This page contains a Flash digital edition of a book.
ISO 9001:2015 Addresses Risk. Is Your Organization Ready? Tracks


• Evaluating the performance of processes (also see clause 4.4).


• Ensuring conformity and effectiveness of the QMS. • Evaluating customer satisfaction.


Internal audit. Clause 9.2 says an organization must “plan, establish, implement and maintain an audit program,” and establish the “frequency, methods, responsibilities, planning requirements and reporting.” The audit program must consider the quality objectives, importance of the processes concerned, related risks and results of previous audits.


Risk-based approach. Section A4 of Annex A describes a risk- based management approach consisting of:


• Requiring the organization to understand its context consisting of internal and external issues.


• Understanding that one of the key purposes of a management system is to act as a preventive tool.


• Determining its risks and opportunities. • Addressing the risks and opportunities identifi ed. Applying Risk-Based Thinking


The four main types of risks that affect organizations could be characterized as:


1. Organizational risk, which occurs at the entity and activity levels.


2. Strategic risk, which happens when an organization’s strategy or business plan is inadequate.


3. Compliance risk, which involves failure to comply with legal and regulatory requirements.


4. Operational risk, which includes seven subcategories related to an organization’s procedures and actions.


1. Organizational Risk


Entity-level risks can be external or internal. External factors include technology, competition and legislation. Internal factors involve security, information systems, lost shipping and receiving, personnel competence and changes in responsibilities.


Activity-level risks affect individual units or functions, and include things such as information or materials not entered into the system, lost receiving reports or shipping records,


42 November/December 2015


poor security control, inadequate skilled labor and employee carelessness. If activity-level risks occur across the organization, they will ultimately affect entity-level risks.


2. Strategic Risk


A strategic risk is a loss that might result from pursuing an unsuccessful business plan or strategy. This might be due to making poor business decisions, substandard execution of decisions, inadequate resource allocation or failure to respond to changes in the business environment.


3. Compliance Risk


Compliance risk is due to legal and regulatory requirements. Environmental, health and safety requirements cause concern because of the risk of fi nes, shutdowns or criminal prosecution. Conformance to quality and environmental standards and specifi cations is also included in this category.


Environmental risks include liquid spills, gaseous emissions and incorrect disposal of solid waste, and would include events such as:


• The purchasing department’s shift from a domestic to a foreign supplier.


• Not replacing a key environmental manager. • Not developing a data safety sheet for new material.


4. Operational Risk


Operational risk can be thought of as having seven sub- categories:


1. Management systems risk. Management systems may be ineffective due to ineffi cient strategies, practices and tools, data processing, call centers, contract administration, and design and development. A highly outsourced supply chain, for example, can be a major risk.


Other management system risks include incorrect revenue recognition, violation of homeland security rules, and noncompliance with environmental requirements and the Sarbanes-Oxley Act (SOX). These may result in fi nes, shutdowns or criminal prosecution. To reduce these types of risks, an organization’s top management and its board of directors must understand the management system and work to improve its effectiveness.


www.NATM.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68