel dedicated to ensuring that effective quality management systems and protocols are in place, should any risks occur.

When businesses plan, implement and execute their strategic objectives and goals, they need to also account for outcomes and circumstances that can threaten the achievement of these ambitions. Using risk-based thinking methods means that the business protects its overall vision through monitoring potential threats at all levels. It also means that the business has assessed or has a way of assessing their processes, protocols and systems and is well aware of how these work and ultimately how these can potentially fail. Ventures that use risk based thinking have contingency plans and failsafe to these potential failures.

Using ISO 9001 quality management system to further risk-based thinking

ISO 9001 is an international standardised quality management system that helps organisations to analyse, control and improve their internal systems, processes, protocols and policies in preparation for any potential risks that the business may face. ISO 9001 encourages and promotes risk based thinking in six areas, namely:

1. Leadership
2. Context
3. Operation
4. Planning
5. Performance monitoring
6. Improvement

All area have specifically accounted for and discussed in each chapter of the ISO 9001 handbook.

Leadership’s role in implementing risk-based thinking

ISO 9001 holds top management responsible as the sole executors and implementers of systems, protocols, policies and processes. ISO 9001 also makes top management accountable for ensuring that these procedures yield the intended results and work in the way they have been designed to do so. By doing this, ISO creates a risk-based thinking leadership initiative as top management is held responsible for any shortcomings and failures in proper and adequate risk management strategies.

Using context to forward risk-based thinking ideologies

Establishing context is the first requirement of risk-based thinking and it is also a concept lauded by ISO 9001 which requires businesses to determine a process of monitoring and quality assuring management systems and the risks and opportunities associated with each of these. ISO requires businesses to separate their organisation and thereafter give various scenarios and contextual situations that may cause risks to occur and then analyse the businesses current processes and protocols towards that scenario. Thereafter, the business is required to further evaluate these processes and protocols to find their faults and weaknesses and then make changes and improvements from a contextual basis.

Planning for risk using risk-based thinking

According to ISO 9001, planning for risk is a form of quality management and doing so contextually ensures that the business’ quality management system is able to achieve its intended results by preventing or reducing the risk and also mitigating any of the potential side effects of an undesired outcome. ISO states that the only way to prepare for a risk is to know that it is coming, which is the sole foundation of risk-based thinking.

Operation strategies based on risk-based thinking

 ISO also requires businesses to approach their operational strategies in a risk-based thinking manner. This means that businesses need to implement processes, systems and protocols that assess the businesses risks and subsequently, its opportunities.

Performance Evaluation and Improvements founded on risk-based thinking

In order to ensure that their processes and systems are up to par with risk management initiatives, businesses are required to constantly monitor, measure and evaluate their risks and their opportunities. It means that businesses not only have to implement all these risk mitigation strategies, but also check them regularly to ensure they work then after making amendments and tweaks to further improve their durability, flexibility and elasticity.

Author: Avital Koren

Avital Koren

Avital is passionate about small business and working with entrepreneurs. She was the first to identify and address the needs of small businesses in management systems.

Learn more about Avital