1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risk treatment approach for context and Interested parties?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Qualmx, Oct 24, 2017.

  1. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Hi everybody

    In doing the risk analysis in 4.1 and 4.2, following 6.1, which says we have to
    identify Risk and opportunities in internal/external issues additionally in Interested
    parties.

    I have identified in context (Int/Ext issues) people, competitors and clients,
    but also have found the same in interested parties, but also have detected that in some
    cases the actions are the same for the treatment.

    People
    A In context, people, Risk= people left the company, poor competency
    B In interested parties, Risk= Do not comply people with requirements, law benefits, payments on
    time, etc.
    Treatment
    A, here I have to evaluate what to do, so that people dont leave the company.
    B. here, I have to take actions to cover the people´s needs.
    It seems they are different actions, Ok?

    Competitors
    In context, Risk= Lowering my sales
    In interested parties = requirements, Dont know what may apply
    Dont know what treatment to apply

    Clients

    C- In context, clients, Risk and opportunities= Risk for not delivering good products and opportunity to have more profits.
    D- In interested parties, clients, Risk = to not comply with good products and services, DOT,etc

    Treatment
    C = to apply actions to ensure good products to clients and actions to get more profits
    D =to apply actions to improve my DOT and to improve quality.

    I noticed Actions are the same.

    Questions

    1- Do you think are ok my assumptions ?
    2- Are there cases where the treatment is the same for the same aspect (e.g. clients)
    for context and interested parties?

    Please feed me back.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It seems to me you are over complicating things.
     
  3. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    Problem is that this context and risk stuff is all ivory tower academic MBA type stuff. Not much for the rank and file actually running the business every day. I agree, don't over complicate it.
     
    Qualmx likes this.
  4. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks
    Andy And Golfman

    Please explain why do you think is over complicated?
    I´ll really appreciate your input

    I know you are people with a lot of experience in this field, I really have little experience, and according to some training I ve had and browsing on the web, is the knowledge I have.

    According to what the Standards stress, to Identify context and interested parties
    and that based on some of issues found, we have to develop the strategic direction (high level view)

    So, don´t you think that addressing these issues with no too much importance we may miss
    aspects which really could affect a business?

    In the case I proposed, specifically what would you do at addressing Risk and opportunities?

    Thanks
     
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The standard does not require us to analyze risks on 4.1 and 4.2. It requires us to understand 4.1 and 4.2. Once we have a good grasp of the context of the organization and needs/expectations of interested parties, this understanding will help us "when planning for the QMS" (i.e. 6.1.1). At high level planning, organizations can use tools like SWOT analysis (see 4.1 and 6.1.1 of ISO/TS 9002:2016). In SWOT analysis, the internal issues are usually identified at the Strengths and Weaknesses, while the external issues are identified in the Opportunities and Threats. Typically, organizations can establish their "strategic directions" by using this risk-based thinking tool.

    Then, as one of the planning outputs, measurable quality objectives can then be established to support the high-level strategic directions (see 5.1.1b). These objectives should be developed with the needs/expectations of the interested parties in mind (see 6.2c). This approach can already satisfy the requirements in 4.1, 4.2 and 6.1.1. and completes the first part of planning - i.e. at the strategic level.

    On the operational planning part, RBT can be utilized by using tools like FMEA or a simple Risk Register. Each process can then be analyzed for risks and opportunities in order to determine the controls/actions to ensure that NCs or nonconforming outputs are prevented from happening (see 6.1.1 of ISO/TS 9002). Once the controls/actions are determined, you have to integrate them into your processes (see 6.1.2 and 4.4.1f). Some controls will be specified into your documented procedures. Some will be installed physically.

    I based this RBT approach for QMS Planning from the previous guideline i.e. ISO/TC 176/SC 2/N1283 where one of its slides mentioned:
    upload_2017-10-28_18-48-8.png
     
    SHALINI GUPTA likes this.
  6. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Tonys
    But according to the standard (below) specifically states, consider issues 4.1
    and requirements in 4.2 and determine RYO and you say that "dont Require us to analyze"

    At the en of the first paragraph, you say "Typically, organizations can establish their "strategic directions" by using this risk-based thinking tool".

