ISO 9001 Consulting – A Risk Management Approach

The Problem With How Consultants Implement ISO 9001:2015 Quality Management Systems (QMS)

ISO 9001 requires that an organization identify and implement effective controls over its quality management processes. Businesses will typically identify its processes under typical categories such as operational processes, support processes and outsourced processes. Collectively the controls exercised over these processes will make up their quality management system (QMS). Many ISO 9001 Consultants and organizations go about implementing QMS process controls in a very superficial manner resulting in a system that does not provide any value to the organization and consequently any return on the cost of its investment. The main reason they got certification was to satisfy a customer contractual requirement.

But ISO 9001 can do a whole lot more for an organization if implemented the right way. Effective risk management control over each QMS process and the interaction between processes can result in huge improvements in an organizations productivity and bottom line.

The Solution: So how does an organization use risk management to control its processes?

A process typically has inputs, outputs and value-adding activity. Each of these process characteristics use various resources. These resources include manpower, materials, machinery and equipment, facility and environment, methods, management, etc. These resources are all variables and subject to risk in their use.

An organization must identify the nature and degree of such risk and implement appropriate controls over them. Tools such as Fishbone analysis or FMEA’s (Failure Mode and Effects Analysis) may be used to perform this risk analysis. A discussion on how to use these risk analysis tools will be left to another article.

Your organization should consider the risks related to the following process variables of your quality management system.


– Inventory management

– Inspections & Tests

– Standards & Specifications

– Supplier Management

– Identification & Traceability

– Turnover & Preservation


– Capability, capacity and & technology

– Engineering & support

– Inspection, measuring & test equipment

– Tools, dies & fixtures

– Maintenance & supplies

– Equipment layout


– Skills, knowledge & experience

– Training

– Responsibility & Authority

– Empowerment, Motivation & Morale

– Adequate staffing

– Health & Safety


– Building & facilities

– Environment controls

– HVAC and other utilities

– Housekeeping, health & safety

– Lighting, air quality & noise

– Contingency/emergency measures


– Systems & Procedures

– Inspection & Tests

– Quality Plans & Checklists

– Work Instructions

– Bill of manufacture/assembly

– Technology/automation/robotics

– operational and administrative software

– Process flowcharts

– FMEA’s & process controls

– Drawings & blueprints


– Objectives/tracking/review/improvement

– Standards/codes/regulations

– Specifications/tolerances/criteria/tolerances

– Operational data/statistics/SPC

– Efficiency & effectiveness

– Customer Satisfaction

– Bench-marking


– Leadership & Planning

– Policies & Objectives

– Commitment & involvement

– Organization & resources

– Follow-up & review

– Communication

How To Use These QMS Process Variables:

– Determine which of these resources variables apply to each process identified in your QMS.

– Determine which combination of controls apply to that process variable – process input, output or value-adding activity.

– Implement the controls you have identified and verify their effectiveness.

This article provides a brief overview to using a risk management approach to effectively implementing ISO 9001:2015 in an organization. Keep in mind that ISO 9001 is a business management tool. So the benefits you get from using it is directly related to how effectively you use it. The risk management approach is a very powerful way to use ISO 9001 to effectively control your business and benefit significantly in terms of customer satisfaction and profitability.

Leave a Reply

Your email address will not be published. Required fields are marked *