This page contains a Flash digital edition of a book.
ISO 9001:2015 Addresses Risk. Is Your Organization Ready? Tracks


checks, limited access to confi dential information, numbered transactions prior to entry, and review and approval of paper- based information prior to input.


Quality controls at the activity level include control of production (clause 8.6.1), documented information—correction of nonconforming products and services (clause 8.8) and identifi cation of signifi cant environmental aspects (ISO 14001:2004, clause 4.3.1).


Risk and Preventive Action Effective risk assessment activities include: • Defi ning the organization’s measurable objectives. • Assuring the compatibility of the objectives. • Identifying risks to achieving objectives.


• Judging which risks are critical. A risk analysis matrix can be used to determine criticality of the risk.


• Using risk management tools to mitigate risks, such as the objectives, risk, controls and alignment (ORCA) process, the ISO 9001 improvement process, failure mode and effects analysis (FMEA) and risk control matrix.


Risk Analysis Matrix


A key tool is the risk analysis matrix. For each identifi ed risk, the consequences and likelihood of occurrence of the risk are estimated. These are then input into a risk analysis matrix, shown in Figure 1.


After the level of concern is determined for each risk, actions can be implemented for the extreme and high risks. ISO/DIS 9001:2015 requires a procedure that implements the following:


• Take action to control and correct the nonconformity. • Evaluate the need for action to eliminate causes. • Implement corrective actions. • Review effectiveness of actions. • Make changes to the QMS, if necessary.


ORCA


Risk expert Greg Hutchins suggests considering using ORCA as an organizational risk assessment method.


“It is well accepted and adopted. It incorporates elements of other types of assessments including process, internal control and system audits.” he wrote. “Also, it fi ts into today’s corporate governance focus on risk management and operational effectiveness.”


ORCA requires organizations to: • Articulate organizational objectives. • Identify and assess risks across the entire spectrum.


• Build in balanced controls to manage organizational risks.


• Ensure alignment of objectives, risks and controls across the entire enterprise.


After the risk assessment is conducted, senior and operational management can develop strategies to manage risks and


Consequences


Likelihood Insignificant Minor Moderate Major Catastrophic Almost Certain Moderate High Likely


Moderate Moderate High


Possible Unlikely Rare


www.NATM.com


High Extreme Extreme High


Low Moderate Moderate High Figure 1: Risk Analysis Matrix November/December 2015 45


Extreme Extreme


Low Moderate Moderate Moderate High Low


Low Moderate Moderate Moderate


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68