Risk management

What is risk management according to DIN EN ISO 9001?

The need to manage business risks, i.e. risk management, is not really new. Companies are well advised to include the associated level of risk in all strategic and operational decisions. Since executives show a divergent risk appetite, the legislator has acted with the law on control and transparency in the corporate sector in order to ensure a cross-company level. Management boards in particular are therefore obliged to implement risk management in accordance with ISO 9001 in the company.

The way in which risks are dealt with is, however, relevant from a further perspective, which is referred to in the course of banking regulation with the term “Basel Accord”. If companies want to raise capital on the money market, the financing conditions depend on the rating result of the lending bank, which evaluates the default risk of the borrower for the calculation. If a company operates a risk management system according to ISO 9001, the costs are reduced. On this page we will show you how you can secure financial resources for your organization by managing risks and thereby reducing the risk of tortious liability.


Reasons for risk management according to ISO 9001

The growing complexity of the market and the increasing pressure to succeed, combined with permanent change, often prompts companies to take ever greater risks. If a crisis then occurs, the cause is usually a so-called weakness in control, ie inadequate identification, analysis, monitoring and management of risks.

Risks can arise from external factors that affect what happens in the company and influence decisions in the company, such as:

Legislation and case law:

product liability, environmental protection, commercial law, etc.

Social developments:

change in purchasing behavior, political behavior

Macroeconomic developments:

price and income development, population development, etc.


events : competitive pressure, drop in demand, falling prices, buyer claims, etc.


Internal factors as sources of risk

In addition to the above-mentioned external reasons, there are also a number of internal factors that can be identified as sources of risk in the company, such as:


  • Technology: Plant condition and security
  • Product design: product quality and safety
  • Sales organization: product policy, drafting of contracts
  • Information management: information technology, communication
  • Capital base: capital structure and liquidity
  • Personnel: qualifications and motivation
  • Corporate culture: politics and leadership


Risk management according to ISO 9001 raises awareness with a view to the context

When looking at the external and internal factors that lead to risks, it is immediately apparent that DIN EN ISO 9001 also considers these criteria to be relevant. The determination of the context in the sense of the 2015 revision leads us directly to the risk factors of a company with internal and external issues. According to the note in subsection 4.1 of the standard, the understanding of the context can be promoted by considering the internal and external issues shown in the graphic on this page. In order for these aspects to be internalized in the company and implemented in appropriate planning and actions, an organizational development process is required that includes all employees as possible in an intensive communication process.

External issues

  • legal environment
  • Technical environment
  • competitive environment
  • market-related environment
  • cultural environment
  • Economic Environment

Internal issues

  • values
  • Culture
  • knowledge
  • Performance of the organization