    Dont understand well, first you say it is not necessary and afterwards it is needed.

    could you explain a little bit more?

    To determine risk in 4.1 and 4.2 or only in planning?

    Im I interpreting the standard in the wrong way?

    Thanks

    6.1.1 When planning for the quality management system, the organization shall consider the issues
    referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that
    need to be addressed
    to:
    a) give assurance that the....
     
  7. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Having more profits is not an opportunity. It is an outcome of recognizing and utilizing opportunities if they help. Opportunities can have their own risks, which are required to be considered.

    Issues are conditions that enable risk. Internal issues for the risk of inadequate personnel can be aging employees and/or rigorous competition for skilled personnel. An opportunity could be to use temporary or contract labor, but there is a risk those persons will disappear and once again leave you without adequate skills. Profit can be the partial result of lowering turnover costs - it is expensive to constantly be replacing people.

    Does this help?
     
  8. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Jenni


    Maybe Im not doing the question correctly

    I´ll explain:
    I already have 9001:2008 and go to 2015
    I already have the 4.1 ( a list) I used SWOT (internal/external issues) positive and negative, where O and S are my positive and T and W are my negative.
    Also have defined my interested parties (internal and external)
    Next I´ll start to detect R&O, additionally I implemented a procedure to manage the risks and opportunities by using Ishikawa.
    My plans is to start the risks detection in issues (4.1) one by one,e.g. ext/Client, goverment,economical,suppliers,etc., Int/ employees, Top management,etc.

    Then detection in interested parties (one by one),e.g. clients, suppliers,insurance,etc.

    Then to detect R&O in Processes, e.g. (Sales, Purchasing),etc.

    All detected risk will have its proper analysis with mitigation plans, and registered in a master lists.

    So the direct question is:

    Should I do the risk detection in 4.1 then in 4.2, then processes?
    Or
    only in processes according what Tony s Recommended considered 4.1 and 4.2 as a reference ?

    I ´d suppose that at doing the risk detection in 4.1 and 4.2, most of the risks in processes could be covered when they be analysed, and maybe more effectives because are risk in high level.

    As an example: if I analyze as negative in SWOT OTD, maybe would need strong mitigation plans in all the processes, compared if OTD is considered in one process, maybe will be addresses as a minor problem.
    is my thought.


    Hope I have explained well

    Thanks
     
  9. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    There it is! 6.1.1 started the statement - "WHEN PLANNING FOR THE QUALITY MANAGEMENT SYSTEM...". Thus, if you are planning STRATEGICALLY - you can use RBT tools like SWOT. Then, if you are planning OPERATIONALLY - you can use FMEA or Risk Registers.

    SWOT analysis will already satisfy 4.1 since internal issues can be included in the Strengths and Weaknesses, while external issues can be included in the Opportunities and Threats. By using SWOT, you can establish your organization's "strategic directions". Quality objectives can then be set to support the strategic directions. However, when you are establishing your quality objectives, you should always consider 4.2. This approach will help you in satisfying 6.1.1.

    To help in satisfying 6.1.2, I use tools like FMEA or Risk Registers during operational planning. The actions/controls determined by using these tools are incorporated into the processes.
    The standard does not require.
    See clauses 4.4.1f, 6.1.1 and 6.1.2b.1 including 10.2.1e - to establish a sound answer. Notice also that these risks/opportunities/actions are determined/updated during "planning" (6.1.2 starts the statement "The organization shall plan..." and 10.2.1e specifies "update risks and opportunities determined during planning...")
     
    Jennifer Kirley and Qualmx like this.
  10. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Tony s

    I really appreciate your patience, but still a doubt, if In SWOT I detected threats and weaknesses, why not to analyze them with FMEA or other tool? you say is not required, if it is clear those are important negative issues?
    Or when will be analyzed



    Thanks
     
  11. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Tonys

    Or the risk detected in Interested parties, when will be analyzed?

