ISO 9001:2015 Risk Approach

This Month

Where Technology & Manufacturing
October 14, 2015 Hilton Tucson El Conquistador Resort. Register Now – We are an Expo Exhibitor.


October 29-30, 2015 Peppermill Resort and Casino Reno, Nevada.
Register Now. We are a Gold Sponsor and Exhibitor of this conference. See you There!  



Helpful Links

What We Deliver
  • Operational and Quality Systems
  • Assessments
  • Training
  • Internal Audits
  • Lean Enterprise
  • Six Sigma
  • Kaizen Events
  • ITAR

Improved Profits and More!

Our newsletters provide information on business management systems and process improvement methods. These systems include ISO 9001 QMS, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental Management Standard, and others. Subjects include performance improvement methods such as Six Sigma, Lean Enterprise, and other topics of interest to our readers.

If you have any questions regarding content, or have a subject of interest for a future newsletter, please let us know!

ISO 9001:2015 Risk Approach

    risk management flow chart drawn by hand isolated on blackboard


One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to risk, rather than treating it as a potential component of a quality management system. The word “Risk” is new to ISO 9001 and will require organizations to address risk and opportunities, integrate and implement actions into QMS processes, and evaluate actions effectiveness.

The term “preventive action” no longer exists in the new standard. We are use to preventing something from going wrong, a form of risk, but now the new standard uses a risk-based thinking approach. Taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.


Risk in ISO/FDIS 9001:2015
There are a number of elements of risk-based thinking in the FDIS of ISO 9001:2015 that will affect many organizations as they work toward compliance to the revised standard.  The following discussion points describe references to risk in ISO/FDIS 9001:2015.

Defines risk as the “effect of uncertainty on an expected result.”

Section A4 of Annex A describes a risk-based management approach consisting of requiring the organization to understand its context consisting of internal and external issues.
  • Understanding the needs and expectations  of interested parties.
  • Determining QMS scope based on internal and external issues and interested parties and,
  • Identifying and addressing the risks and opportunities determined in context and needs of interested parties
Let’s take a look at the types of organizational risks.

Entity Level: risks which occurs at the entity and activity levels. Entity-level controls are internal controls that help ensure that management directives pertaining to the entire entity are carried out. For example, entity-level risks can be external or internal. External factors could include technology, competition and regulatory factors. Internal factors can involve information systems, competency of company personnel, controls to monitor the results of operations.

Activity Level: risks affect individual units or functions, and can include customer order information or lack of purchased materials not entered into the system, lost receiving/inspection/shipping records, and employee carelessness. If activity-level risks occur across the organization, they will ultimately affect entity-level risks.

Consideration: What is relevant to your QMS to prevent, or reduce undesired effects? This includes enhancing desirable effects. What risks and opportunities will you address to assure your QMS intended results, to achieve improvement, and evaluate the effectiveness of actions taken?

Strategic Risk – a strategic risk is a loss that might result from pursuing an unsuccessful business plan or strategy. This might be due to making poor business decisions, poor execution of decisions, inadequate resource allocation or failure to respond to changes in the business or customer environment.


ISO 9001:2015 states “actions taken to address risks and opportunities will be proportionate to the potential impact on the  conformity of products and services.”

Further a note explains “options to address risk can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.”


In our next newsletter we will discuss “QMS Operational Risk” which can consist of several subcategories. We will also discuss “Risk Analysis Methods” which could be applied to your planning requirements.

Our mission is to ensure your company makes a successful and measurable transition. Contact us for information on how we can support your future ISO 9001:2015 Training and Service needs. See our new training courses in this issue.  

Data Analysis and Evaluation


ISO 9001:2015 states the organization will analyze and evaluate data and information arising from monitoring and measurement. The analysis results will be used to evaluate

  • conformity of products and services
  • the degree of customer satisfaction
  • the performance and effectiveness of the QMS
  • the effectiveness of actions taken to address risks and opportunities, and
  • the performance of external providers


Furthermore, documented evidence regarding management review meeting inputs and outputs requirements have also been expanded.

With the data analysis and evaluation improvements that all ISO 9001 certified organizations will be addressing, we see this as an excellent opportunity to mention a prior study conducted by The American Productivity and Quality Center (APQC). This best practices study, focused on understanding leading practices and approaches for successful performance measurement. The study identified 20 best practices that help organizations use performance measurement as a tool for achieving long- and short-term business goals.

The practices in the report support improvement at enterprise, operating unit, and individual staff levels.


1.  Identifying Actionable Measures 

  • Have  senior management analyze business processes that have the greatest impact on strategic organizational imperatives?
  • Use collaboration systems that allow direct stakeholder feedback, and link measures to specific business processes.
  • Align individual employee measures with departmental performance measures.
  • Use a balance of leading and lagging indicators.
  • Use fewer than 5 measures to access each business process.
  • Include a diverse blend of cost, efficiency, and quality measures.


2.  Effective Measurement Through Staff Buy-In
  • Involve staff in developing the measurement system, and provide employees with a documented roadmap of the measurement process and outcomes.
  • Include process measures as part of performance appraisals, and connect measures with compensation.
  • Use a variety of techniques (meetings, dashboards, scorecards) to communicate the importance of measurement to all employees. 
  • Involve executive staff in communicating with employees about measurement.  


3.  Analyze Metrics for Proactive Decision Making
  • Leverage a number of different process improvement techniques that involve analyzing process measures, including project analysis, Lean Six Sigma, and benchmarking.
  • Provide activity and outcome measurement information directly to employees who are responsible for executing a process.
  • Create stability through documentation and measurement system processes to avoid disruption when there are personnel changes.


