SlideShare a Scribd company logo

Topic 1 - Risk Auditing 1-17.pdf

J
Javier138365

The document discusses auditing risk processes in ISO 9001:2015. It introduces the concept of risk and discusses why risk is an important but complex topic. It then covers auditing risk in the ISO standard, including the impact of outcomes, different audit methodologies, and how to apply auditing to risk threads. Finally, it discusses risk management processes and three perspectives on risk: within processes, related to products and services, and technical risks. The document provides information to help auditors understand and evaluate risk processes.

Environment
1 of 39
Download to read offline
Risk & Auditing Risk Risk Processes in ISO 9001:2015
Introduction to Risk • Why Are We Discussing Risk Again ?? – Can Be a Complex Concept – Difficult to Understand & Distributed Across the Std. – Difficult to Explain to Customers – Need to Continue to Expand our Audit Skills and Learn from Each Other
Auditing Risk in the ISO 9001:2015 • Short Revisit –Risk Perspectives –Risk in the ISO Standard • Auditing Risk –Impact of Outcomes –Audit Methodologies –Auditing Threads –Application to Risk • Case Studies
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
• Risk Planning (Organizational Plan) – The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. • Risk Identification (When & Where) – The step of discovering and defining all risks inherent in your program or project. • Risk Assessment (Who) – The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. • Risk Handling (Decisions & Actions) – The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. • Risk Monitoring – The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process. Risk Management Processes
Plan Do Check Act Risk Management Process - Risk PDCA - •Mitigation •Acceptance •Transfer •Etc.
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
Product/Service & Technical Risk • Complexity of Design • Criticality of Product/Service for End Use • New or Unproven Process or Technology • Organizational Capability to Design or Build Product/Service – New or Unproven Process to Organization – New Technology to Company • Others??
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
• Here is Where “Risk Based Thinking” Strongly Applies – See a Risk >> Do Something about it. – Identify and Communicate Risk Based Thinking, Decisions & Behaviors • Risk Understanding – Thinking & Awareness – Understanding the Risks and How they affect your Function or Process • Risk Based Decision Making – Making Choices on Handling Risk
Risk Management Processes Theory Applied Risk Mitigation Behaviors within a process Product & Service Technical Risks
• Identification (including Analysis & Prioritization) – Discovering and defining risks inherent in your program, project, process, or task. • Communication – Communicating Risks to all Relevant Individuals and Processes • Risk Understanding – Understanding the Risks and How they affect your Function or Process • Decision Making (Risk Based) – Making Choices on application of ‘Individual Options’ and ‘Process Options’ • Risk Behaviors – Knowledge of Identified Risks – Knowledge of Process Options – Application of Identified Risk Topics to ‘Process Options’ Risk Based Decisions & Behaviors
Proposal Contract Design Manufact. Product Delivery Integrate Purchasing All Requirements are not created equal Monitoring and Inspection Activities Operational Options that Need Risk Oriented Decisions associated with Critical Requirements •Design Approach •V&V Approach •Monitor & Insp. Approach •Supplier Oversight RFQ Suppliers Communication of Supplier Requirements -Key Characteristics- Requirements & Risk Based Decisions Where Identified How Communicated What Decisions
Risk Concept ISO 9001:2015 • Standard Process With Inputs & Outputs P O I R Risk Input In Step Prevention Down Stream Prevention Risk PDCA in Incremental Process Steps • Monitoring & Improving • Risk Input to Process Visually Separated • Risk Analysis, Plan & Handling • Handling Risk within Process Step & Down Stream Process Step Risk Decisions Lessons Learned
Risk Identification & Decisions P O I R P O I R P O I R P O I R INPUTS •Customer •Regulatory •Known OUTPUTS •Product •Service •Good Product •No Escapes •On-Time •On- Budget Managing Risks to Process EFFECTIVENESS Multiple Prevention opportunity Options per Step
What Does the Standard Say
Risk & Risk Like Wording • Any Risk Impacted Processes Not Apparent or Weak?? • Cust. Reqts/Cont. Review (8.2) • Purchasing/Supplier Management (8.4) • Production Provision (8.5.1) Subject DIS Ref. Topic Risk Complex Impact Effect Likelihood Conseqnce Prevent Mitigate Control Constraint Contingency Essential Reliable QMS Plan/Change 6.1/6.1.2/6.3 QMS Plan, Control & Changes X X X X X X Customer 4.2 5.1.2 8.2 Cust, Stat, Reg Requirements Customer Focus Customer Requirements X X X Design 8.3.2 - 8.3.6 Planning, Input & Changes X X X X X X External Providers 8.4.1-3 Control of Ext. Suppliers X X Ops Plan/Control 8.1 8.5.1-6 8.7 Ops Planning & Control Production Provision NC Control X X X X X X X X X X QMS Processes 4.4/5.5.1 9.1.3 9.3.2 10.1-2 10.2.1 QMS Processes Analysis Management Review Improvement NC & CA X X X X X X X X X QMS Support 7.1 7.2/7.3 7.5 Resources Competence/Awareness Documented Information X X X X X X X
