What's "Risk Based Thinking" and what will the auditor expect to see?


answer from the qms experts: 

A significant feature of the 2015 edition of ISO 9001 is the inclusion of the requirements which relate to "risk and opportunity." Mentioned throughout the International Standard's texts, risk and opportunity appear in the Quality Management System and its Processes (4.4.1), Customer focus (5.2), Planning requirements (6.1),Analysis and Evaluation (9.1.3), and then in Management Review (9.3) and also Improvement (10.2).

Risk is defined as the "effect of uncertainty" and, since the achievement of quality relies on an organization defining and controlling its processes, it becomes apparent that the quality management system (of processes) should consider risks to the intended outcomes. This is where "risk based thinking" comes into prominence for an organization. Although there are no formal, documented risk management methods needed to demonstrate to an auditor, it is worth considering - based on the complexity of product(s) and processes - what can be done to identify risks and manage them to assure a successful quality outcome. Time honored techniques such as the use of failure modes and effects analysis (FMEA), fault tree analysis, brainstorming, and cause/effect diagrams may be adopted and used to demonstrate to an external auditor the consideration of risks and opportunities.