Home Resources Blog May 2017

The Importance of Identifying Risk

16 May 2017

ISO 9001:2015 states that risk based thinking is essential for an effective Quality Management System. This means we need to think more carefully about risk and how we identify it.

The concept has in fact, been implicit in previous editions of the standard but the consideration of risk is now explicit throughout the standard and in particular in clause 6.1, actions to address risks and opportunities.

How ISO Compliance Relates To Risk-Based Thinking

Each and every business activity does involve risk. Shrewd business leaders understand this and adopt risk management approaches, to help increase their chances of success. By implementing ISO management systems, it can help to cushion businesses from risks. Business managers recognize it as the primary strategy for risk management, as it helps minimizes risk in several ways.

Energizes the Top Leadership Team

The ISO standards require businesses to take a risk-based thinking approach for effective quality management. Business leaders who abide by this standard take a greater strategic view of risk within their businesses. Given that top management teams are required to be involved in the process of identifying fully, recording, removing, and mitigating risks, using a risk-based thinking process has many benefits that far surpass many processes, such as preventive action in terms of effectiveness.

Helps Evaluate and Benchmark Risk Management

Organizations that are ISO certified are focused on identifying and managing risk. They continuously develop a variety of risk management systems that assess risks at all levels of their business. These standards ensure that employees at lower levels have a channel through which they can feed their opinions upwards for consideration by the top management team. This enables the top leadership team to hold strategic information about threats to their business.
Often decision making takes place at a lower management level and does not progress upwards to senior management level, the new ISO standard ensures that the thinking process is undertaken by senior management too. This helps organizations set benchmarks and evaluate risk at all times, as top level management has better access to company information (i.e. finances, ROI, objectives). 

Decisions made by the help of this new method and the consequential actions, means it is relatively easy to notice that the documented actions and goals will be more useful for preventing risks than those from systems, such as the preventive actions.

Enhances Understanding of the Culture of Businesses

ISO standards require business owners to know what they intend to achieve by understanding their risks, threats, and vulnerabilities. As part of this process, they minimize interruptions to activities that generate sales, reduce delivery times to customers, and provide better customer service. Other than understanding their organization, business leaders have to know the culture of their businesses since these standards recognize culture as essential building blocks in creating successful risk management initiatives.


By identifying standards that support risk management such as ISO 9001, ISO 14001 etc, businesses leaders are able to demonstrate the commitment to building a risk-focused organization. The best way organizations can mitigate potential risks is investing their time and resources to stay current with risk management developments and ISO compliance.

Author: Toby Hyde, NQA UK Regional Auditor