ISO 9001:2015 – risk and opportunities

In the third instalment of our guest blog series in collaboration with PMI, Paul Simpson asserts that, just as there are risks and opportunities that we respond to in daily organisational life, quality professionals should focus on the opportunities for improvement presented in ISO 9001:2015

One of the big new ideas in the 2015 edition of ISO 9001 is ‘Risk Based Thinking’ and if you are to believe the ‘Twitterati’ the concept is akin to the subject of Edvard Munch’s painting ‘The Scream’ as the quality management landscape turns vibrant orange behind them.

But before the hysteria needle hits ‘11’ let’s think back to the real world outside the quality manual.

Everyone involved in running an organisation looks at risk and opportunity – they are two sides of a coin. When an entrepreneur starts their business, risk and opportunity are always front and centre in their mind.

Wherever they have come from, they have identified an opening to start a business, make a living and grow it to the point where it gives them an income with the opportunity of a pot of gold for their retirement. This future is, however, not certain. There will be difficulties along the way and these risks, left unmanaged, could lead to a loss of income and, ultimately, to their business failing.

The entrepreneur recognises these risks come in many forms and many are related to quality:
• Do I have the right products and services for my target customers?
• Can I control production and service delivery to consistently meet those customer needs?
• Can my suppliers keep up with my demands and maintain the quality levels I need?

If I can manage those risks at that level then the business will succeed and I can grasp all the opportunities, including that elusive pot of gold.

Moving forward in time as the business continues to thrive and grow, our entrepreneur has moved upstairs to the boardroom as CEO and has managers and teams dealing with day-to-day business while they buy in high-priced consultants to lead some ‘blue sky’ strategy sessions. Strategic risks haven’t really changed – an incorrect strategy still has the capability to bring down our grown-up start-up.

Tactically the business can cope more easily with risk as it has multiple customers buying a range of products. On the downside, tactical errors can lead to an erosion of hard-earned brand reputation as all our customers inhabit the same system and talk to one another – see the earlier blog on organisational context, Context is King.

Moving out of the boardroom along to the shop floor and offices where ‘business as usual’ happens, ‘risk’ looks a little different but it is just as important it is recognised and managed.

With every order comes a risk the organisation will misunderstand its customers’ needs so, at this process level, there have to be checks and balances. Individuals working with their CEO’s delegated authority, accept orders and enter into contracts including the inherent risks that a legal contract carries.

At the same time on the shop floor, all employees are involved in managing risk. Some develop specifications and standards (perhaps in a separate design office), some manufacture products or deliver services that they believe meet those standards.

Throughout the process managing risks leads to delivered products and services meeting specification, satisfying customer needs and customers paying their bills, thereby allowing the organisation to realise the sales opportunity and contributing to our entrepreneur’s vision of a pot of gold.

If the above risks and opportunities are present in daily organisational life, why do we have concerns for the quality professional’s ability to inhabit this space? Why do we have concerns over what our certification body auditors are going to ‘do to us’?

The revised clauses of ISO 9001 create an opportunity for us to revisit and realign our processes to ensure our systems deliver what our customers and stakeholders want. There are, of course, risks with changes to the standard, but perhaps we can focus on the opportunities presented and maximise them instead.

Paul Simpson, FCQI CQP, is Head of Quality, Technical Services at Network Rail National Supply Chain

One thought on “ISO 9001:2015 – risk and opportunities

  1. Ian Dalling

    I would not disagree Paul but it is perhaps easier to understand when we put the horse before the cart (unlike ISO 9001) and talk in terms of opportunity and threat/harm. When managing under uncertainty, opportunity and threat/harm become prospect and risk respectively. This will make sense to those familiar with SWOT analysis, and its extensions where we introduce a likelihood component to cope with uncertainty. Prospect, which is an estimate of likely gain, always takes the lead over risk which is an estimate of likely loss or losses. Risk is always bad but has to be accepted or tolerated when unavoidably associated with a prospect that we decide upon (often from alternatives). The taking of risk in isolation of prospect(s) is never a good thing. We have to decide on the acceptability of the degree that the overall prospect aggregate is estimated to exceeds the risk aggregate and that each individual risk is acceptable. Things are made more complicated because each stakeholder will have a personal view i.e. opportunity, threat, and prospect and risk are all relativistic according to each stakeholder and is why stakeholder analysis is a critical upfront activity in any planning. However, how many organisations systematically address this and how many do it really well?
    We can apply prospect and risk thinking to the whole of the organisation’s structure and processes when managing under uncertainty to improve all aspects of performance. MSS 1000:2014 does this systematically and addresses the totality of managing an organisation irrespective of its type and size. This is possible because it focuses on the structures and processes that are at the heart of all aspects of performance and not by trying to manage these various aspects of performance separately which has been the general approach in recent years and driven by ISO. MSS 1000:2014 fully elaborates on the theory and practice of prospect and risk management using joined up management thinking and can be freely downloaded via .


Leave a Reply

Your email address will not be published. Required fields are marked *