Risk Management - Is it only a paper work?
In ISO 9001:2015 Quality Management system Risk Based Thinking (RBT) is emphasized at a greater length. As a QMS consultant, I personally feel there is a big gap between what is asked for in the standard and that of the reality. I have been interacting with many of my clients and trying to explain the requirements of QMS ISO 9001:2015 standard but many of them are little bit confused and are even allergic to the phrase "Risk based Thinking".. The simple reason is many fail to see it as a tool to improve their QMS. These small and medium firms simple do risk assessment and risk treatment (RART) for the sake of satisfying the Certifying body auditors. But in reality these are not put into practice. As usual there is a line of thinking among MSME's and even in some corporates that RART has to be done for the sake of certification and there is no link to the real life situations what they face day in and day out. This is the simple realm of life.
The standard also doesn't emphasize documentation for addressing the requirements of clause 4.1 - Understanding the context of the organization and clause 4.2 - Needs and expectations of interested parties. As usual the interpretation by consultants and certifying body auditors on Risk based thinking documentation is still creating confusion among the minds of the client organizations. The standard clearly states there is no formal requirement of Risk Assessment but in reality for addressing the requirements of Clause 6.1 - Actions to address risk and opportunities a documented evidence is asked for. I feel somewhere there is still an ambiguity in this area.
The risk assessment and risk treatment (RART) is carried out as a ritual and many organizations simply copy and paste templates available in the web and literally doesn't understand the concept of risk based thinking in Quality Management System. Its the duty of Certifying body auditors, Consultants and Regulators to come out with a uniform version of understanding on risk based thinking and avoid interpreting the standard in their own convenient way.