Risk Wording Observances • Risk is: • Explicit in Specific & Overarching Sections of Standard • Implicit in Across a Wide Range of the Standard • Have to Link Overarching Explicit Sections to Some Implicit Sections Where Risk Application is Important • 4.4.1.f – Risk Process Applicability Across Entire QMS • 6.1 – Risk & Opportunities Inclusion In QMS Planning • 8.1 – Risk Emphasis in Operational Planning & Control
Variable Risk Application Approach Varying Applicability to Different Functions (ISO 9001 A.4 ) – Not all process of a QMS represent the same level of Risk in terms of the organizations ability to meet its objectives, an the effects of uncertainty are not the same on all organizations Type Project Production Service Size Large Medium Small Product X X X Process X X X People X X X How Does Risk Approach Vary?. • Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. • Audit Approach & Questioning Will Need to Vary Also.
ISO 9001 – 6.1.2 Actions to Address Risk & Opportunity Processes Behaviors/ Decisions The organization shall plan: a) actions to address these risks and opportunities; b) how to: 1) integrate and implement the actions into its quality management system processes (see 4.4); 2) evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services. NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. Decision Options Key Points – Explicit or Implicit ??? • Establishes a Risk Approach Within the QMS Infrastructure (4.4) • Establishes Requirement for Risk Based Decisions Associated with Product And Services • Others ??
ISO 9001 – 8.1 Operational Planning & Control 8.1 Operational Planning & Control The organization shall plan, implement and control the processes (see 4.4) needed to meet requirements for the provision of products and services and to implement the actions determined in 6, by: a) determining requirements ……….; b) establishing criteria for the processes and for the acceptance ……….; c) determining the resources needed to achieve conformity to ………. requirements; d) implementing control of the processes in accordance with the criteria; e) retaining documented information to the extent necessary ………. The output of this planning shall be suitable for the organization's operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. Key Points – Explicit or Implicit ??? Identify Decisions Decisions Communicate Action Process Decisions Action • Establishes Requirement for Risk Based Actions (6.1) • Operational Planning With Risk Based Decisions Across ‘Realization Process’ (8.1) • Others ??
ISO 9001 – 8.1 Other Risk Phrases of Interest 8.4.2 Type and Extent of Control of External Provision The Organization shall ensure that externally provided processes, products & services do not adversely affect……. The Organization shall: b)Define controls it intends to apply…….. c)Take into consideration the potential Impacts…… as well as the effectivenss of controls…… d)Determine the verification activities necessary to ensure ……. Key Points – Explicit or Implicit ??? Decisions Understand Decision Understand • Decision on Controls tied to impact of Supplier on Product • Variable Methods for Verification tied to Ensuring Supplier Does Not Have an Adverse affect to Organizations Product/Service. • Others??
ISO 9001 Other Risk Phrases of Interest 8.2.1 Customer communication Communication with the customers shall include: e) specific requirements for contingency actions, when relevant. 8.3.2 Design and development planning In determining the stages and controls for design and development, the organization shall consider: a)the nature, duration and complexity of the design and development activities f)the need to control interfaces between persons involved in D&D i)The level of control expected for D&D processes by Customer & Int. Parties 8.3.3 Design and development Inputs The organization shall determine requirements essential for the specific type of products and services being designed and developed. The Organization shall Consider a) functional and performance requirements; e) the potential consequences of failure due to the nature of the products and services; Key Points – Explicit or Implicit ??? Identify Communicate Identify Identify • Risk Associated Wording. Not Strongly Tied to Decisions or Actions. Decision
Auditing Risk The Swiss Cheese Way
Introduction to Auditing Risk • Who has Audited to the New Standards? – How are the Customers Adapting to Risk Based Thinking? – Any Unique Applications? • What Are Your Experiences With Auditing Risk ? – Explicit Wording Areas (Sections 4.4.1, 6.1, 8.1) – Implicit Wording Areas • Any Risk Based NC’s? • Have You had to Change Anything About Your Audit Approach • Let’s Explore Options for Auditing Risk in the New Standard!!
• Needs for an Audit Strategy • For Compliance to Risk Requirements • For Effectiveness of Risk Processes • Implicit Risk Requirements -vs- Explicit Risk Requirements • Needs for an Audit Approach • Audit Planning & Sequence • Audit Technique & Line of Questioning • May Need to Alter Audit Approach & Focal Areas – Minimal Solid Requirements • 9.3.2.e - Risk In Man. Rev. • 9.3.3 - Retained Doc. Info. – Wide Application Of Risk • Process, Capabilities, Controls • Culture?? – Where in the Standard (4.1 Note 3 Context) – How to Audit Introduction to Auditing Risk
