Really nice description of purpose of risk management. I must say that it is very difficult to find really good source describing risk management field.

Most of beginners (as me) are starting from wikipedia slowly switching to such authoritative resources as <a href="http://coso.org/">Coso</a> and other useful websites. But even after studying a lot of materials everybody need to use knowledge on practice.

Agreed, very much S,D, Process FMEA is most useful to have RBT manifested within and ISO 9001:2015 QMS

ISO 9001:2015 rightly as written in the QD article, identified RBT within Leadership and Planning but TC-176 and within the current ISO "The Integrated Use of Management Systems Standards" handbook now under review states, ISO 9001:2015 is all about RBT.

TC-176 deliberately removed Preventive Action (not Preventative) and embedded it within the Context requirement and others. It was also driven by companies placing 'CA and PA' together and calling it "CAPA". They are not the same beast or methodology. PA moves us up into FMEA, FTA, PCDP and such techniques can be useful across most ISO 9001:2015 key clauses.

The ISO 9001:2015 "process-approach" affords companies the opportunity if I may, to truly identify their Risks within such business processes - not in the clauses of a current ISO 9001:2008 documented QMS.

The biggest risk to RBT with the 5th edition of ISO 9001 is that companies see the promulgated "transition period' as a easy period for updating their QMS. Far from it. However, the subtle guidance/advice from some training, consultancies and software suppliers, that companies simply update their clauses based system to the new clauses - is wrong.

There are a few software and consultancies now providing 'free' templates for a revised ISO 9001:2015 "compliant" Quality Manual, sad but true, by the clauses. A huge risk given the requirement to have a Process-based and Documented QMS by September 2018. Folk could use their Auto Industry Action Group FMEA text especially in Process FMEAs. The required Flow Process Charts as AIAG states for the direct input to a PFMEA, to develop a “S.O.D.” and “RPN” , can be useful to identify their risks in not adopting RBT within a process but a clause written QMS or Integrated Management System.

Unfortunately, some see the Annex SL and High Level Structure as a means to now document and IMS – it was only to show how all ISO Management System clauses / requirements will be standardized and then embed within a business context and single or integrated system documentation.

In meeting IRCA in London, we agree that RBT is inherent within all of ISO 9001:2015 and people should read the Forward, Introduction and General of the revised Standard BEFORE going to Clauses and Requirements from 4 to 10.

This is enlightening for many quality professionals and risk managers - ISO states that the QMS must not be documented by the Clauses of the Standard. That is RBT.

Of course I forgot to add, ISO 31010 Risk Management techniques is most helpful.  "http://www.itgovernance.co.uk/shop/p-748-iso31010-iso-31010-risk-assess…"