Comments on: Quality risk

By: admin

admin — Tue, 20 Jul 2010 11:42:18 +0000

While this is often true I would not go so far as to say it is always true. I can’t understand why people think it is somehow immoral to pursue certification “just because it is a customer requirement”. It is probably the best reason. If the customer says “jump” generally it is wise to say “how high?” and making operational decisions based on commercial considerations is not, in my book at least, such a bad thing

By: Travis

Travis — Tue, 20 Jul 2010 03:10:51 +0000

When organisations use ISO 9001 only for contractual reasons, they have no interest in it what so ever.
Even if they considered using best practice for their own business, then they would have some form of QMS.

By: shaun

shaun — Thu, 28 Jan 2010 08:09:24 +0000

Tell me about it, Rob. For a real treat you should check out the IRCA forum now and again. The occasional decent debate, but generally a veritable pedants playground

These attitudes go back to the contractual aspect of ISO 9001. When contracts are involved people generally try to walk along the line, doing no more and no less, and when ISO 9001 is part of the contractual requirement, the whole approach to quality management is tarred with that same brush

By: Rob

Rob — Wed, 27 Jan 2010 22:43:29 +0000

Assessment of risk should be part of every managers and business leaders job, regardless of an ISO standard saying you don’t or do have to do it. I often find that arguments over what this or that sentence or word means in an ISO standard to be rather futile. Working in quality for more years than I care to think about, at a senior level, has taught me that general application of the requirements of ISO 9001 is just good business practice. Nothing more really. Getting hung-up over semantics is of no interest to 99% of people in a business.

By: Shaun

Shaun — Sun, 24 Jan 2010 13:47:25 +0000

Quite so John. I can’t understand how the other management system standards appear to get it, but QMS does not. In simple terms risk management is action you take to stop undesirable things happening (or at least to reduce the chances or mitigate their effects)

A management system on the other hand is a mechanism for increasing the chances that the right things will repeatedly happen. An awareness of “the bad things that can happen” is fundamental to being able to apply the principle of preventive action in any sensible way. However I often find that “preventive Action” is applied in a very cosmetic way. Where would an OHSMS be without proper risk assessment? Or EMS without proper aspects and impacts evaluation? It is unthinkable, but many QMS’ seem to plod on quite happily without an equivalent process. Quite bizarre

By: John Broomfield

John Broomfield — Sun, 24 Jan 2010 13:35:19 +0000

Clause 5.2.1h) of ANSI/ISO/ASQ QE19011S-2004 includes this recommendation regarding risk. Please see below.

Objectives should be established for an audit programme, to direct the planning and conduct of
audits.

These objectives can be based on consideration of:
a) management priorities;
b) commercial intentions;
c) management system requirements;
d) statutory, regulatory and contractual requirements;
e) need for supplier evaluation;
f) customer requirements;
g) needs of other interested parties;
h) risks to the organization.

Fortunately, risks (associated with the organizational environment) are introduced by ISO 9001:2008 as design inputs for the management system.

I will admit that some people seem to have stopped thinking beyond the specifics of their favorite system standard. For some reason they seem not to understand many of the principles of management.

Indeed if the blinkered-thinkers rely on ISO/TC176 for the scope of their thinking they will be let down as the eight quality management principles that do not even mention risk.