Back To The Basics • What Are Auditing Basics • 2 Eyes, 2 Ears, 1 Mouth – Use them in proportion • Open Ended Questions • IAF – Expected Outcomes http://www.iaf.nu/upFiles/IAF9001expectedoutcomes0112.pdf • An organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. • What Are Auditor Methods • Down-stream • Up-stream • Cannonball • What Are Auditor Sampling Approaches • Random • Biased • (e.g., focusing on the results of performance / effectiveness metrics, focusing on specific customers) • Comparative • (e.g., comparing the work performed with procedures, verifying consistency between workers) • Which Are the Best Methods, Approaches and Techniques to Use For Various Risk Auditing Situations??
Auditing Risk – Building Blocks • Audit For Risk in Process Model • Context of Organization & Interested Party Impacts • How Risk Can Impact Compliance and Effectiveness • Occurrence –v– Recurrence Focus in Risk Auditing • Understanding Requirements Threads • Individual Requirements Weave Together to Form Cross Cutting Larger Requirements • Understand Best Strategy for Auditing Risk For Various Scenarios • What is the Audit Goal – IAF Expected Outcomes • Which Sampling Technique to Use • What Audit Paths to Focus on • How to Combine Techniques and Paths for Maximum Effectiveness • Where to Start!! • What is Best Entry Point for Auditing Risk in an Organizations Management System
Risk and Down Stream Audit Approach • What is Downstream Auditing • Start at the Beginning of a Process and Follow Trails to End of Process(s) • What Are Strengths & Weaknesses • Good for Following Planning to Outcome Trail (PDCA) • Can Be Weak for Auditing Outcomes • Other • How To Use For Auditing ‘Risk Based Thinking’ • Follow PDCA Trail • Look at Leading Indicators for Potential of Risk Impacts to Process • Look for Risk ID, Communication & Understanding for Prevention of Occurrence • Use Comparative Sampling to Evaluate Consistency of Risk Based Thinking • Other? Prevent Control Mitigate Emergency Audit Trail
Down-Stream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) How Do Process Owners Understand Context, Requirements, Capabilities, Regulatory, etc. and Determine Risks and Plan for Prevention Actions for Appropriate Steps of the Process Audit Trail
Risk and Up-Stream Audit Approach Prevent Control Mitigate Emergency Audit Trail • What is Up-stream Auditing • Start at the End of a Process and Follow Trails to Earlier Stage of Process(s) • What Are Strengths & Weaknesses • Good for Following Trails on Adverse Process Outcomes (CAPD) • Supportive of IAF Expectations on ‘Expected Outcomes’ • Potential for Not Understanding Full Process Before Starting the Audit Trail. • How To Use For Auditing ‘Risk Based Thinking’ • Use Biased Sampling and Start with a ‘Known’ Negative Issue or Lagging Indicators Showing ‘Unintended Outcomes’ • Follow Trail Back to Planning and Decisions • How Where Potential Risk were ID, Communication & Understood • Were Appropriate Risk Decisions Applied Based On Understanding of Risk • Look for How Risk ID, Communication & Understanding will be used for Prevention of Recurrence • Note - Comparative Sampling can then be used to determine if other personnel are applying similar ‘Risk Based Thinking’ • Other?
Upstream Auditing & the “Turtle “ Model ? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) If defect sent to Cust, Where did risk thinking fail?? Same Scenario if Internal Data shows an adverse issue Audit Trail
Risk Case Studies • What Have We Covered? – General Discussion on Risk Theories – Risk Wording in ISO 9001:2015 Standard – Audit Strategies, Methods and Techniques Associated with Risk Based Thinking • Time to put your Auditor Hats Back On – Case Studies
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) Audit Trail You are auditing a Company that designs and manufactures valves and other pressure related piping components for commercial industries. From the Management Interview, you find that the organization is branching out into the Chemical Processing industry which is new to the organization. You have selected a contract that is for supplying valves to a customer involved in chemical processing. During your audit of this contract you are told that the customer is looking to use these valves for a chemical process that they have not been used for in the past.
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) During the audit you find that the customer rejected a lot of 50 valves due to lack of material certifications that were required by chemical industry codes referenced in the customer’s contract. You also find that the organizations Purchasing Department was not aware that they needed to specifically request material certifications from the supplier, but had referenced the Chemical industry codes to their supplier. Audit Trail
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) In review of Inspection data from the weekly Manufacturing Department report, you see an increasing trend of workmanship nonconformances and scrap dispositions. In follow-up questions, you find that no apparent changes are being made to the manufacturing process. Audit Trail
What’s Next • Understanding the Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle • Educate Yourself on the Broadness of Risk Applicability in a QMS • Develop Sensible But Meaningful Approaches to Auditing Risk • Auditing Homework • Get Comfortable with the Risk Wording in the Standards • Develop Concepts On Audit Strategy & Planning • Determine Approaches for Auditor/Auditee Engagements • Down Stream & Up stream Audit Paths • Comparative & Biased Sampling • Ask Questions We Always Learning
?? Questions ?? Risk & Cheese

