Explained: Risk-Based Thinking In Action
In the latest update to ISO standards, we saw a pivot to risk-based thinking that has become increasingly ingrained in the standard’s purpose, and desired outcomes. To help you and your organisation out, we’ve compiled a few tips and tricks in the context of ISO’s risk-based thinking approach to your management system. There’s no magic way to see into the future when it comes to preparing for risks to your organisation’s potential for success, but ISO’s latest move to emphasise the risk-based thinking approach to conducting business is arguably the most effective in terms of preparing for the future.
Let’s have a quick look at some key sections of your organisation, and how risk-based thinking should be at the bedrock of your operations.
Organisational context: When establishing the context of the organisation, ISO requires companies to identify risks that could impact quality objectives. You need to evaluate the risk of producing nonconforming products, which can vary depending on the type of good manufactured or service provided; this, of course varies depending on your industry, but the overall outcome remains the same.
Leadership: Your company’s management should remain committed to addressing risks and opportunities that could affect product quality; ideally ahead of time with some planning sessions that can help identify issues before they become detrimental to your customer.
Planning: On that note, the updated standard’s emphasis on risk-based thinking requires you to not just identify risks and opportunities, but also create plans for how to address them and tackle them head on.
Operation: ISO requires you to implement and control the actions identified during planning steps.
Performance evaluation: This is where you track and analyse the risks, as well as the opportunities identified.
Improvement: Organisations must make improvements based on any changes in risk.
You need to take into account that new versions of the ISO standards are looking for you to design your policies and procedures with an outcomes-based approach. Ask yourself: are you doing anything that might create friction with your customers, or make them feel angry or violated? Write a list of things that represent things that have made a customer feel angry in the past, or any recurring themes in your customer feedback that can help you identify gaps that need to be filled. You can then implement a new set of policies or procedures in your organisation to prevent these risks resurfacing, or at the very least, you’re doing your best to minimise the potential of your customers being upset in a transaction with your organisation.
Don’t forget that this part of the process is best achieved when you’ve got a clear idea of the who, what, where, when and how in the context of what went wrong. Only when you’ve answered these questions will you be able to implement an effective plan designed at addressing risks moving into the future.
If you’re more responsive to video content, you can check out our informative video on the topic presented by our CEO, Kobi Simmat here.
You might not be able to eliminate all your risks, but with a risk-based approach to doing business, your organisation can be better prepared to deal with them ahead of time and focus on the other improvements that need to be made. In the near future, we’ll have a piece detailing how to leverage the effective use of a risk register right here on our blog; stay tuned.