    Thanks
     
  12. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Don't need to analyze the Threats and Weaknesses further. You should act on them. "Threats" in the SWOT analysis is equivalent to "risks". I based this assumption from the definition of section 3.2.11 of ISO 14001:2015 of "risks and opportunities" i.e. "potential adverse effects (threats) and potential beneficial effects (opportunities)".
    Actually, the standard requires us to understand the needs and expectations of interested parties (see 4.2). Thus, "when planning for the QMS" (see 6.1.1), risks and opportunities that need to be addressed to fulfill these needs and expectations should be determined. To satisfy this, the RBT tools (e.g. FMEA) for OPERATIONAL planning (see 6.1.2) come in handy.
     
  13. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thank you so much, Tony s, have received much of help from all of you.
     
    tony s and Atul Khandekar like this.
  14. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Not everything works well in FMEA - management system processes like Human Resources could be better approached with SWOT.

    Please do not make this harder than is needed. I have a sense you are already doing it - the question is, how to demonstrate it to the auditor?

    Internal audits can verify effectiveness of actions to reduce risks, as can Gemba walks and housekeeping checklists. Report the results to Management Review, or in a lower-level venue (nothing requires all of the 9.3 subclauses to be included in the top management meeting). That said, some risks are of direct risk to top management so these should be considered, acted on if deemed appropriate, then results reported back. Plan, Do, Check, Act.
     
    Qualmx likes this.
  15. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Qualmx: Let me explain an approach to risk based thinking, which is all that's required, since from all your posts you seem (at least to me) to be making too much work for something which is a very simple thing. ISO 9001 isn't rocket science and the requirement to address risk and opportunity isn't about grabbing at tools which are thrown together. You posts suggest you are confused about what to do. It's much simpler than you think:

    I recently started riding a motorcycle. I haven't ridden one for 40 years. Do I have to think about risks? If I want to enjoy my rides I do. Some risks I am prepared to accept. They come with riding a motorcycle. Others, I can work on to reduce. I ride with a big gap from other vehicles when in traffic, keeping my eyes open for people using cell phones. Some risks I can avoid. So, I rarely ride in the wet or late at night when deer are crossing the road etc. I wear a helmet and other protective clothing. I attended a safety training course.

    Did I do a SWOT analysis or complete a risk assessment? No.

    All that's needed is that an organization identify internal and external issues which can affect the results of the QMS. A SWOT is good for this. In doing so, it's likely the leadership will see one or two things they agree represents a risk if they don't get a plan together. For example, here in the USA, finding skilled machinists is a problem (for everyone). So, it's a risk. There aren't schools which provide even basic workshop skills any more. Organizations are realizing that they have to develop skills training programs (apprenticeships) to take high school leavers and train them. Looking at 6.1, it means they have to have a plan and develop the quality system processes to deal with this issue. Most organizations have a basic training procedure for on-boarding and on-the-job training, but not for developing skills over a period of 2, 3 or 4 years. THAT's an example of what ISO 9001 is requiring.
     
    Qualmx and Jennifer Kirley like this.
  16. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    Not to hijack, but schooling and training programs are quickly being ramped back up. We have at least 19 high schools in my area that have some type of machining program. With more developing them. Also community colleges are ramping up. The real issue is the students to fill them. Back to your regular programming.
     
  17. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    And there you have opportunities to go along with risk. Then the opportunity carries a risk, which could be not knowing about the employer once finishing technical school. A lot of my clients deal with that by working with the colleges: providing inputs for training needs, taking interns and establishing themselves with the school's placement services. None of this needed an FMEA or even a SWOT to convince me there was risk-based thinking and consideration of interested parties' needs and wants.
     
    Qualmx likes this.
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    For clarification, when I write "schools" I'm thinking "high schools" for USicans. In the UK "school" comes before "college" and "university", in general terms. Most high schools, if I understand what I'm being told, don't offer much in the way of hands-on technical education, like I had in the UK, where I had 2 years of "workshop" which included lathe work, press drills, brazing/heat treatment, forging and basic hand tool experience.
     
  19. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    That's really nice for a senior high program. I just hope we have those in my country.
     
    Andy Nichols likes this.
  20. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    There are a number of technical secondary-level schools. I did my student teaching in one of them in Maine. At the time, interest was low as the parents were discouraging their kids from going into manufacturing. With the current push to herd young people into charter schools, I am not sure what secondary level vocational education will look like in the near future.