Management Review - Light a Fire/Step Out From Under the Trees

Presenter: John Guzik, President, Impact Management, Hanover, PA, USA

Keywords: Standards, management review, ISO 9000

Industry: Manufacturing, Service

Level: Intermediate


In today’s business environment, most organizations are implementing risk-based thinking without thinking of it in these terms. Whenever making a decision that will have an impact on the business, an assessment of risks vs opportunities is done, either formally or informally. The emphasis of this requirement in ISO 9001 supports the notion that this kind of proactive decision-making mentality is crucial to the continual improvement of the QMS, and the organization as a whole.

There has been a great to-do about this “new” ISO 9001 requirement, “risk.” Many have pointed to risk management programs, insisting that the standard now formally requires this. Tools such as FMEAs and PPAPs as well as a plethora of new wiz-bang software programs have been introduced as tools that can do the task. The difficulty with utilizing these tools is that most of them were designed for risk management programs as they address the requirements of the product/service. The fact is that utilizing these tools may help with product integrity while you’re still left hanging in the breeze to demonstrate “risk-based thinking” as the standard calls for.

Moving in the direction of embracing a formal rigid structure such as FMEAs and PPAPs into the realm of addressing risks and opportunities in the perspective of ISO 9001 can create new risks to smaller organizations. In attempting to employ these kinds of tools, the additional risks could include:

1. The potential for investment of excessive costs that may provide no value to the organization, ultimately resulting in slowed operational performance and poor financial performance of the organization, leading to potential closure.

2. The potential for poorly structured programs that could weaken the QMS, and possibly the end products/services going to the customer (read: NCRs, advisory notices, recalls, safety liabilities, etc.) is another very real risk.