Recommended

Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
HimanshuMishra203021
 
ISO 9001 2015 Overview presentation
ISO 9001 2015 Overview presentation ISO 9001 2015 Overview presentation
ISO 9001 2015 Overview presentation
Govind Ramu
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Praneet Surti
 
PECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk AssessmentPECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk Assessment
PECB
 
ISO-9001-2015-training.pptx
ISO-9001-2015-training.pptxISO-9001-2015-training.pptx
ISO-9001-2015-training.pptx
WilfredoMina1
 
Iso 9001-2015-training
Iso 9001-2015-trainingIso 9001-2015-training
Iso 9001-2015-training
Umesh Hajare
 
Iso 9001-2015-training
Iso 9001-2015-trainingIso 9001-2015-training
Iso 9001-2015-training
JPPaner
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management System
SARWAR SALAM
 

Recommended

Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
HimanshuMishra203021
 
ISO 9001 2015 Overview presentation
ISO 9001 2015 Overview presentation ISO 9001 2015 Overview presentation
ISO 9001 2015 Overview presentation
Govind Ramu
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Praneet Surti
 
PECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk AssessmentPECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk Assessment
PECB
 
ISO-9001-2015-training.pptx
ISO-9001-2015-training.pptxISO-9001-2015-training.pptx
ISO-9001-2015-training.pptx
WilfredoMina1
 
Iso 9001-2015-training
Iso 9001-2015-trainingIso 9001-2015-training
Iso 9001-2015-training
Umesh Hajare
 
Iso 9001-2015-training
Iso 9001-2015-trainingIso 9001-2015-training
Iso 9001-2015-training
JPPaner
 
A brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management SystemA brief Introduction to ISO 9001 2015-Quality Management System
A brief Introduction to ISO 9001 2015-Quality Management System
SARWAR SALAM
 
QMS Risk Workshop.pptx
QMS Risk Workshop.pptxQMS Risk Workshop.pptx
QMS Risk Workshop.pptx
SITTIEBADRIADATUDACU1
 
Game Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational ExcellenceGame Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational Excellence
kushshah
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Risk-Management-in-ISO-9001.pdf
Risk-Management-in-ISO-9001.pdfRisk-Management-in-ISO-9001.pdf
Risk-Management-in-ISO-9001.pdf
ukavathekar
 
Focus your investments in innovations
Focus your investments in innovationsFocus your investments in innovations
Focus your investments in innovations
Kobi Vider
 
Risk management in pharmaceutical Industry
Risk management in pharmaceutical IndustryRisk management in pharmaceutical Industry
Risk management in pharmaceutical Industry
Mahesh shinde
 
Types of Management
Types of ManagementTypes of Management
Types of Management
haroldtaylor1113
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation
Govind Ramu
 
Quality management system(qrm)
Quality management system(qrm)Quality management system(qrm)
Quality management system(qrm)
DPSRU,NEW DELHI
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
Amit Patil
 
Outsourcing Risk Management
Outsourcing Risk ManagementOutsourcing Risk Management
Outsourcing Risk Management
PECB
 
Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committee
Hpm India
 
ISO9001 2015 Quality Manual template
ISO9001 2015 Quality Manual templateISO9001 2015 Quality Manual template
ISO9001 2015 Quality Manual template
Ryan Chen
 
Risk based thinking ppt mal
Risk based thinking ppt malRisk based thinking ppt mal
Risk based thinking ppt mal
michaelnano79
 
ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?
PECB
 
ISO 9001:2015 Review and Why It Is Good (10/28/16)
ISO 9001:2015 Review and Why It Is Good (10/28/16)ISO 9001:2015 Review and Why It Is Good (10/28/16)
ISO 9001:2015 Review and Why It Is Good (10/28/16)
Colin Gray
 
Review of Enterprise Security Risk Management
Review of Enterprise Security Risk ManagementReview of Enterprise Security Risk Management
Review of Enterprise Security Risk Management
Rand W. Hirt
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
Greenlight Guru
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
Nathan Anderson
 
Evaluation_Training.pptx
Evaluation_Training.pptxEvaluation_Training.pptx
Evaluation_Training.pptx
lovelampsys
 
Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your AreaVip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
meghakumariji156
 
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
kumargunjan9515
 

More Related Content

Similar to Topic 1 - Risk Auditing 1-17.pdf

Game Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational ExcellenceGame Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational Excellence
kushshah
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
Focus your investments in innovations
Focus your investments in innovationsFocus your investments in innovations
Focus your investments in innovations
Kobi Vider
 
Outsourcing Risk Management
Outsourcing Risk ManagementOutsourcing Risk Management
Outsourcing Risk Management
PECB
 
ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?
PECB
 
Review of Enterprise Security Risk Management
Review of Enterprise Security Risk ManagementReview of Enterprise Security Risk Management
Review of Enterprise Security Risk Management
Rand W. Hirt
 

Similar to Topic 1 - Risk Auditing 1-17.pdf (20)

QMS Risk Workshop.pptx
QMS Risk Workshop.pptxQMS Risk Workshop.pptx
QMS Risk Workshop.pptx
 
Game Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational ExcellenceGame Changing Quality Strategies that Drive Organizational Excellence
Game Changing Quality Strategies that Drive Organizational Excellence
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Risk-Management-in-ISO-9001.pdf
Risk-Management-in-ISO-9001.pdfRisk-Management-in-ISO-9001.pdf
Risk-Management-in-ISO-9001.pdf
 
Focus your investments in innovations
Focus your investments in innovationsFocus your investments in innovations
Focus your investments in innovations
 
Risk management in pharmaceutical Industry
Risk management in pharmaceutical IndustryRisk management in pharmaceutical Industry
Risk management in pharmaceutical Industry
 
Types of Management
Types of ManagementTypes of Management
Types of Management
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation
 
Quality management system(qrm)
Quality management system(qrm)Quality management system(qrm)
Quality management system(qrm)
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
Outsourcing Risk Management
Outsourcing Risk ManagementOutsourcing Risk Management
Outsourcing Risk Management
 
Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committee
 
ISO9001 2015 Quality Manual template
ISO9001 2015 Quality Manual templateISO9001 2015 Quality Manual template
ISO9001 2015 Quality Manual template
 
Risk based thinking ppt mal
Risk based thinking ppt malRisk based thinking ppt mal
Risk based thinking ppt mal
 
ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?ISO 9001:2015 What Are the Main Changes?
ISO 9001:2015 What Are the Main Changes?
 
