1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Clarity about the note in 6.1.2 of the standard

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Somashekar, Nov 9, 2015.

  1. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    ~~~ I found this question in Linkedin and felt this is a good place to also discuss for clarity of thought ~~~

    In the ISO 9001:2015 "Actions to address risk and opportunities" clause (6.1) there is a note providing options to address risks that include:

    1. Avoiding risk
    2. Taking risk in order to pursue an opportunity
    3. Eliminating the risk source
    4. Changing the likelihood or consequences
    5. Sharing the risk
    6. Retaining risk by informed decision

    Looking for clarity to understand the distinction between a couple of these options made bold above.
    Can anyone explain these further and perhaps provide a couple of examples?
     
    Atul Khandekar likes this.
  2. rob73@work

    rob73@work New Member

    Joined:
    Sep 29, 2015
    Messages:
    4
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    UK
    IMHO i would say as an example of 2. would be investing in a novel product or service which may or may not return the investment, therefore has an inherent business risk. Point 6. could be retaining a customer who is in financial trouble, but in the past has brought profitable business, therefore brings a financial risk to the business.
    As 9001 is now supposed to cover the entire business structure and not just focusing on products/services the range of risks to be considered has multiplied considerably. How you would (or even could) document all of these decisions, some made on a daily basis, would be another topic of conversation.
     
    Jennifer Kirley and Somashekar like this.
  3. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    My response to this also posted in Linkedin ~~~
    While the taking risk is a strong step ahead when you have the option to not take that risk, which is based on how much you seek that opportunity., Retaining risk is the consequence of risk already taken earlier, perhaps by someone else and you gather enough information perhaps not to be surprised at the risk occurrence, but to quickly take apt decisions at such times....
     
  4. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    As always the consideration is based on the nature of the risk. If it is not severe then the organization may simply opt to pursue more urgent things; there is likely to be more than one risk to address. Once having evaluated the potential consequences and determined willingness to accept them, I would call that a decision to retain risk based on information.

    Risk for the sake of opportunity might also be investing substantial research and development into an untried product or service. The outcome might be a vast success, or a flop, or something in between.
     
  5. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    Dear Somashekar,
    The referred note is taken from ISO 31000 cl. 5.5.1.
    When pursuing promising opportunity, it is reasonable to take risk involved.
    If risk is perceived as acceptable, it can be retained.
     
    tony s and Somashekar like this.
  6. charanjit singh

    charanjit singh Member

    Joined:
    Jan 21, 2016
    Messages:
    32
    Likes Received:
    10
    Trophy Points:
    7
    The basic point that, to my mind, is not to lose sight of the fact that this is Quality Management System standard. So we need to consider the risk of not being able to meet QMS requirements - or the customer requirements, without going into hypothetical/philosophical discussions on so-called "Positive side of risk", like, for example, can we take a risk of showing that we meet QMS requirement without actually implementing some parts of it? (After all an audit is on sampling basis and not a 100% audit)
     
  7. charanjit singh

    charanjit singh Member

    Joined:
    Jan 21, 2016
    Messages:
    32
    Likes Received:
    10
    Trophy Points:
    7
    The basic point that, to my mind, is not to lose sight of the fact that this is Quality Management System standard and a general business management standard. So we need to consider the risk of not being able to meet QMS requirements (which in nutshell means the customer requirements) without going into hypothetical/philosophical discussions on so-called "Positive side of risk", like, for example, can we take the risk of showing that we meet QMS requirements without actually implementing some parts of it? (After all an audit is on sampling basis and not a 100% audit).


    You may consider what the extreme factors/cases (risks) are that could inhibit your organization’s ability to meet these requirements – e.g. failure of key facilities, workers’ strike etc. Nobody mandates you to start hunting for ‘positive’ side of risk.

    Hope this helps
     
  8. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    About two sides of risk.
    Let us imagine the top management decided to outsource the key process. The quality manager has known this change was taken as the opportunity for improving the performance. However, there also was a risk not to realize this opportunity with positive effect because of the innovative character of the change and many uncertainties involved. Following 6.1, the QM determined the risk to underperform due to the above change and took some actions to address the threat of failure (negative risk). With time passed, it has become clear that the change will definitely result in improving the performance. Thus, the risk downside has changed to the risk upside.
     
  9. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    I would interpret the distinction between the two this way:
    Taking a risk to pursue an opportunity: as said earlier, we invest money and time on a new porduct or service that may not be viable. This is a very specific situational statement in mind.
    retaining a risk by informed decision is more a general situational statement. It could include the statement regarding pursuing an opportunity and it would also include things like deciding to release some product that has a defect/flaw that may cause some negative consequences to some customers (and increase our scrap/repair costs) but the alternative would be to go off market until a fix could be found. If the alternative is worse then we might 'retain the risk' of the defect and its' occurence rate because the data says it's the lesser of the two choices....

    As an aside, I find the 2015 version to be written in very obtuse language. I find it very difficult to understand.
     
    Last edited: Jan 31, 2016
  10. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    Not sure...I might be repeating above thoughts, just in different words...

    I find both #2 and #6 to be essentially the same thing, with one subtlety setting them apart:

    #1 is finding a way to not take a risk.
    #2 is the choice to begin taking a risk.
    #3 is finding a way to stop taking an existing risk.
    #4 is lessening the impact if you lose the risk. (Is "lose the risk" a real term?")
    #5 is spreading the risk to another party (I would assume the party involved in that risk...customer, vendor or partner) and I assume spreading the impact as well.
    #6 is the choice to continue taking a risk after a re-evaluation.
     
  11. charanjit singh

    charanjit singh Member

    Joined:
    Jan 21, 2016
    Messages:
    32
    Likes Received:
    10
    Trophy Points:
    7
    After going through the above, it appears we are loosing sight of the fact that the 'risk' to be considered is "that which affects adversely the scope of our Quality Management System or meeting the objectives of the QMS, and NOT the entire business activities. Unless we limit ourselves to this we shall be going into endless discussions because of a large variety of businesses that we may be involved with.
     
  12. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    An example to the statement "retaining risk by informed decision" can be demonstrated through sampling inspection. When a customer and a supplier agree on an AQL (acceptable quality level/limit), they are both aware that the entire production lot may have some discrepant parts on it but they have to agree on how a lot/batch would be accepted or rejected based on the corresponding sample.
     
  13. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    It's surprising so many people have a difficult time finding real case scenarios that happen on a daily basis.

    When an organization takes an order in that has a short delivery timeframe it's taking a risk of not being able to deliver the product on time. By scheduling for example a second shift, by expediting the delivery of raw materials, by shipping the product by air rather than ground delivery, the organization has decided to take the opportunity while mitigating the risk of not being able to deliver on time.

    Processing of urgent orders is a classical example of managing opportunities while mitigating risks.