Since the world tumbled in the wake of the pandemic, I have been wondering how much of the damage could have been avoided if companies adopted true risk-based thinking. No, I do not have the answer. Confusion, disappointment, maybe frustration spin in my head.

I have seen businesses investing thousands of dollars into ISO certification schemes. The new risk-based approach was supposed to be a game-changer.

The revised standard requires an organisation to determine the risks and opportunities to processes, products and services, as well as to the quality management system (QMS) overall, and to take proportionate action to address them.

Source: quality.org

The real question is, how far should the organisation go when determining risks and opportunities?

Risk is defined as “the effect of uncertainty” on an expected result. 

Source: quality.org

Today in light of the pandemic, it’s hard to see if and how ISO risk-based thinking could have helped. The scale of the challenge is disproportional to the effort most put into the implementation of ISO 9001.

Are we expecting too much from the ISO standards? Do we hide behind the certificate hoping for the best?

I want to hear your thoughts on this.