Risk - A key concept of the 2015 Standards
What is Risk?
The word risk originated in Europe in the mid 17th Century and was derived from the Italian word “risco”, meaning Danger. The Oxford English Dictionary today defines risk as “A situation involving exposure to danger”.
In a business context risk can predominantly be linked back the good old fashioned SWOT analysis, through its particular focus on threats and opportunities. By identifying these threats and opportunities not only does it enable an organisation to understand its posed risks, but to also manage them in a proactive rather than reactive manner.
Why does Risk feature so strongly within the new standards?
As we have mentioned risk is not a new concept to the business world, but it is a relatively new concept to ISO certification. That said Risk has long since been embedded in standards such as the AS (Aerospace) and TS (Automotive) series and will play a key part in all ISO standards going forward as can be seen from ISO 27001:2013, ISO 9001:2015 and ISO 14001:2015.
The table below identifies the amount of times we see Risk (or terminology linked to risk) within ISO 9001:2015. As you can see the word risk itself is not so common, but when looked at in the context of terminology such as “Consequence”, “Effect”, “Prevent” and “Control”, it features in many of the clauses throughout the standard.
How can you benefit from a risk based approach?
A risk-based focus means that more threats (and risks) can be identified in advance of them occurring. This allows an organisation to not only be prepared should a risk develop into a specific threat, but also allows a company to proactively manage those risks and turn them into positive opportunities for a business.
With better risk management and more time to put preventive measures in place, the global adoption of the new standards will not only drive significant improvements in business performance and process outputs but will also specifically lead to a reduction of accidents in the workplace when combined with a health and safety management system such as OHSAS 18001 (soon to be ISO 45001).
Why not use the table above to test your internal auditors on their knowledge of risk. Would they acknowledge that the word “consequence” or “effect” can be associated with Risk?
Alternatively see how many times your management system references Risk – you may already be following a risk based approach and not realising!