Risk-oriented thinking was most developed abroad. This concept has been further developed with the release of the international standard ISO 9001: 2015.
Risk management concept
This direction is a fairly new trend in the development of an economic entity.
It was first mentioned in an American article back in 1956. Its meaning was that legal entities should hire risk management specialists to reduce economic losses.
Since the second half of the last century, these publications have become regular. In the 70s, consultancy services began in the field of risk assessment.
The concept of risk and its management
Risk is the effect of uncertainty. This definition is given in GOST R ISO 9001-2015. This indicates that embedding risk-based thinking in the quality management system is observed.
Under the uncertainty can be understood inaccurate or incomplete information provided under the terms of the project. Any entrepreneurial activity is associated with this concept.
In order to manage risks, it is necessary to identify, analyze and resolve them. This management process should be carried out in consultation with interested parties in order to modify it so that its subsequent processing is not required.
Risk Oriented Thinking in the 2015 ISO 9000 Series Standards
For its implementation, the business entity must create a set of agreed methods and measures with the aim of managing risks and exercising control over them, which can impede the organization's activities in achieving its goals.
This requirement, which appeared in the 2015 version of the standards, essentially replaces the requirement for preventive actions from the 2011 version.
Along with risks, it is necessary to implement actions related to opportunities. The latter means the ability of an object to produce a product that meets the requirements.
The reason for such a replacement of preventive actions with risk-based thinking is that the former were not perceived as a means of continuous improvement, as a result of which the latter were carried out at a fairly low level and unsystematically.
According to the new version of the standard, business entities wishing to undergo certification for compliance with this QMS must identify risks, as well as opportunities and determine actions to address them. Legal entities must decide how to make these actions part of their quality management system, how they will monitor, analyze and evaluate the effectiveness of these processes and actions.
In the process of identifying, registering, reducing and eliminating risks, according to the requirements of this standard, top management will be involved.
The new version of ISO 9001 does not require any special document to describe the risk-based approach of a legal entity. But to ensure uniformity, it is better to create guidelines for identifying and assessing risks.
Connection of the phenomenon under consideration with the process approach
The current version of the above standard requires the mandatory use of this approach.
It includes the implementation of a PDCA cycle. At the planning stage (P), an analysis is made of both the internal and external environment of the business entity using various quality management methods: data stratification using checklists, brainstorming, Shekhart control charts, Pareto and Ishikawa charts , scatter, SWOT and PEST -analysis, benchmarking, Delphi method.
At the do (D) stage, a risk assessment is carried out and exposure is carried out using the above methods, as well as FMEA analysis, expert method, HACCP and some others.
Stage "Control" (C) involves monitoring and measuring the implemented strategy for identifying and assessing risks.
The “Act” stage (A) provides for the review of the organization’s risk policy, the design and implementation of various measures is carried out in order to improve the functioning of the risk management process.
Thus, the process approach and risk-based thinking are interconnected. This is confirmed by the fact that the phenomenon under consideration is given in the ISO 9001: 2015 standard in the “Process Approach” section.
Risk assessment and identification
The ideology of risk-based thinking involves the mandatory implementation of these stages.
Risk assessment includes its identification, as well as analysis and calculation. It can be carried out by various methods and techniques. With this assessment, a better understanding of the risks comes, which allows you to make the right decisions on the best approach for handling the latter. The results of this stage serve as input for decision-making processes.
Risk identification is a process for identifying, recognizing and recording risks. It is carried out in order to assess what could potentially happen, which will affect the organization's achievement of the goals that it set for itself.
Risk identification methods include those based on evidence, a systematic team approach, and inductive inference. To carry out this operation, it is necessary to determine the factors that influence the stable activity of an economic entity.
Examples
Consider the application of risk-based thinking in the enterprise.
Suppose that plumbing has come under the responsibility of plumbing, which has a considerable length. During his vacation, an accident occurs at some of the sections of the water supply system, and the infrastructure and building features of the latter are known only to this plumbing. To study them, it takes time, consumers want to transfer the pipe system through which water is supplied to other competitors.
Applying the risk-oriented thinking in this example, the legal entity should determine the competence of the people who work with it, who affect the effectiveness of the QMS, ensure the preparation of these persons, take other actions aimed at acquiring the required competence, and evaluate their effectiveness, register and maintain competency information.
Finally
Risk-based thinking is one of the requirements of the international standard in the field of quality management systems. It is associated with a process approach and should be implemented systematically. Responsibility for making such decisions in the field of QMS lies with the top management of the company. Incorrect actions in a risk-based approach can lead to losses for the business entity.