Risk Management
Risks and Opportunities
To make it easier for organizations to understand the unique requirements of IATF 16949 from ISO 9001, all supplementary requirements for the Automotive Industry (IATF 16949) will be in italics.
Risk based thinking was first introduced in ISO 9001:2015, of which IATF 16949 is based off of, and now also implements. QMS standards have always advocated mitigating and avoiding risk, before it was referred to as “preventative actions”, as now it is replaced with “actions to address risks and opportunities.”
Addressing a risk in your organization may mean pursuing a new opportunity. Organizations are required during planning of their QMS to address both risks and opportunities. Opportunities can include the adoption of new customers, products, technology or practices.
There are several requirements around risks and opportunities throughout the ISO 9001:2015 standard. The examples in the table below are just some of the clauses that in effect mandate risk management.
ISO 9001:2015 clauses | Comments |
---|---|
4.4 Quality management system and its processes | The overall quality management system (QMS) must consider both risks and opportunities as part of its core planning process. |
5.1 Leadership and commitment | Those who lead the organization must promote risk-based thinking. |
5.1.2 Customer focus | Ensure risks and opportunities that affect customers are determined and addressed. |
6.1 Actions to address risks and opportunities | When planning for the QMS, determine and address risks and opportunities. |
9.1.3 Analysis and evaluation | Evaluate the effectiveness of actions taken to address risks and opportunities. |
10.2 Nonconformity and corrective action | Update risks and opportunities determined during planning, if necessary. |
How to address risks and opportunities?
ISO 9001 requirements that that risks and opportunities do not require a formal risk management system. For 9001 requirements, organizations are required to determine what they are and how they will be addressed. Additionally in IATF 16949, the organization must include in its risk analysis lessons learned from product recalls, audits, returns and repairs, complaints, scrap and rework.
Common methods for identifying and addressing risk include maintaining a risk register, performing FMEA (Failure Mode Effects Analysis) or FTA (Fault Tree Analysis), using a Probability and Impact Matrix, or other risk management exercises.
IATF 16949 provides additional information regarding preventative action.
The organization must determine and implement actions in order to eliminate the causes of any potential nonconformities to prevent their occurrence. The preventative actions should match the seventy of the potential issue.The organization shall establish a process to lessen the impact of negative effects of risk including the following:
- determining potential nonconformities and their causes;
- evaluating the need for action to prevent occurrence of nonconformities;
- determining and implementing action needed;
- documented information of action taken;
- reviewing the effectiveness of the preventive action taken;
- utilizing lessons learned to prevent recurrence in similar processes
Standard Stores is here to help you address Quality Management System management requirements. Since we are in the business of helping companies quickly and cost effectively gain and maintain certification of IATF 16949, we have shaped our document templates, training, software and registration relationships to accommodate risk planning.
If you have not done so already, we encourage you to sign up for our newsletter series to stay abreast of these important changes.
Please note that certain text from the ISO 9001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO) copyright and intellectual property guidelines.