Risky Business vs Risk-Intelligent Business

Rolling the dice concept for business risk, chance, good luck or gambling

Digitalization, globalization, competition and the speed of technological advances has changed the nature of business.  ISO 9001:2015 has been in effect for a full year and it places a heavy emphasis on using “risk-based thinking” for managing quality-related processes. Risk has always been implicit in ISO 9001.  But the latest revision asks organizations to make a cultural shift—rather than focusing on isolated problem solving and resolution, they’ll focus on prevention and performance improvement.

The International Organization for Standardisation (ISO) explains it this way:

“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.

Under the new guidelines, risk management serves as the cornerstone of quality management system design. As organizations determine the processes needed for a quality management system, they’re also asked to determine the associated risks and opportunities and to plan and implement appropriate actions to address them.

In the context of ISO, the concept of “risk” relates to the uncertainty in achieving the main objectives of International Standards—namely, to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Risk is the possibility of events or activities preventing an organization from achieving its strategic and operational goals.

This shift in thinking does not replace the standard’s process-oriented approach, but enhances it. While the process is still a critical part of ISO 9001:2015, processes must now be implemented with an acute awareness of risk.

Organizations are asked to identify, analyze and prioritize all potential risks as they undergo building or adapting their existing quality management implementations for updated certification.

Risks can be defined by two parameters—the severity, or seriousness, of the harm, and the probability that the harm will occur. Risks can be assessed based on the likelihood they will occur, the likelihood they can be detected, and potential impact should they occur. From there, risks are evaluated based on their importance (what is acceptable, what is unacceptable?) and actions are planned to address the risks, whether that’s avoiding or eliminating the risk or mitigating it.

Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.

What’s the best way to document risk-based thinking and demonstrate the approach during audits?. Evaluate how you evaluate risks today with the processes you have. Understand how you decide when risks are acceptable or unacceptable.  ISO wants to see that you record identified risks when action is required, and the action steps to be taken. 

Putting into place the Plan-Do-Check-Act (PDCA) methodology can be a great way to define, implement and control corrective actions and improvements. Companies should Plan what to do and how to do it, Do what was planned, Check that things happened according to plan, and Act on how to improve the next time around.

Companies have two years to make the transition to ISO 9001:2015, as certifications for the 2008 edition will expire after September 2018.

SimpleQuE was one of the first consulting companies to be ISO 9001:2015 certified and we’re ready to assist organizations with transition or implementation.  Please visit our website for more information about our services.

Sign Up For Our Newsletter

Matrix Design Group Celebrates ISO 9001:2015 Certification!

Screen Shot 2016-09-23 at 12.45.44 PM

Recognized as an industry leader in mine safety technology innovation, Matrix is focused on research and development for the mining industry. Matrix has designed, manufactured, distributed and installed a variety of products to improve safety and productivity for mining applications. The current Matrix innovative product line includes IntelliZone® Proximity Detection Systems (used on a wide variety of equipment ato detect workers in low or obscured visibility situations), Communications Systems, Personnel and Equipment tracking systems, Atmospheric Monitoring Systems (AMS), and the MineOwl Camera System. Continue reading “Matrix Design Group Celebrates ISO 9001:2015 Certification!”

ISO 9001 Certification Changing the Standards for Higher Education

Stack of hardback books and Open book lying on bench at sunset park against blurred nature backdrop. Copy space, back to school. Education background. Toned image.

More than 1 million organizations and companies worldwide understand the benefits of being ISO 9001 certified. Educational institutions are beginning to recognize the importance of established standards and are seeking certification, as well. As we enter the new school year, a these schools have taken the initiative and will start the year as ISO 9001 certified: Oakwood University, Greater Altoona Career and Technology Center,  DRS International School, and Wenatchee School District #246. Continue reading “ISO 9001 Certification Changing the Standards for Higher Education”

News Update from the International Automotive Task Force (IATF)

steering-wheel-801994_1920

In October 2016 IATF 16949:2016 will be published by IATF and it will replace the current ISO/TS 16949, defining the requirements of a quality management system for organizations in the automotive industry. It will be aligned with ISO 9001:2015 and its structure and requirements. IATF 16949:2016 will be implemented as a supplement to, and in conjunction with, ISO 9001:2015.  www.iatfglobaloversight.org

IATF has also released a new transition strategy document for automotive suppliers and certification bodies to help with the transition.  It includes information about timing and transition audit requirements. After October 1, 2017 no audits (initial, surveillance, recertification or transfer) will be conducted to ISO/TS 16949:2009. IATF Transition Strategy ISO/TS 16949 › IATF 16949

It is also important to note that IATF/IAOB will recognize TS certified companies that have upgraded to ISO 9001:2015 prior to IATF 16949 and allow reduced audit days when the company does eventually upgrade to the new IATF 16949 standard.  Companies should coordinate with their registrar to determine the optimal audit approach and cost benefit.  (Separate audits may be not be cost effective, but it will depend on each company’s situation.)

SimpleQuE consultants and instructors are ready to assist companies now with implementation, transitioning and training for ISO 9001:2015 and TS 16949:2009.  Consulting and training for IATF 16949 will be available after its release in October.  Contact simpleQuE

Congratulations to the entire Barrett team!

Barrett-Team2016-3000px

Congratulations to the entire Barrett team for achieving ISO 9001:2015 certification from global registrar NQA!

Headquartered in Murfreesboro, Tennessee, Barrett Firearms Manufacturing is a world leader in large-caliber rifle design and manufacturing. It was founded in 1982 by Ronnie Barrett, who invented the first shoulder-fired .50 caliber rifle. Continue reading “Congratulations to the entire Barrett team!”

