Investment in The Coconut Industry by Nancy Cheruiyot
QMS Risk Workshop.pptx
1. CASCADING OF QUALITY MANAGEMENT
SYSTEM (QMS) RE-ORIENTATION ON
CLAUSES RELEVANT TO ISO 9001:2015
STANDARDS, ROAAP PREPARATION AND
INTERNAL QUALITY AUDIT
August 11-13, 2022
2. Orientation on
Risk and Opportunities
Analysis and
Action Planning
and
Root Cause Analysis
Learning Objectives:
• Learn about Quality Management System
implementation in the DENR
Reasons for establishing QMS
Gain understanding of the context of the
DENR and scope of its QMS
The DENR Quality Policy
• Know about risk-based thinking according
to ISO 9001:2015
• Prepare the ROAAP
• Apply Root Cause Analysis
• Address a non-conformity
3. Advantages of a Quality Management System:
• Process efficiency and consistency in products and services
• Continual improvement
• Reduction of waste / errors
• Client needs and satisfaction
• Employee communication and on-boarding
• Evidence-based decision making
• Improved risk management
• Increased customer satisfaction
• Improved participation of employees
4. THE PDCA STRUCTURE
DENR PROCESSES TO ACHIEVE ITS
MANDATE
SERVICE DELIVERY
CSS & FEEDBACK
REQUIREMENTS
AND INPUTS
Risk management
8. According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a
positive or negative deviation from what is expected.
9. ISO 9001:2015 clauses Comments
4.4 Quality management system
and its processes
The overall quality management system (QMS) must
consider both risks and opportunities as part of its core
planning process.
5.1 Leadership and commitment
Those who lead the organization must promote risk-based
thinking.
5.1.2 Customer focus
Ensure risks and opportunities that affect customers are
determined and addressed.
6.1 Actions to address risks and
opportunities
When planning for the QMS, determine and address risks
and opportunities.
9.1.3 Analysis and evaluation
Evaluate the effectiveness of actions taken to address
risks and opportunities.
10.2 Nonconformity and
corrective action
Update risks and opportunities determined during
planning, if necessary.
Where is risk addressed in ISO 9001:2015?
10. Process Approach
4.4 Quality management system and its processes
4.4.1 The organization shall establish, implement, maintain and continually improve a quality
management system, including the processes needed and their interactions, in accordance
with the
requirements of this International Standard.
The organization shall determine the processes needed for the quality management system
and their
application throughout the organization, and shall:
f) address the risks and opportunities as determined in accordance with the requirements of
6.1;
11. Leadership
5.1 Leadership and commitment
5.1.1 General
Top management shall demonstrate leadership and commitment with respect to the quality
management system by:
d) promoting the use of the process approach and risk-based thinking;
5.1.2 Customer focus
b) the risks and opportunities that can affect conformity of products and services and the ability to
enhance customer satisfaction are determined and addressed;
12. Planning
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall consider
the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks
and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement
13. Planning
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the
conformity of products and services.
NOTE 1: Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity,
eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by
informed decision.
NOTE 2: Opportunities can lead to the adoption of new practices, launching new products, opening new
markets, addressing new customers, building partnerships, using new technology and other desirable and
viable possibilities to address the organization’s or its customers’ needs.
14. Evaluation
9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from
monitoring and measurement.
The results of analysis shall be used to evaluate:
e) the effectiveness of actions taken to address risks and opportunities;
9.3.1 General
9.3.2 Management review inputs
The management review shall be planned and carried out taking into consideration:
e) the effectiveness of actions taken to address risks and opportunities (see 6.1);
f) opportunities for improvement.
9.3.3 Management review outputs
The outputs of the management review shall include decisions and actions related to:
a) opportunities for improvement;
15. 10 Improvement
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any
arising from complaints, the organization shall:
e) update risks and opportunities determined during
planning, if necessary;
16. HOW?
• Identify what your risks are – it depends on context
• Understand your risks
What is acceptable, what is unacceptable?
What advantages or disadvantages are there to one process over another?
• Plan actions to address the risks
How can I avoid or eliminate the risk? How can I mitigate risks?
• Implement the plan – take action
• Check the effectiveness of the action – does it work?
• Learn from experience – improve
17. Retaining risk by informed decision: For insignificant risks, sometimes the best strategy is to just
accept the risk and proceed. If a problem has a very low chance of happening, or is not severe if
it does occur, then choosing to just react to the problem should it happen can be the best
decision. This can also be the case when a possible avoidance measure is too costly or time
consuming to be worth the resources it would take to implement.
Avoiding risk: For significant risks you may choose to take action to prevent the risk from
happening, or in other words: change the chance of occurrence. This could be an improvement in
a process, replacing old equipment with better equipment, or changing a design to remove a
component that is causing a risk. The key is that once the avoidance actions are completed, the
risk no longer exists.
Eliminating the risk source: One way of avoiding the risk is to eliminate the risk source. This may
involve changing a part used in an assembly, or removing a process step that is risky and
replacing it with one that does not have the risk.
Addressing Risks
18. Sharing the risk: Sometimes you can transfer a risk elsewhere, such as having a process done by an
expert supplier rather than doing it yourself. Another way of transferring risk is through having
insurance in place that would provide the necessary additional resources to deal with a problem if it
happens.
Changing the likelihood or consequences: Putting in administrative controls, training, or additional
inspections are examples of mitigation of the risk. You are not stopping the risk from happening, but
you are increasing your chances of identifying the problem after it occurs. This mitigation often
includes having plans in place to deal with the consequences of the risk once the problem has
occurred. These plans can include such things as reworking products or procedures to return a
process to a conforming state. The risk still exists, but you have actions and plans in place to
reduce the risk consequences.
Taking risk in order to pursue an opportunity: We have talked about risks in the terms of having a
negative consequence, but what if taking a risk can be an opportunity for your organization? In
these situations, you are assessing the risk in terms of what you need to do to capitalize on the
opportunity and take action to make it happen. When this is your plan, you are exploiting the risks in
order to benefit from long-term gains to your organization.
Addressing Risks