Risk and opportunity go hand in hand when updating to the new ISO standard
Paul Simpson, co-author of Implementing ISO 9001:2015 looks into how taking risks and opportunities is key when building a business but can the updated ISO standards help to deliver that elusive ‘pot of gold’?
One of the big new ideas in the 2015 edition of ISO 9001 is ‘Risk Based Thinking’ and if you are to believe the Twitterati the concept is akin to the subject of Edvard Munch’s painting ‘The Scream’ as the quality management landscape turns vibrant orange behind them. But before the hysteria needle hits 11 let’s think back to the real world outside the quality manual.
All people running organisations look at risk and opportunity, they are two sides of the same coin; when an entrepreneur starts their business risk and opportunity are always front and centre in their mind. Wherever they have come from, they have identified an opening to start a business, make a living, and grow it to the point where it gives them an income with the opportunity of a pot of gold for their retirement. This future is, however, not certain; there will be difficulties along the way and these risks, left unmanaged, could lead to a loss of income and, ultimately, to their business failing. The entrepreneur recognises these risks come in many forms and many are related to quality: do I have the right products and services for my target customers? Can I control production and service delivery to consistently meet those customer needs? Can my suppliers keep up with my demands and maintain quality levels I need? If I can manage those risks at that level then the business will succeed and I can grasp all the opportunities, including that elusive pot of gold.
Moving forward in time as the business continues to thrive and has grown, our entrepreneur has moved upstairs to the board room as CEO and has managers and teams dealing with day to day business while she buys in high priced consultants to lead some blue skies strategy sessions. Strategic risks haven’t really changed; an incorrect strategy still has the capability to bring down our grown-up start-up. Tactically the business can cope more easily with risk as it has multiple customers buying a range of products. On the down side tactical errors can lead to an erosion of hard earned brand reputation as all our customers inhabit the same system and talk to one another – see the earlier blog on organisational context (hyperlink) for examples.
Moving out of the board room along to the shop floor and offices where ‘business as usual’ happens risk looks a little different but it is just as important it is recognised and managed. With every order comes a risk the organisation will misunderstand their customer’s needs so, at this process level, there have to be checks and balances. Individuals working with their CEO’s delegated authority accept orders and enter into contracts including the inherent risks a legal contract carries. At the same time on the shop floor all employees are involved in managing risk. Some develop specifications and standards (perhaps in a separate design office); some manufacture products or deliver services that they believe meet those standards. Throughout the process managing risks leads to delivered products and services meeting specification, satisfying customer needs and customers paying their bills, thereby allowing the organisation to realize the sales opportunity and contributing to our entrepreneur’s vision of a pot of gold.
If the above risks and opportunities are present in daily organisational life why do we have concerns for the quality professional’s ability to inhabit this space and over what our certification body auditors are going to ‘do to us’? The revised clauses of ISO 9001 create an opportunity for us to revisit and realign our processes to ensure our systems deliver what our customers and stakeholders want. There are, of course, risks with changes to the standard but perhaps we can focus on the opportunities presented and maximize them instead.