Risk-based approach

What is a risk-based approach and how do you determine opportunities and risks in accordance with ISO 9001?

The risk-based approach of ISO 9001 is intended to avoid undesirable results and encourage continuous improvement of the QM system. Will we be unlucky or will luck help us after all? Unfortunately, these circumstances are not controllable! Or is it? We receive very different answers to this question from philosophers, esotericists or pragmatic business leaders. What all of the answers have in common is the realization that with regard to the future, one does not know “what will bring it” or “how it will ultimately come”.

But, maybe we do have certain possibilities to give luck a helping hand? DIN EN ISO 9001 with the risk-based approach provides us with an idea for this. The standard regards a risk as an effect of uncertainty, partly due to the lack of information regarding the understanding of existing situations. Often this possible impact is only perceived from a negative point of view, i.e. as a risk. However, the norm also sees the positive perspective and thus also the opportunity. In the following you will find some ideas on how we can “take control of the reins” in order to reduce risks and seize opportunities so that bad luck and luck are not only determined by fate.


How does the management of risks and opportunities work in the risk-based approach?

If a company ignores opportunities such as the introduction of new technologies, the possibility of diversification or the like, and if competitors take advantage of these opportunities, this can have negative consequences for their own company. An unrecognized opportunity or the failure to take advantage of a recognized opportunity can therefore again represent a risk for the company itself. Effective management of risks and opportunities must therefore not only focus on weakening the negative side, but must also maximize the positive effects at the same time. An integrated opportunity and risk management thus represents the alternative to the separate concentration on the positive and negative aspects of the development of the environment and makes it possible to evaluate topics without prejudice with regard to possible success potential.

DIN EN ISO 9001 clarifies the importance of risks and opportunities in connection with the context (environment, framework conditions), the company’s goals and the process-oriented approach. Risks and opportunities should be taken into account in an increasingly dynamic and increasingly complex environment when creating, introducing, maintaining and continuously improving the quality management system and its processes. The risk-based thinking, with the consideration of as well as the handling of risks and opportunities, is understood as a prevention against the occurrence of undesired events. Therefore, section 8.5.3 Preventive measures of ISO 9001: 2008 is no longer found in the new standard.


The medal has two sides – “no risk, no fun”

A saying that everyone has probably heard in some context is: “no risk, no fun”. What is behind this is the dualism of risks and opportunities. The two perspectives are closely related, in fact they are inextricably linked. The English term “risk” emphasizes this phenomenon more clearly than our German “risk”, where we mostly only think of the negative effects. In the English-speaking world, a distinction is therefore made between “upside risk” and “downside risk” in the event of a risk. The risk of missing a defined goal is a “downside risk”. The chance that a goal will be achieved better than originally planned by taking a risk is an “upside risk”.