Currently many organizations are already implementing ISO 9001: 2015. One of the improvements in the ISO 9001 version is with the approach of risk and opportunity. How the auditor of the certification body adapts and conducts audits that involve risks. This will be discussed later in this article.
Auditors must be flexible when auditing a QMS for conformity to ISO 9001:2015’s risk-based thinking. There are no requirements in the standard for a risk management process or methodology, so auditors have been concerned that auditing a QMS will be difficult. Let’s examine the standard’s planning process for organizations. Following are some of questions auditors can ask when auditing a QMS:
- Does the organization identify internal and external issues as they relate to the context of the business? (Clause 4.1)
- Has the organization identified relevant interested parties as they relate to the context of the business? Has the organization understood the interested-party expectations? (Clause 4.2)
- Has the organization used the issues developed in the context and in the needs and expectations of the interested parties when planning for the organization? (Clause 4.3)
- Has the organization identified the risks and opportunities as they relate to the organization achieving its intended results, i.e., goal and objectives? (Clause 6)
- Has the organization identified the actions to address the risks and opportunities?
- Is the organization meeting its goals and objectives, i.e., is it improving?