4.  Success Factors
There are six factors that the best-practice organizations use to create successful measurement systems.
  • a business process management (BPM) center of excellence.
  • strong alignment of the organization’s measures with its strategic objectives.
  • compensation and rewards linked to the achievement of metric targets/results.
  • a process to provide measurement data to employees doing the work being measured.
  • a culture of accountability for measures and results, and
  • a centralized group responsible for analytics.


Effective measurement systems have the information needed to focus attention on desired behaviors and results. Contributing employees at all levels of the company need information that is sufficiently complete, accurate, and consistent in order to demonstrate results and be given the ability to focus on outcomes.


ASQ 24th Annual Internal Audit Conference



American Society for Quality
October 29 & 30, 2015
Peppermill Resort & Casino, Reno, Nevada

Sustaining Edge Solutions is a Gold Sponsor & Exhibitor at the 24th Annual Audit Division Conference!  As a past company conference sponsor, we have continuously found that the Audit Division Conference is an exceptional event with a wealth of information and top notch value delivered. The Peppermill Resort is a great location. Looking forward to seeing you there!

Conference Overview: With the publication of the ISO 9001:2015  Standard-new methods to achieve effective results, auditors are expected to influence managerial decision making with their audit findings.  This conference focuses on the auditor’s role in identifying quality system issues to improve  performance & processes,  revenue, and customer satisfaction, including management planning and the decision making process.

Conference sessions include

  • ISO 9001:2015: How Will it Change Your Internal Audits?
  • Effective Risk Assessment Auditing
  • Closed-loop Risk Based Audit Program Model
  • Advanced Interviewing Techniques for Audits
  • Internal Audits Using Six Sigma-DMAIC Process
Tutorials: One, two and three day pre-conference tutorials will be conducted on October 26, 27 & 28, 2015. 


                           Conference Registration Here

Visit us at our exhibitor booth. We will be offering valuable information and methods for effective ISO 9001:2015 quality management systems auditing. Don’t forget the free swag too.  We will be offering discounts on all our business management systems services, training courses and more!  



In the News

Welcome Our New Senior Management Consultant     
Dennis Stambaugh has joined the SES Team! Dennis has been a contributor to our 2015 newsletter content, and now he is a member of our consulting and training team.

Dennis has over 30 years in senior leadership roles within business organizations. Dennis brings extensive knowledge on a systems perspective and the use of quality frameworks to drive continuous improvement. His background includes organizational effectiveness assessments, senior leader coaching and implementation of customer-focused quality management systems.

As a National Baldrige Examiner and Regional Judge, his review of state and national applicants from diverse business sectors brings the sharing of best practices learned from high performing organizations. Dennis has served on the Board of Examiners for the Baldrige Award, as well as currently serving on the Panel of Judges for the Southwest Alliance for Excellence, the Baldrige based Program serving Arizona, Utah and Nevada. Dennis earned a Master’s degree in Health Care Administration from Texas Women’s University. He is the coauthor of Quality Improvement Basics; An Introduction to Healthcare Management.

You can find out more about Dennis on our Company Website.

Is your organization struggling to manage its work?

If you feel that your organization is struggling to manage and coordinate all its work; or if you simply need help to account for everything your organization is doing and see whether it contributes to meeting its objectives, then ISO 21504 is for you.


The newly published standard has been written for executives and senior managers, for decision makers involved in this type of work, for the teams and individuals implementing and managing portfolios, and project and program managers and other stakeholders.


In too many organizations, not all work is tied to objectives, which means that an organization could potentially be wasting resources. ISO 21504 can be used to evaluate and optimize the use of resources towards an organization’s objectives.

Find out more about ISO 21504:2015 at the ISO Website

ACSI: E- Business Customer Satisfaction Rises

Customers are more satisfied with e-business as social media hits its stride, according to new data from the American Customer Satisfaction Index (ACSI). Only a year ago, social media ranked among the worst industries in the Index, but now climbs 4.2 percent to a score of 74 on ACSI’s 100-point scale, overtaking Internet news and opinion websites (-1.4% to 73). Meanwhile, customer satisfaction with search engines and information websites is down 5.0 percent to 76.

“Today’s consumers practically live on their smartphones, and mobile compatibility is increasingly important to customer satisfaction,” said Claes Fornell, ACSI Chairman and founder. “Social media has made strides in improving the mobile experience, particularly through mobile apps that can be optimized by operating system to ensure better compatibility with various screen sizes.”

The ACSI report, which is based on 5,400 customer surveys collected in the second quarter of 2015, is available for free PDF download.

Training Courses

View all our online Courses

Don’t see a course or schedule that fits your needs?  Contact us.

This is an exciting time for quality professionals and business owners to re-examine and improve their operational and quality management systems. The ISO 9001:2015 Standard is scheduled to be published this month and SES is on board to assist you with all your needs.

Next month, October is a busy month for us with our future two conference exhibits, and our continued sponsorship support of the ASQ Internal Audit Division Conference, this year in Reno, NV. The city of Reno is beautiful with surrounding mountains and one of my all time favorite U.S. locations – Lake Tahoe just down the road.

A top notch learning experience. Hope to see you there!

Best regards,

Walter Tighe and SES Team
Sustaining Edge Solutions, Inc.
Toll Free 888-572-9642



Leave a Reply