Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

Quality Risk Management

January 27, 2018


What exactly is Quality Risk Management?


By definition:


Quality Risk Management is the set of leadership, business process, culture, and technology capabilities an organisations establishes to create a collaborative approach for identifying, quantifying, and mitigating product, operational, supplier, and supply chain risks that can impact quality.


But, what does it do for your business?


We will begin by looking at the link between Quality Management and Risk Management.


Quality management can be thought of as the process of designing and executing products and services effectively, efficiently, and economically. In this context, effectiveness primarily involves the ability of the products and services to meet or exceed customers’ expectations, while efficiency involves the ability to provide products and services without wasting any resources. Economics involves the ability to generate requisite revenues from the process so that the organisation can be sustained.


Risk management is the process of identifying, addressing, prioritising, and eliminating potential sources of failure to achieve objectives. Applying risk management means being proactive, preventive, predictive, and preemptive. Risk asks the question, “What if?” and looks at likelihood and consequences to determine which of the what-ifs are significant and need to be addressed.


When we look at process quality, we see that objective gaps imply potential changes in the process, which means higher risk: more variances, or higher variation, leads to less uniformity in product or service. By reducing the risk of changes, we reduce objective gaps and variation, and increase process quality.


There are three main types of operational risks:
Enterprise risk—Risk related to the operation of a business, execution strategy, systemic issues, and material issues;
Project risk—Risk related to the planning and delivery of a product or service, and of not being able to meet project “triple constraints,” i.e., scope/quality, schedule, and cost, including technology and other factors;
Process risk—Risk relating directly to planning and delivery of a product or service and of not being able to meet process stability, process capability, and continuous improvement—meaning the inability to achieve consistent outcomes.


To ensure consistency of approach to risk management, standards and models have been and are continuing to be developed. Standards provide the following benefits: 
1. Reference for risk management processes;
2. Define consensus and best practices;
3. Define frameworks to guide and support risk decision process;
4. Provide common vocabulary to discuss and compare risk processes.


Some risk-based standards include: ISO 9001 which addresses risk in Quality Management; ISO 28000, which addresses Supply Chain Security; ISO 27000, for IT Security; ISO 22000 for food safety; ISO 14001 in Environmental Management.


The critical elements of risk management identified in many ISO standards are: 

Risk identification—Identifies the sources of risk, risk events, and their potential consequences;
Risk analysis—Analyses the causes and source of the risks and the likelihood that they will occur;
Risk evaluation—Determines whether risks need to be addressed and treated;
Risk treatment—Determines strategies and tactics to mitigate or control risks.


Further, ISO states that risk management should “ensure that organisations have an appropriate response to the risks affecting them.” Risk management should thus “help avoid ineffective and inefficient responses to risk that can unnecessarily prevent legitimate activities and/or distort resource allocation.” And, to be effective within an organisation, risk management should be “an integrated part of the organisation’s overall governance, management, reporting processes, policies, philosophy and culture.”


Quality Risk Management cannot be ignored in any business. In today’s business world risk comes in many forms, from regional instability to droughts in far off lands, not all are generated with your own walls. But, all must be considered, risk in looking at all aspects that can affect your business or service output.


For more information on how ISO can help you identify and improve Quality Risk within your business email: or visit 


CSA Consultants - the Common Sense Approach to implementing ISO standards



Please reload

Follow Us