Much is being made of the increased focus on ‘risk-based thinking’ in ISO 9001:2015. The cynic could argue that this concept is nothing new as it was always implied in ISO 9001:2008, and that good quality professionals have been identifying, quantifying and communicating risk for a long time. These are both valid points, so it begs the question why there is so much talk about risk in ISO 9001:2015 and the importance of this change of focus?
I think the real change which ISO 9001:2015 is trying to bring about is not the introduction of risk-based thinking but instead the challenge to quality professionals and organisations they serve to change how we think about and articulate risk.
This change in mindset is driven by the introduction of the ‘context’ based requirements in ISO 9001:2015. These are intended to ensure the completeness and value to all stakeholders, of the organisation’s objectives. It is further reinforced by the CQI’s five key quality management questions and the Competency Framework that complements it.
A change of mindset presents the following practical challenges for the quality professional:
- To think more broadly than the ‘risks of a product/service not conforming to specification’ and instead consider the way in which the entire organisation is managed. What risks and opportunities does this present and how might they impact the organisations ability to ‘produce the desired outcomes for all stakeholders?’
- To go further than just assessing the risks, which can affect an organisation’s ability to achieve its objectives, and instead challenge whether the organisation’s objectives are the right ones ie whether they are ‘fit for purpose with respect to all stakeholders’ needs?’
Rising to the challenge
The quality professional can respond to these challenges by bringing together the needs of all these stakeholders in one place. They can demonstrate how the world’s leading organisations see the effective management of stakeholder risks and opportunities as key to maintaining their competitive advantage. This can be achieved as follows:
- Develop a robust stakeholder map, I would use the stakeholder driven method described in the ‘ISO 9000 Quality Systems Handbook’ by David Hoyle, and adapt it slightly to address the following questions:
- Who stands to benefit from our organisation?
- What are their needs relative to our mission?
- What will they look for as evidence of satisfaction?
- What outputs will deliver successful outcomes?
- What factors affect our ability to deliver these outputs?
- What process deals with this factor?
- What should our policy (management intent) be for operation of this process?
- Who should own this policy?
Completing a ‘stakeholder map’ like the one outlined above has several benefits. It sets the ‘context’ of the organisation, enabling stakeholder needs/interests to be viewed by leadership in one place and considered as a whole rather than in isolation. It also allows the organisation to determine exactly what processes it needs. Furthermore, it can also help the quality professional to deliver meaningful policy audits, transitioning away from ‘process compliance’. Providing leadership with an early warning of instances where policy (their intent) and practice (operational reality) are beginning to ‘decouple’ (as a result of changes to the ‘context’ of the organisation), and allowing them to take meaningful action to reduce risks and maximise opportunities.
- Demonstrate to top management that the most successful quality companies understand and embrace the needs and interests of all their stakeholders. The most engaging way I’ve found is to introduce leaders to Fortunes ‘Worlds Most Admired Companies’ – highlighting the nine criteria against which these companies are assessed and their relevance to all stakeholders. Rather than using case studies to show relationships with stakeholders as involving risk, conflicts and trade-offs, they see opportunity, interdependence and mutual benefit, and have become phenomenally successful as a result.
Ian McCabe is Head of Quality at Nuvia Limited.