ISO 9001:2015 Review and Why It Is Good (10/28/16)
ISO 9001:2015 Review and Why It Is Good (10/28/16)ISO 9001:2015 Review and Why It Is Good (10/28/16)
ISO 9001:2015 Review and Why It Is Good (10/28/16)
 
Review of Enterprise Security Risk Management
Review of Enterprise Security Risk ManagementReview of Enterprise Security Risk Management
Review of Enterprise Security Risk Management
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
Evaluation_Training.pptx
Evaluation_Training.pptxEvaluation_Training.pptx
Evaluation_Training.pptx
 

Recently uploaded

Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
kumargunjan9515
 
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
kumargunjan9515
 
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
kumargunjan9515
 
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
kumargunjan9515
 
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
Priya Reddy
 
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
Hyderabad Escorts Agency
 
Green Marketing
Green MarketingGreen Marketing
Green Marketing
Dr. Salem Baidas
 
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model SeviceCall Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
kumargunjan9515
 
Climate Change
Climate ChangeClimate Change
Climate Change
Dr. Salem Baidas
 
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
vershagrag
 
Principle of erosion control- Introduction to contouring,strip cropping,conto...
Principle of erosion control- Introduction to contouring,strip cropping,conto...Principle of erosion control- Introduction to contouring,strip cropping,conto...
Principle of erosion control- Introduction to contouring,strip cropping,conto...
ZAPPAC1
 
Corporate_Science-based_Target_Setting.pptx
Corporate_Science-based_Target_Setting.pptxCorporate_Science-based_Target_Setting.pptx
Corporate_Science-based_Target_Setting.pptx
arnab132
 
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi EscortsHigh Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
Monica Sydney
 
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
kumargunjan9515
 

Recently uploaded (20)

Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your AreaVip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
Vip Salem Call Girls 8250092165 Low Price Escorts Service in Your Area
 
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
Unlimited Short Call Girls in Koppal { 9332606886 } VVIP NISHA Call Girls Nea...
 
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
Your Budget Call Girls in Hassan 9332606886Call Girls Advance Cash On Delive...
 
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
Sensual Call Girls in Surajpur { 9332606886 } VVIP NISHA Call Girls Near 5 St...
 
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
High Profile Call Girls Service in Udhampur 9332606886 High Profile Call G...
 
Test bank for beckmann and ling s obstetrics and gynecology 8th edition by ro...
Test bank for beckmann and ling s obstetrics and gynecology 8th edition by ro...Test bank for beckmann and ling s obstetrics and gynecology 8th edition by ro...
Test bank for beckmann and ling s obstetrics and gynecology 8th edition by ro...
 
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
Mira Road Comfortable Call Girls ,09167354423,Mira Road Model Call Girls .
 
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
Faridabad Call Girl ₹7.5k Pick Up & Drop With Cash Payment 8168257667 Badarpu...
 
Green Marketing
Green MarketingGreen Marketing
Green Marketing
 
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model SeviceCall Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
Call Girls in Tiruppur 9332606886 ust Genuine Escort Model Sevice
 
Climate Change
Climate ChangeClimate Change
Climate Change
 
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
Premium Call Girls Nashik Call Girls Service 👉📞 6378878445 👉📞 Just📲 Call Ruhi...
 
Principle of erosion control- Introduction to contouring,strip cropping,conto...
Principle of erosion control- Introduction to contouring,strip cropping,conto...Principle of erosion control- Introduction to contouring,strip cropping,conto...
Principle of erosion control- Introduction to contouring,strip cropping,conto...
 
Hertwich_EnvironmentalImpacts_BuildingsGRO.pptx
Hertwich_EnvironmentalImpacts_BuildingsGRO.pptxHertwich_EnvironmentalImpacts_BuildingsGRO.pptx
Hertwich_EnvironmentalImpacts_BuildingsGRO.pptx
 
Yil Me Hu Summer 2023 Edition - Nisqually Salmon Recovery Newsletter
Yil Me Hu Summer 2023 Edition - Nisqually Salmon Recovery NewsletterYil Me Hu Summer 2023 Edition - Nisqually Salmon Recovery Newsletter
Yil Me Hu Summer 2023 Edition - Nisqually Salmon Recovery Newsletter
 
Corporate_Science-based_Target_Setting.pptx
Corporate_Science-based_Target_Setting.pptxCorporate_Science-based_Target_Setting.pptx
Corporate_Science-based_Target_Setting.pptx
 
