Sponsored Content

Risk is not a straightforward concept. Definitions of risk vary, even within documents published by the International Organizations for Standardization (ISO). One ISO definition indicates that risk is the “effect of uncertainty on an expected result.” Risk is now addressed by ISO 9001:2015—“Quality management systems—Requirements,” the international standard for quality management systems (QMS), scheduled for publication next month. In it, organizations are asked to “address risks and opportunities.”

New language in the final draft international standard (FDIS) of ISO 9001 focuses on “risk-based thinking,” although it stops short of actual “risk management.” As a result, the international community is wrestling with how best to audit risk. What are the concerns of auditors? What does ISO 9001:2015 ask for?

 …