Understanding ISO 9001:2015 Risk-Based Thinking and Requirements

ISO 9001:2015 emphasizes risk-based thinking to help organizations identify potential deviations in processes and quality management systems, enabling the implementation of preventive controls and seizing opportunities. The standard requires organizations to determine risks and opportunities based on their context. External and internal analyses using frameworks like PESTEL and SWOT can further enhance risk assessment and decision-making for quality management. Planning for the quality management system involves addressing risks and opportunities to ensure desired results, enhance effects, prevent undesired outcomes, and drive continuous improvement.

• ISO 9001
• Risk-based thinking
• Quality management
• PESTEL analysis
• SWOT analysis

celestina Follow

Uploaded on Aug 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. ISO 9001:2015 ISO 9001:2015 (RISKs Element) By KAMARRUDIN ALI 18 April 2018

2. ISO 9001:2015 Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise

3. ISO 9001:2015 REQUIREMENTS ISO 9001:2015 requires for the organization to determine the risks and opportunities based on the knowledge of the organization s context (4.1 & 4.2)

4. EXTERNAL ANALYSIS (PESTEL) (including issues from interested parties) Template A NO. ISSUES RISK/OPPORTUNITIES FOR KCDIO 1 POLITICAL Trump s Muslim countries ban (Opportunities) Increase international students application 2 ECONOMIC Reduced operational budget (Risk) could not renew licenses 3 SOCIAL Staffing problem ELB implementation (Risk) Student demonstration 4 TECHNOLOGY Outdated equipment (Risk) MQA accreditation withdrawal 5 ENVIRONMENT Raining season (risk) Flood at certain areas 6 LEGAL Intro of ICGPA stringent procedure in getting VAL. Not following procedures (Risk) Decreasing intake from international students due to implementation of i-CGPA and VAL procedure (Risk) accreditation withdrawal 4

5. Template A INTERNAL ANALYSIS (SWOT) STRENGTH WEAKNESSES Issues Risk/Opportunities Issues Risk/Opportunities 1. 2 1. 2 OPPORTUNITIES THREATS Issues Risk/Opportunities Issues Risk/Opportunities 1. 2 1. 2 Note: As a guide to do a thorough analysis for each of the above quadrants, a normal tool used is FITCOW which is Financial, Infrastructure, Technology, Competency, Operation (Process) and work environment) 5

6. 6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: a) give assurance that the quality management system can achieve its intended result(s); b) enhance desirable effects; c) prevent, or reduce, undesired effects; d) achieve improvement. ISO 9001:2015 REQUIREMENTS

7. Risks are determined to prevent or reduce undesired effects, and to give assurance that quality management system can achieve its intended results. ISO 9001 does not define specific types of risks that need to be determined and addressed Types and categories of risks are commonly used: Identifying Risks Processes: risks of nonconforming output, process breakdown, process inefficiency, excessive variability, etc. risk of defects and non-attainment of specified requirements risk of defects and non-attainment of specified requirements risks to business continuity, data loss, public relations, etc.; Quality: Suppliers: Operation:

8. What about Opportunity? Apart from the risks, the organization has to also identify the opportunities that may come in its way. Opportunities can be in form of adoption of new practices, launching of new products or services, opening new markets, addressing new clients, building partnerships, using new technology and other desirable and viable possibilities to address the organization s or its customers needs.

9. Why Risks are considered? Risk : Effect of uncertainties Risk Level: Likelihood x consequences Risks and opportunities can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed

10. Step 1: Identify the Risk. ... Step 2: Analyze the risk. ... Step 3: Evaluate or Rank the Risk. ... Step 4: Treat the Risk. ... Step 5: Monitor and Review the risk. Managing Risks

11. Brainstorming Environmental/Horizon Scanning Interviews Past data Analysis

12. Causes of Risk Risk Consequence/Impact

13. According to a leading global provider of risk management services AON in their 2011 Global Risk Management Survey (AON, 2013) the top three risks for higher education are ranked as follows: 1. Regulatory and legislative changes 2. Economic slowdown 3. Damage to brand or reputation Online Journal of Applied Knowledge Management, Volume 2, Issue 1, 2014

