Risky Business - Cruising to Success with ISO 9001-2015 and ISO 31000
Clark Leiphart, Senior Quality Engineer, Modular Mining Systems, Tucson, AZ, USA
Keywords: Risk Management, IS0 31000, Management Review
Even though 9001:2015 does not REQUIRE a formal risk management methodology, there is an opportunity to consistently use risk management throughout a company, on products and services offered to customers, as well as on internal operational processes. This presentation provides both a lightweight approach to documenting risk-based thinking within existing Internal Audit Planning, Corrective and Preventive Action, and Management Review, as well as a more robust framework that can be used within the framework of a higher level compliance-oriented structure such as ISO31000. Both approaches include generic Microsoft documents that can be used to jumpstart an improvement effort. Screenshots of a system implementation within a Microsoft SharePoint web-based Quality Management System will also be shown. The integration and management of risk across the organization should yield an increase in operational efficiency and a common internal vocabulary to pursue opportunities and reduce unintended consequences Participants will learn: How to add risk based attributes to existing ISO9001 procedures and related documented information How to review and assess these risk-enhanced procedure outputs at Management Review How to determine good and bad reactions to risk-enhanced information How to integrate risk-enhanced procedures into a corporate compliance risk management structure What a web-based system incorporating these concepts looks like What a document-based system incorporating these concepts looks like Participants will also be able to get several artifacts to help them with their internal transition efforts to ISO9001:2015, if desired.