A “simple” Way to Transition to ISO 9001:2015

SimpleQuE was one of the first consulting companies in the world to become ISO 9001:2015 certified, so we know what it takes to transition to the new standard. Utilize our expert consultants or gap checklist to guide you through the process.

sq-approach (1)

The simpleQuE consulting approach applies to companies getting certified for the first time, adding a new standard, or upgrading an existing certification.  For a customized quote and information, call 740-305-0868 or contact us by email.

How Does ISO 9001 Affect the Bottom Line?

Increase revenue concept. Businessman plan revenue growth office in background.

ISO standards impact businesses, governments and societies worldwide in a powerful and positive manner by providing practical tools for sustainable development.  This sustainability is incorporated economically, environmentally and socially, but many business owners want to know how these standards will affect their bottom line.  Continue reading “How Does ISO 9001 Affect the Bottom Line?”

4 Aspects of a Better Business With ISO 9001

success and winning concept - happy business team celebrating victory in office

Successful business leaders know that a good quality management system results in overall efficiency and improvement for the organization.  However, when there is a lack of consistent processes, inefficiency is inevitable.  Without uniformity, audit trails or accountability, it is difficult to identify and fix the gaps in the system, which can result in loss of time and money and not meeting performance objectives. Continue reading “4 Aspects of a Better Business With ISO 9001”

Congratulations G-NAC!

Photo from left: Cannan Christ - Management Rep., Jim Lee – SimpleQuE President, Toshikazu Mitsugi - G-NAC President
Photo from left: Cannan Christ – Management Rep., Jim Lee – SimpleQuE President, Toshikazu Mitsugi – G-NAC President

Congratulations! G-TEKT North America Corp. (G-NAC) achieved its ISO 9001:2015 certification! G-NAC enlisted the services of simpleQuE consultants, Don Milinkovich and Jim Lee to provide Quality System Implementation Support to prepare their office in Dublin, OH for certification, which they received through BSI.

G-NAC provides design and R&D services to automotive OEMS; and sales, new model design services and production equipment for the factories that manufacture automotive vehicle frame, transmission and engine components. What’s next for G-NAC? Over the next two years they’ll be working on ISO/TS 16949 implementation for their new plant with ISO 14001 to follow after that.

G-TEKT has an environmental philosophy that places the highest priority on the conservation of the global and local environments. “As a member of the society responsible for passing on the green Earth to the next generation, it shall strive to both engage in environmentally considerate business activities and help conserve the global environment under the slogan, ‘The Earth is our shared resource’.”

G-TEKT sets a great example for responsible stewardship!

What leadership should know before coming face-to-face with a certification body auditor – by Jim Lee

Quality Managers should be happy about the new leadership and top management requirements in ISO 9001:2015.  It is now a requirement that the quality system be aligned with the company’s strategic direction; and the certification body auditors will be scrutinizing the company’s leadership for their involvement and support, beyond the management review meetings and establishing goals that support the quality policy. Those companies where the entire quality management system is placed solely on the quality manager are the ones that will feel the changes when the certification body auditors want to schedule time to talk with the executive team.

“Leadership” is one of the 7 quality management principles on which ISO 9001 is based and has been since the beginning of ISO. It’s now more enhanced with the phrases “top management” or “leadership” referenced 16 times, including Clause #5 titled “Leadership”.  Leadership at a variety of levels in the company should provide unity of purpose and direction, helping the company align its strategies, policies, processes and resources to achieve its goals. That’s a good quality system, and good business.

The company’s strategic direction (written or not) needs to encompass the quality management system.  This is accomplished through the new layout and requirements of the ISO 9001 standard for understanding context, the needs and expectations of interested parties, establishing the processes, setting the quality policy and establishing the objectives.  Are these really new requirements?  Maybe not, but there’s definitely more substance in the requirements to have top management involved and committed, and the quality system supported in the company’s strategic direction.

How will the third party auditors evaluate this when there are no requirements for a documented strategic plan, or a written context of the business, or documentation of who the interested parties are, or for managing risks? The auditors are going to have to talk to a lot of the management team to get a clear and reliable representation.  I wouldn’t be surprised if some auditors to set an agenda item to meet with the leadership team. They’ll want to see that the leadership is committed and connected to what’s happening in the business and whether the key processes of the quality management system are effective in meeting objectives. If not, then they’ll want to know that management is aware and taking actions to try to turn things around. They’ll want to learn where the risks exist and what’s being done about them, and how the leadership promotes risk-based thinking.

The hard part for the certification body auditors will be that some of them will have difficulty auditing when no documentation is required. That’s why your company needs a consistent and clear story when documentation doesn’t exist.

The majority of companies are already compliant with these requirements, but the leadership will be the ones that will have to answer third-party auditor questions to defend and justify what they’re doing.  As long as the leadership in your company is aware of the ISO expectations and can relate what your business does in answering the auditor’s questions, you will do fine.  I believe this will be the challenge for most of the executives who won’t know how to take credit for what they already do to satisfy ISO requirements, or don’t understand the auditor’s questions from ISO as it relates to their business.

Educating the leadership and helping them understand the new requirements and how you already comply will help them be able to speak the right message when asked about context, interested parties, risk-based thinking, or strategic direction.

Jim Lee is President of simpleQuE Inc., an ISO 9001:2015 certified company. SimpleQuE is a medium-sized  consulting, training and auditing company of quality management systems with a focus on “quality excellence made simple”.  Jim is an IRCA certified QMS lead auditor, a former IATF certified ISO/TS 16949 auditor, and a former RABQSA certified Aerospace Auditor and has performed 3rd party audits in the past.