14. Samples: Common risks Food poisoning Theft Fire Flood

15. Samples: Common risks in University Issue Risks Consequence Measure Student Enrolment unpopular programs bad information about Kulliyyah Low enrollment market research in order to introduce new and update existing study programs Improve quality work of the staff additional activities offered to students, continuous promotions Information System Data Loss due to Technical breakdown Data theft student s dissatisfaction the University s reputation issue financial loss Ensure staff obey the rules on the access to data Acquire appropriate software and hardware train staff periodically test the equipment periodically perform a weekly backup Ensure physical protection of workstation Ensure saving and frequent changing of passwords Do frequent updating of antivirus software avoid using unverified external data media Conduct comprehensive testing and fixing of program flaws

16. Samples: Common risks in University Issue Risks Consequence Measure Teaching low quality of the teaching because of the teaching staff Dissatisfaction bad experience of the students loss of Kulliyyah reputation low enrollment rate hiring the highest quality teaching staff, Continuous assessment of the academic staff s work poor teaching quality due to non- existence or non-use of contemporary devices and electronic means bad experiences of students school reputation low enrollment rate Acquisition of the equipment continuous training of academic staff Student practical: Bad choice of organizations in terms of the activity and process and poor support bad experience of students bad experience of associated from the situation which jeopardize Kulliyyah reputation students awareness about the significance of the practical work and the possibilities it offers (acquiring precious experience, accumulating data for the placement) Financial process Certain programmes could not be run due to budget issue Bad reputation Accreditation withdrawal finding other sources of finance by introducing alternative short programs or courses which are in demand Misappropriation of fund Bad reputation Financial loss Strengthen work process Continuous reminders to staff

17. Samples: Common risks in University Issue Risks Consequence Measure Management Bad assessment of the management in relation to type and content of the study programs High-quality teaching staff leave the Kulliyyah bad results of scientific research work because of the poor quality of the teaching staff or bad support due to lack of funds Programmes run not according to university or government requirements due to bad documentation or awareness impossibility or withdrawal of accreditation bad experience of students lower financial income jeopardized University or Kulliyyah reputation lower enrollment rate introducing or improving a quality system (e.g. ISO) in order to improve University elements in all processes and intensify the conditions for their successful implementation plan for hiring the teaching staff in accordance to the need of the Kulliyyah motivate staff towards further improvement by supporting them to visit conferences, write articles and books, participate in projects, and by awarding them according to an assessment of their work periodical review and update of documents for conducting the Kulliyyah programmes in accordance to practice and update the staff

18. Template C 18

19. Risk Category Risk Category Type Description Losses due to error or misjudgment in the selection of strategy or the execution of the strategy or exposure to loss resulting from a strategy that turns out to be defective or inappropriate Strategic Risk arising from execution of a company's business function which focuses on the risks arising from the people, assets, systems and processes through which the University operates Operations Risk associated with the finances of the Universityy, including loan interest charges, echange rates, taxation, borrowings & credit, government grant, error in asset valuation (over or undervaluation), liabilitiies, spending beyond limit, negative cash flows or any other direct and indirect losses affecting other elemnets of the University's finances Finance Risk of impact to the business attribute/related to the trustworthiness of the business and/or the education industry as a whole Reputation Risk arising from the flow of information and availability of new or existing technology to the business and the impact of it being adopted or not to the business Information Risk due to non-compliance or failure to adhere to sets of rutles and regulation as set out by the University, Government or legislation Regulation

20. Qualitative Measure of Qualitative Measure of Consequences of Likelihood Consequences of Likelihood Level Descriptor Description Probability The event is expected to occur in most circumstances - will occur on an annual basis 5 Almost certain >50% The event will probably occur in most circumstances - will occur once in every 3 years 4 Likely 31% - 50% The event might occur at some time - will occur once in every 10 years The event could occur at some time - will occur in every 20 years 3 Possible 16% - 30% 2 Unlikely 1% - 15% The event may occur only in exceptional circumstances - will occur once in every 50 years 1 Rare <1%

21. Qualitative Measure of Qualitative Measure of Consequences of Impact Consequences of Impact Level Description Example detail description 1 Insignificant No injuries, low financial loss, no risk to reputation. Minor First aid treatment, on-site release immediately contained, medium financial loss, some customer dissatisfaction. Medical treatment required, on-site release contained with outside assistance, high financial loss and public visibility. 2 Minor 3 Moderate Major Extensive injuries, loss of production capability, invocation of disaster recovery with no detrimental effects, major financial loss. 4 Major Death, off-site with detrimental effect, huge financial loss. 5 Catastrophic

