Why organisations should avoid qualitative ISO 9001:2015 risk-based thinking

ISO Sign Post 1

The recent release of ISO 9001:2015 finds many organisations at the crossroads when deciding how to conform to the standard’s new risk-based thinking requirements.

One option is to continue doing what they have done in the past; a road that brings with it suboptimal process monitoring and control, and an increased likelihood that poor compliance performance will go unnoticed until something major goes wrong.

Alternatively, they can choose to move beyond the traditional qualitative risk-based thinking approach to create a new quantitative paradigm.

Qualitative or Quantitative?

Organisations have two basic choices when it comes to the application of risk-based thinking (i) qualitative or (ii) quantitative.   The standard doesn’t specify which approach an organisation should use. The only prerequisite is it must be consistent with their internal and external risk context.

Both approaches have their benefits and weakness.  The major difference is that qualitative risk-based thinking relies on people’s opinions to assess risk levels, whereas quantitative risk-based thinking uses hard empirical data.

There’s little doubt the simplicity and straightforwardness of the subjective approach will attract many organisations.   But before setting off down this road, management need to be mindful of a number of potential pitfalls that could prevent their organisation reaching its intended destination.

The biggest pitfall associated with qualitative risk-based thinking is its subjective. Therefore, risk assessment accuracy is often inconsistent; especially for large organisations with multiple processes and suppliers. This can easily lead to suboptimal quality monitoring and control, with little or no improvement in performance over time.

The inherent weaknesses of qualitative risk-based thinking are highlighted by US author and quality guru H. James Harington;

“Measurement is the first step that leads to control and eventually to improvement.  If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.”

Quantitative Risk-based Thinking

Quantitative risk-based thinking addresses many of the weaknesses associated with qualitative risk-based thinking by objectively measuring the type (consequence) and rate (likelihood) of product and service non-compliance.

Quantitative risk-based thinking enables organisations to;

  • Accurately assess whether their non-compliance risks have exceeded acceptable limits,
  • Allocate the appropriate level of monitoring rigor to each process and supplier,
  • Control risks levels by rejecting, reworking, or replacing unacceptable products and service,
  • Improve quality performance by focusing resources on worse performing processes and suppliers.


Implementation Options

The simplest and most effective quantitative risk monitoring and control solution is 100% inspection.   But this is impractical for most organisations; especially those operating in the service-sector.   A more affordable alternative is some type of statistical sampling.

As it turns out, there are a number of statistical-based sampling systems that already have a proven track-record helping organisations achieve ISO 9001 conformance.  Not unsurprisingly, most of these system already use risk-based thinking methods to optimise quality monitoring and control.  The most popular of these systems is “Sampling procedures for inspection by attributes”.

What makes this particular system so popular is it’s easy-to-understand and suitable for both product and service-based applications.  It also happens to be published by most Standards Bodies worldwide. 

Some of the system’s key features and benefits include;

  • It objectively assesses the risk level of continuously produced batches of products by analysing the type and number of non-compliances found in a much smaller statistically-calculated sample,
  • Risk levels are effectively controlled by rejecting, reworking and/or replacing “unacceptable” batches that exceeded an organisation’s defined risk limits,
  • Process and supplier monitoring is optimised by objectively evaluating the risk performance of each process and supplier and adjusting its sampling intensity accordingly,
  • Continuous improvement is facilitated by enabling management to objectively assess and compare the risk control performance of different processes and suppliers.

Taking the Next Step

A growing number of organisations are starting to acknowledge that more effective risk monitoring and control is fundamental their future competitiveness and success.

The good news is that recent advancement in cloud-based software means it’s never been easier, or more affordable, for organisations to implement a quantitative ISO 9001:2015 risk-based thinking system.

If you’d like to learn more about how your organisation can take advantage of the very latest in ISO 9001:2015 risk-based thinking software, please click on this link or visit our website at www.compliance-master.com.

Leave a Reply

Your email address will not be published. Required fields are marked *