The new versions of ISO 9001 and ISO 14001 require all organizations to meet the new requirements by 2018 in order to obtain or renew their certifications. Among other changes, ISO 9001:2015 and ISO 14001:2015 introduce risk-based thinking. But how does risk management impact on quality and environmental management?
Companies around the world have been working to comply, as quickly as possible, with the latest revisions of the standards. The objective is to maintain your company’s quality standard in the market. However, more than just a bonus for marketing, ISO 9001:2015 and ISO 14001:2015 allow for a greater degree of maturity in business management, preventing problems and identifying new opportunities.
“Risk-based thinking” means to ensure that all risks are identified, considered and controlled throughout the quality and environmental systems. Moreover, it is to recognize that risks exist in all systems, processes and functions and that they must be considered in a holistic manner.
ISO 9001:2015 and ISO 14001:2015 emphasize the importance of abandoning the reactive position and adopting a proactive attitude for preventing and reducing undesirable consequences. In this way, the approach to risks must be considered from the beginning as well as throughout the system. This makes preventive actions an inherent part of the activities of planning, operations, analysis and evaluating.
It is interesting that, in recent years, organizations in all sectors have matured their views on risk management, even those that are not ISO 9001 certified. The globalization of the market, the growing involvement of stakeholders and fraud and corruption issues have required the adoption of risk and compliance management initiatives, and the market understands this.
ISO 9001:2015 and ISO 14001:2015 also imply a paradigm shift: stop thinking only about the negative side of risks. Usually, risk is viewed by organizations as a problem rather than an opportunity. Today, the effects of risk should be considered for both their negative and positive sides. This thinking seeks to understand both the current situation and the possibilities for change in the identification of opportunities for improvement.
The goal is to effectively define, manage and monitor the internal and external business environments to ensure the protection and growth of added value, within tolerable risk and legal limits.
This implies moving towards a unified organizational environment where risk management functions and compliance are aligned with strategic planning and centrally controlled, but where responsibility is distributed across business structures.
As a result, risk management initiatives (“risk-based thinking”):
- improve governance;
- establish a culture of proactive improvement;
- ensure consistency in the quality of products and services;
- improve customer confidence and satisfaction;
- increase the likelihood of achieving goals;
- reduce the likelihood of negative outcomes;
- and make prevention a habit.
José Carlos Carvalho is involved in projects for the implementation of management systems, auditing systems and internal controls. He is a consultant for the company Venture, which provides consulting on process, risk and compliance management for large companies in Brazil.