2024-05-08 Composting at Home 101 for the Rotary Club of Pinecrest.pptx
2024-05-08 Composting at Home 101 for the Rotary Club of Pinecrest.pptx2024-05-08 Composting at Home 101 for the Rotary Club of Pinecrest.pptx
2024-05-08 Composting at Home 101 for the Rotary Club of Pinecrest.pptx
 
Environmental Topic : Soil Pollution by Afzalul Hoda.pptx
Environmental Topic : Soil Pollution by Afzalul Hoda.pptxEnvironmental Topic : Soil Pollution by Afzalul Hoda.pptx
Environmental Topic : Soil Pollution by Afzalul Hoda.pptx
 
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi EscortsHigh Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
High Profile Escort in Abu Dhabi 0524076003 Abu Dhabi Escorts
 
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
Call Girls in Shadnagar / 8250092165 Genuine Call girls with real Photos and ...
 

Topic 1 - Risk Auditing 1-17.pdf

  • 1. Risk & Auditing Risk Risk Processes in ISO 9001:2015
  • 2. Introduction to Risk • Why Are We Discussing Risk Again ?? – Can Be a Complex Concept – Difficult to Understand & Distributed Across the Std. – Difficult to Explain to Customers – Need to Continue to Expand our Audit Skills and Learn from Each Other
  • 3. Auditing Risk in the ISO 9001:2015 • Short Revisit –Risk Perspectives –Risk in the ISO Standard • Auditing Risk –Impact of Outcomes –Audit Methodologies –Auditing Threads –Application to Risk • Case Studies
  • 4. Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 5. Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 6. • Risk Planning (Organizational Plan) – The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. • Risk Identification (When & Where) – The step of discovering and defining all risks inherent in your program or project. • Risk Assessment (Who) – The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. • Risk Handling (Decisions & Actions) – The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. • Risk Monitoring – The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process. Risk Management Processes
  • 7. Plan Do Check Act Risk Management Process - Risk PDCA - •Mitigation •Acceptance •Transfer •Etc.
  • 8. Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 9. Product/Service & Technical Risk • Complexity of Design • Criticality of Product/Service for End Use • New or Unproven Process or Technology • Organizational Capability to Design or Build Product/Service – New or Unproven Process to Organization – New Technology to Company • Others??
  • 10. Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 11. • Here is Where “Risk Based Thinking” Strongly Applies – See a Risk >> Do Something about it. – Identify and Communicate Risk Based Thinking, Decisions & Behaviors • Risk Understanding – Thinking & Awareness – Understanding the Risks and How they affect your Function or Process • Risk Based Decision Making – Making Choices on Handling Risk
  • 12. Risk Management Processes Theory Applied Risk Mitigation Behaviors within a process Product & Service Technical Risks
  • 13. • Identification (including Analysis & Prioritization) – Discovering and defining risks inherent in your program, project, process, or task. • Communication – Communicating Risks to all Relevant Individuals and Processes • Risk Understanding – Understanding the Risks and How they affect your Function or Process • Decision Making (Risk Based) – Making Choices on application of ‘Individual Options’ and ‘Process Options’ • Risk Behaviors – Knowledge of Identified Risks – Knowledge of Process Options – Application of Identified Risk Topics to ‘Process Options’ Risk Based Decisions & Behaviors
  • 14. Proposal Contract Design Manufact. Product Delivery Integrate Purchasing All Requirements are not created equal Monitoring and Inspection Activities Operational Options that Need Risk Oriented Decisions associated with Critical Requirements •Design Approach •V&V Approach •Monitor & Insp. Approach •Supplier Oversight RFQ Suppliers Communication of Supplier Requirements -Key Characteristics- Requirements & Risk Based Decisions Where Identified How Communicated What Decisions
  • 15. Risk Concept ISO 9001:2015 • Standard Process With Inputs & Outputs P O I R Risk Input In Step Prevention Down Stream Prevention Risk PDCA in Incremental Process Steps • Monitoring & Improving • Risk Input to Process Visually Separated • Risk Analysis, Plan & Handling • Handling Risk within Process Step & Down Stream Process Step Risk Decisions Lessons Learned
  • 16. Risk Identification & Decisions P O I R P O I R P O I R P O I R INPUTS •Customer •Regulatory •Known OUTPUTS •Product •Service •Good Product •No Escapes •On-Time •On- Budget Managing Risks to Process EFFECTIVENESS Multiple Prevention opportunity Options per Step
  • 18. Risk & Risk Like Wording • Any Risk Impacted Processes Not Apparent or Weak?? • Cust. Reqts/Cont. Review (8.2) • Purchasing/Supplier Management (8.4) • Production Provision (8.5.1) Subject DIS Ref. Topic Risk Complex Impact Effect Likelihood Conseqnce Prevent Mitigate Control Constraint Contingency Essential Reliable QMS Plan/Change 6.1/6.1.2/6.3 QMS Plan, Control & Changes X X X X X X Customer 4.2 5.1.2 8.2 Cust, Stat, Reg Requirements Customer Focus Customer Requirements X X X Design 8.3.2 - 8.3.6 Planning, Input & Changes X X X X X X External Providers 8.4.1-3 Control of Ext. Suppliers X X Ops Plan/Control 8.1 8.5.1-6 8.7 Ops Planning & Control Production Provision NC Control X X X X X X X X X X QMS Processes 4.4/5.5.1 9.1.3 9.3.2 10.1-2 10.2.1 QMS Processes Analysis Management Review Improvement NC & CA X X X X X X X X X QMS Support 7.1 7.2/7.3 7.5 Resources Competence/Awareness Documented Information X X X X X X X
