Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risk and Issue must have one-to-one correspondence

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by tony s, Aug 27, 2019.

  1. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,001
    Likes Received:
    749
    Trophy Points:
    112
    Location:
    Laguna Philippines
    In one lively debate with a CB auditor about the requirements in clause 6.1.1, he asserted that "for every identified issue (internal/external), risk/s must be identified". I dissent with his interpretation. What's your take on this?
     
  2. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    785
    Likes Received:
    892
    Trophy Points:
    92
    Location:
    Ontario, Canada
    Why do you disagree? Why does he say otherwise?
     
  3. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,001
    Likes Received:
    749
    Trophy Points:
    112
    Location:
    Laguna Philippines
    According to him, 6.1.1 says "shall consider the issues...and determine the risks and opportunities that need to be addressed..."

    My stand is the word "consider" is not mandatory and there's no categorical statement in the standard that risks must be identified from the issues.
     
  4. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    618
    Likes Received:
    297
    Trophy Points:
    62
    I think you're parsing "consider" too much. But I don't think it requires a one-to-one risk evaluation. I view it as more of a global analysis. It's the old SWOT analysis.
     
    tony s likes this.
  5. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    436
    Likes Received:
    471
    Trophy Points:
    62
    Location:
    Maine
    I don’t like the word “issue” :confused: What the heck is meant by an issue? (I have a friend who states that only people have issues, equipment have problems)

    Also per the dictionary definition of “consider”, you would only have to think about not necessarily do anything or even enumerate each risk or opportunity...for every little thing.
     
    tony s likes this.
  6. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    785
    Likes Received:
    892
    Trophy Points:
    92
    Location:
    Ontario, Canada
    While I'm not going to pick a side here, I'd like to point out that based the 6.1.1 statement provided by Tony, it's the issues that are to be considered, NOT the risks. Now it also says that that risks that need to be addressed, so if it ain't there then it ain't going to be addressed.
     
    tony s likes this.
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,000
    Likes Received:
    1,535
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    To quote an English expression: "He's talking bollocks"...

    He's clearly incompetent to be discussing risks and doesn't realize you have the opportunity to boot him through the door...
     
    tony s likes this.
  8. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,001
    Likes Received:
    749
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Could be. But I make use of the concepts and definition of terms of ISO standards.

    Annex A.3 of ISO 14001:2015 says: The word "consider" means it is necessary to think about the topic but it can be excluded; whereas "take into account" means it is necessary to think about the topic but it cannot be excluded.

    Annex A.3 of ISO 45001:2018 says: The word "consider" means it is necessary to think about but can be excluded, whereas "take into account" means it is necessary to think about but cannot be excluded.
     
    Andy Nichols likes this.
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,000
    Likes Received:
    1,535
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    "Issue, issue, all fall down"... Which bit don't you understand, Bev? :D
     
  10. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    397
    Likes Received:
    48
    Trophy Points:
    27
    Location:
    Mexico
    Not exactly risk, remember positive or negative, it may be an opportunity, but also it States somewhere which are pertinent, if is mentioned, is pertinent and you have to do something.
    I'm I wrong?
     
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,000
    Likes Received:
    1,535
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Risks are risks, opportunities are opportunities. Don't confuse the two.
     
  12. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,001
    Likes Received:
    749
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Stated where? You have to be specific.
     
  13. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    397
    Likes Received:
    48
    Trophy Points:
    27
    Location:
    Mexico
    Sorry is "shall determine external and internal issues that are relevant "
    So, If it was included, was relevant, then , by using swot, You could have strength, weakness, opportunity and threat.
    So , for each issue, you evaluated and identified if it was a risk, then I think your cb auditor is right, is my opinion.
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,000
    Likes Received:
    1,535
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I believe you are complicating things (again). If opportunities were risks, the standard wouldn't need to use different words would it? It isn't a one-for-one relationship, which is what the auditor is looking for (in error).

    You are also overlooking HOW risks and opportunities are managed. Some opportunities don't have to be taken. The auditor is looking at this as if it's more complex than it needs to be. Keep reminding yourself that it was written to be used in places which lack sophistication and it becomes simpler.
     
  15. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,001
    Likes Received:
    749
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Can't find the SHALL in the standard. Where is it stated that we have to identify risk/s for each issue?
     
    Andy Nichols likes this.
  16. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    436
    Likes Received:
    471
    Trophy Points:
    62
    Location:
    Maine
    Andy is correct, risk and opportunity are descriptors of the effect of an event, action or situation. Any event or action or situation can pose both risk (something bad) and opportunity (something good).
    Tony is also correct that you don’t have to ‘do something’ about every thing. There is no requirement for that.
     
    tony s and Andy Nichols like this.
  17. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    272
    Likes Received:
    160
    Trophy Points:
    42
    Interesting conversation.
    I would add that the key word is not "consider" but "needs" (i.e. 6.1.1 "...the ORGANIZATION shall...determine the risks and opportunities that NEED to be addressed..."

    The organization shall determine, not the auditor.

    In regards to "issues"...
    4.1 NOTE 1: Issues can include positive and negative factors..."

    In summary, the standard clearly does not require ..."for every identified issue (internal/external), risk/s must be identified".
     
    tony s and Andy Nichols like this.
  18. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    397
    Likes Received:
    48
    Trophy Points:
    27
    Location:
    Mexico
    Sorry , you all are right, I was confused with the term identified.
     

Share This Page