Let’s talk about Risk

With all of the changes to the ISO 9001 and ISO 14001 standard, I will be visiting some of the new topics and provide some insight.

One specific area causing a lot of discussion has been risk.

In ISO 9001:2015:

“6.1 Actions to address risks and opportunities

6.1.1 When planning for the quality management system, the organization shall consider the issues

referred to in 4.1 (understanding the organization and its context) and the requirements referred to in 4.2 (understanding the needs and expectations of interested parties) and determine the risks and opportunities that need to be addressed to:

  1. a) give assurance that the quality management system can achieve its intended result(s);
  2. b) enhance desirable effects;
  3. c) prevent, or reduce, undesired effects;
  4. d) achieve improvement.”

And in ISO 9000:2015 (the definitions standard) defines risk as “effect of uncertainty”.

Those of you who have environmental or OH&S management systems in place, are already systematically identifying and dealing with the risks of your organizations with respect to its impact on the environment and your own people, respectively.

In the business world, risk is constantly evaluated.  For example:

  • Financial risks are curbed through evaluation, such as return on investment evaluations or through regulation like Sarbanes Oxley.
  • When looking at emergency events, companies implement business continuity plans.
  • In HR departments, succession planning is put into place to ensure continuity in the organization structure.

A great video to kick off the discussion:


Every time you make a decision you are performing a risk assessment.  Risk assessment is not a scary thing.

Leave a comment