  • 19. Risk Wording Observances • Risk is: • Explicit in Specific & Overarching Sections of Standard • Implicit in Across a Wide Range of the Standard • Have to Link Overarching Explicit Sections to Some Implicit Sections Where Risk Application is Important • 4.4.1.f – Risk Process Applicability Across Entire QMS • 6.1 – Risk & Opportunities Inclusion In QMS Planning • 8.1 – Risk Emphasis in Operational Planning & Control
  • 20. Variable Risk Application Approach Varying Applicability to Different Functions (ISO 9001 A.4 ) – Not all process of a QMS represent the same level of Risk in terms of the organizations ability to meet its objectives, an the effects of uncertainty are not the same on all organizations Type Project Production Service Size Large Medium Small Product X X X Process X X X People X X X How Does Risk Approach Vary?. • Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. • Audit Approach & Questioning Will Need to Vary Also.
  • 21. ISO 9001 – 6.1.2 Actions to Address Risk & Opportunity Processes Behaviors/ Decisions The organization shall plan: a) actions to address these risks and opportunities; b) how to: 1) integrate and implement the actions into its quality management system processes (see 4.4); 2) evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services. NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. Decision Options Key Points – Explicit or Implicit ??? • Establishes a Risk Approach Within the QMS Infrastructure (4.4) • Establishes Requirement for Risk Based Decisions Associated with Product And Services • Others ??
  • 22. ISO 9001 – 8.1 Operational Planning & Control 8.1 Operational Planning & Control The organization shall plan, implement and control the processes (see 4.4) needed to meet requirements for the provision of products and services and to implement the actions determined in 6, by: a) determining requirements ……….; b) establishing criteria for the processes and for the acceptance ……….; c) determining the resources needed to achieve conformity to ………. requirements; d) implementing control of the processes in accordance with the criteria; e) retaining documented information to the extent necessary ………. The output of this planning shall be suitable for the organization's operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. Key Points – Explicit or Implicit ??? Identify Decisions Decisions Communicate Action Process Decisions Action • Establishes Requirement for Risk Based Actions (6.1) • Operational Planning With Risk Based Decisions Across ‘Realization Process’ (8.1) • Others ??
  • 23. ISO 9001 – 8.1 Other Risk Phrases of Interest 8.4.2 Type and Extent of Control of External Provision The Organization shall ensure that externally provided processes, products & services do not adversely affect……. The Organization shall: b)Define controls it intends to apply…….. c)Take into consideration the potential Impacts…… as well as the effectivenss of controls…… d)Determine the verification activities necessary to ensure ……. Key Points – Explicit or Implicit ??? Decisions Understand Decision Understand • Decision on Controls tied to impact of Supplier on Product • Variable Methods for Verification tied to Ensuring Supplier Does Not Have an Adverse affect to Organizations Product/Service. • Others??
  • 24. ISO 9001 Other Risk Phrases of Interest 8.2.1 Customer communication Communication with the customers shall include: e) specific requirements for contingency actions, when relevant. 8.3.2 Design and development planning In determining the stages and controls for design and development, the organization shall consider: a)the nature, duration and complexity of the design and development activities f)the need to control interfaces between persons involved in D&D i)The level of control expected for D&D processes by Customer & Int. Parties 8.3.3 Design and development Inputs The organization shall determine requirements essential for the specific type of products and services being designed and developed. The Organization shall Consider a) functional and performance requirements; e) the potential consequences of failure due to the nature of the products and services; Key Points – Explicit or Implicit ??? Identify Communicate Identify Identify • Risk Associated Wording. Not Strongly Tied to Decisions or Actions. Decision
  • 26. Introduction to Auditing Risk • Who has Audited to the New Standards? – How are the Customers Adapting to Risk Based Thinking? – Any Unique Applications? • What Are Your Experiences With Auditing Risk ? – Explicit Wording Areas (Sections 4.4.1, 6.1, 8.1) – Implicit Wording Areas • Any Risk Based NC’s? • Have You had to Change Anything About Your Audit Approach • Let’s Explore Options for Auditing Risk in the New Standard!!
  • 27. • Needs for an Audit Strategy • For Compliance to Risk Requirements • For Effectiveness of Risk Processes • Implicit Risk Requirements -vs- Explicit Risk Requirements • Needs for an Audit Approach • Audit Planning & Sequence • Audit Technique & Line of Questioning • May Need to Alter Audit Approach & Focal Areas – Minimal Solid Requirements • 9.3.2.e - Risk In Man. Rev. • 9.3.3 - Retained Doc. Info. – Wide Application Of Risk • Process, Capabilities, Controls • Culture?? – Where in the Standard (4.1 Note 3 Context) – How to Audit Introduction to Auditing Risk