22. Quantitative Measure of Quantitative Measure of Consequences of Impact Consequences of Impact Level Description Example detail description 1 Insignificant Nil Negligible 2 Minor Under RM1 mil 3 Moderate Between RM1 mil - RM5 mil 4 Major Between RM5 mil - RM15 mil 5 Catastrophic Above RM15 mil

23. Qualitative Risk Analysis Matrix Qualitative Risk Analysis Matrix Likelihood / Impact 1 2 3 4 5 M L L L L S M M L L H S M M L H H S E H H 5 4 3 2 1 Time Bomb Time Bomb Time Bomb Time Bomb

24. Qualitative Risk Analysis Matrix Qualitative Risk Analysis Matrix 5 4 3 2 1 Likelihood x 2 1 3 4 5 Impact

25. Qualitative Risk Analysis Matrix Qualitative Risk Analysis Matrix Key Description E : Extreme H : High S : Significant M : Medium L : Low Immediately initiate action plan to reduce exposure Develop action plan to reduce exposure Consider if any action plan need to be develop Routine acceptance of the risk. / No action required *Develop action plan to reduce exposure *Are potential catastrophic risks that are not straight forward in ratings *May currently be well managed, but may potentially create significant problems to the organization in future Time Bomb

26. Strategy in Managing Risks Strategy in Managing Risks activities with a high likelihood of loss and large financial impact. The best response is to avoid the activity if cost-benefit analysis determines the cost to mitigate risk is higher than cost to bear the risk, then the best response is to accept and continually monitor the risk. activities with a high likelihood of occurring, but financial impact is small. The best response is to use management control systems to reduce the risk of potential loss activities with low probability of occurring, but with a large financial impact. The best response is to transfer a portion or all of the risk to a third party by purchasing insurance, hedging, outsourcing, or entering into partnerships.

27. Issues/Risks Status Types Issues/Risks Status Types Type Description Open Closed In progress New item identified and awaiting action. Item closed e.g. no longer a concern, rejected, etc. Item undergoing treatment/mitigation activities. Monitoring Treatment/Mitigiation activities complete and being monitored. Item resolved through treatment/mitigation actions and resolution accepted by stakeholders. Resolved

28. Whats next? Having the risks and opportunities identified, a proper plan of actions need to be laid out in order to mitigate these risks and grab the opportunities. Then, from time to time, the organization needs to assess the effectiveness of the actions taken.

29. Template C RISKS SUMMARY (From Risk Register) RISK CATEGORY DESCRIPTION OF RISK RISK REGISTER NO. 1. External Analysis 1. Could renew licence 2. Decreasing intake from international students due to implementation of i-CGPA and VAL procedure 3. MQA accreditation withdrawal R1.1.1 R1.3.3 R1.3.4 2. Internal Analysis 1. Decreasing intake from international students due to stringent procedure in getting VAL. R2.1.1 Please refer to Risk register documents 29

30. Template D OPPORTUNITY SUMMARY CATEGORY TYPE DESCRIPTION OF OPPORTUNITIES OPPORTUNITY REGISTER NO. 1. EXTERNAL ANALYSIS 2. INTERNAL ANALYSIS 30

31. Template E PLANNING TO ADDRESS THE RISKS Risks No: (From Risk Register) Strategy Initiatives Year/ Period PIC KPI Target Achiev ed % of Success 31

32. PLANNING TO ADDRESS THE OPPORTUNITIES Template F Opportunity No: (From Opportunity Summary) Strategy Initiatives Year/ Period PIC KPI Target Achieved % of Success 32

33. Treating Risk & Opportunity Workflow Treating Risk & Opportunity Workflow Identify External & Internal issues, risks and opportunities (including from interested parties) Use Template A Opportunities Risks Use Template D List all risks in Risk Register List all opportunities in summary Analyze Each Risk Use Template B Categorize Risk Categorize Risk (L,M,H,E,TB) Accept Medium, High, Extreme & Time Bomb L = Low Avoid Reduce Transfer Use List all Risks in summary Prepare & Execute Action Plans Template E & F Use Template C Monitor & Review

34. Summary ISO 9001:2015 ISO 9001:2015 - Risk-based thinking standard Intent - To ensure organizations consider risks and opportunities that could affect the results of their plan. Objective Evidence: o Risk & Opportunity Analysis on External and Internal Factors o Risk Profile/Register o Risk & Opportunity Action Plan o Action Plans have been carried out

35. Thank You Thank You