  • 28. Back To The Basics • What Are Auditing Basics • 2 Eyes, 2 Ears, 1 Mouth – Use them in proportion • Open Ended Questions • IAF – Expected Outcomes http://www.iaf.nu/upFiles/IAF9001expectedoutcomes0112.pdf • An organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. • What Are Auditor Methods • Down-stream • Up-stream • Cannonball • What Are Auditor Sampling Approaches • Random • Biased • (e.g., focusing on the results of performance / effectiveness metrics, focusing on specific customers) • Comparative • (e.g., comparing the work performed with procedures, verifying consistency between workers) • Which Are the Best Methods, Approaches and Techniques to Use For Various Risk Auditing Situations??
  • 29. Auditing Risk – Building Blocks • Audit For Risk in Process Model • Context of Organization & Interested Party Impacts • How Risk Can Impact Compliance and Effectiveness • Occurrence –v– Recurrence Focus in Risk Auditing • Understanding Requirements Threads • Individual Requirements Weave Together to Form Cross Cutting Larger Requirements • Understand Best Strategy for Auditing Risk For Various Scenarios • What is the Audit Goal – IAF Expected Outcomes • Which Sampling Technique to Use • What Audit Paths to Focus on • How to Combine Techniques and Paths for Maximum Effectiveness • Where to Start!! • What is Best Entry Point for Auditing Risk in an Organizations Management System
  • 30. Risk and Down Stream Audit Approach • What is Downstream Auditing • Start at the Beginning of a Process and Follow Trails to End of Process(s) • What Are Strengths & Weaknesses • Good for Following Planning to Outcome Trail (PDCA) • Can Be Weak for Auditing Outcomes • Other • How To Use For Auditing ‘Risk Based Thinking’ • Follow PDCA Trail • Look at Leading Indicators for Potential of Risk Impacts to Process • Look for Risk ID, Communication & Understanding for Prevention of Occurrence • Use Comparative Sampling to Evaluate Consistency of Risk Based Thinking • Other? Prevent Control Mitigate Emergency Audit Trail
  • 31. Down-Stream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) How Do Process Owners Understand Context, Requirements, Capabilities, Regulatory, etc. and Determine Risks and Plan for Prevention Actions for Appropriate Steps of the Process Audit Trail
  • 32. Risk and Up-Stream Audit Approach Prevent Control Mitigate Emergency Audit Trail • What is Up-stream Auditing • Start at the End of a Process and Follow Trails to Earlier Stage of Process(s) • What Are Strengths & Weaknesses • Good for Following Trails on Adverse Process Outcomes (CAPD) • Supportive of IAF Expectations on ‘Expected Outcomes’ • Potential for Not Understanding Full Process Before Starting the Audit Trail. • How To Use For Auditing ‘Risk Based Thinking’ • Use Biased Sampling and Start with a ‘Known’ Negative Issue or Lagging Indicators Showing ‘Unintended Outcomes’ • Follow Trail Back to Planning and Decisions • How Where Potential Risk were ID, Communication & Understood • Were Appropriate Risk Decisions Applied Based On Understanding of Risk • Look for How Risk ID, Communication & Understanding will be used for Prevention of Recurrence • Note - Comparative Sampling can then be used to determine if other personnel are applying similar ‘Risk Based Thinking’ • Other?
  • 33. Upstream Auditing & the “Turtle “ Model ? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) If defect sent to Cust, Where did risk thinking fail?? Same Scenario if Internal Data shows an adverse issue Audit Trail
  • 34. Risk Case Studies • What Have We Covered? – General Discussion on Risk Theories – Risk Wording in ISO 9001:2015 Standard – Audit Strategies, Methods and Techniques Associated with Risk Based Thinking • Time to put your Auditor Hats Back On – Case Studies
  • 35. Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) Audit Trail You are auditing a Company that designs and manufactures valves and other pressure related piping components for commercial industries. From the Management Interview, you find that the organization is branching out into the Chemical Processing industry which is new to the organization. You have selected a contract that is for supplying valves to a customer involved in chemical processing. During your audit of this contract you are told that the customer is looking to use these valves for a chemical process that they have not been used for in the past.
  • 36. Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) During the audit you find that the customer rejected a lot of 50 valves due to lack of material certifications that were required by chemical industry codes referenced in the customer’s contract. You also find that the organizations Purchasing Department was not aware that they needed to specifically request material certifications from the supplier, but had referenced the Chemical industry codes to their supplier. Audit Trail
  • 37. Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) In review of Inspection data from the weekly Manufacturing Department report, you see an increasing trend of workmanship nonconformances and scrap dispositions. In follow-up questions, you find that no apparent changes are being made to the manufacturing process. Audit Trail
  • 38. What’s Next • Understanding the Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle • Educate Yourself on the Broadness of Risk Applicability in a QMS • Develop Sensible But Meaningful Approaches to Auditing Risk • Auditing Homework • Get Comfortable with the Risk Wording in the Standards • Develop Concepts On Audit Strategy & Planning • Determine Approaches for Auditor/Auditee Engagements • Down Stream & Up stream Audit Paths • Comparative & Biased Sampling • Ask Questions We Always Learning