ISO 9001 Workshop on Process Mapping and Risk Planning

Workshop on Process
Mapping and Risk-Based

Quality Planning
Project on: ABC Company
Development of a
Quality Management June 26 - 27, 2018
System Certifiable to
ISO 9001:2015
Workshop Objectives
This workshop intends to:

Allow the participants to have an appreciation of the
“process approach” of ISO 9001.
Clarify the requirements of the standard with regard
to the risk-based thinking concept;
Discuss the activities within the organization where
the requirements on risks and opportunities can be
fulfilled.
2
Expected Outputs
The following outputs are expected:

Define ABC’s QMS Scope;
Establish ABC’s QMS Process Map;
Develop the template of ABC’s Quality Manual;
Documentation of the result of analyses on risks and
opportunities;
Initiate integration of actions to address risks and
opportunities on documented information (e.g.
procedures)
3
Course Outline
DAY 1
Terminologies on Process Approach
PDCA in Establishing a Quality Management System
Plan for the QMS
Work1: Establish ABC’s QMS Scope
Work 2: Establish PAQ’s QMS Process Map
DAY 2
Requirements of ISO 9001:2015 on Risks and Opportunities
Roles of Risks and Opportunities in Strategic Planning
Review of the Strategic Plans
Roles of Risks and Opportunities in Operational Planning
Work 3: Workshop on ROA
Presentation of Initial ROA and Critiquing
TOPIC 1. Module 1
Terminologies in Process Approach
Process
Set of interrelated or interacting activities that
use inputs to deliver an intended result.
Note: Whether the “intended result” of a process

is called output, product or service depends on
ISO 9000:2015
the context of the reference.

Output
Result of a process.
Product
Output of an organization that can be produced without
any transaction taking place between the organization
and the customer.
ISO 9000:2015
Service
Output of an organization with at least one activity
necessarily performed between the organization and
the customer.
Effectiveness
Extent to which planned activities are realized and
planned results are achieved.
Efficiency
Relationship between the result achieved and the
resources used.
ISO 9000:2015
Requirements of for Process Approach
5.1 Leadership and commitment

5.1.1 General
Top management shall demonstrate leadership and
commitment with respect to the quality
ISO 9001 Clause 5.1
management system by:

d) promoting the use of the process approach and
risk-based thinking
Process approach in QMS
Consistent and predictable results are achieved
more effectively and efficiently when activities
are understood and managed as interrelated
processes that function as a coherent system.
Section 2.3.4 of ISO 9000:2015
This International Standard employs the process

approach, which incorporates the Plan-Do-
Check-Act (PDCA) cycle and risk-based thinking.
Section 0.1 of ISO 9001:2015
PDCA in Major Clauses of ISO 9001:2015
Plan Do Check Act
4 9
5 6 7 8 10
Context of Performance and
Leadership Planning Support Operation Improvement
organization Evaluation
4.1 6.1 7.1

8.1 9.1 10.1
5.1 Resources
Understanding Leadership and
Actions to address Operational planning Monitoring, General
context risks and and control measurement,
commitment
opportunities 7.1.2 analysis and
People evaluation
4.2 8.2 10.2 Nonconformity
5.2
Interested parties Policy
6.2
7.1.3
Requirements for and corrective action
Quality objectives products and
Infrastructure 9.1.2
and planning services
4.3 Customer satisfaction
5.3
Scope Organizational roles, 7.1.4 8.3 10.3
6.3 Design and Continual
responsibilities and Environment for the
Planning of changes development for 9.1.3 improvement
4.4 authorities operation of processes
products and Analysis and
QMS services evaluation
7.1.5 8.4
Monitoring and Control of externally 9.2
measuring resources provided processes, Internal audit
products and
ISO/TC 176/SC 2/ N1282
7.1.6 services
Organizational 9.3
knowledge 8.5 Management review
Production and
7.2 service provision
Competence
8.6
7.3 Release of products
Awareness and services
7.4 8.7
Communication Control of
nonconforming
outputs
7.5
Documented
information 11
PDCA as tool for Improvement
Successful
organizations
have an
ongoing
focus on
improvement.
Relevant clauses: 5.1.1; 5.2.1; 10

TOPIC 1. Module 2
STEP 1. Understand the Context of the
Organization
Context of the
organization –
combination of internal
and external issues
that can have an
ISO 9001 Clause 4.1
effect on an
organization’s
approach to APPROACH IN
developing and DEVELOPING
AND ACHIEVING
achieving its OBJECTIVES
objectives.
Why Do We Need to Understand the
Context of the Organization?
To facilitate effective approach in setting and
achieving the goals and aspirations of the
organization (e.g. Vision, Objectives);
To facilitate effective approach in setting the
strategies of the organization (e.g. Strategic
ISO 9001 Clause 4.1
Directions, Quality Policy);

To determine the appropriate Scope of the
Quality Management System;
To facilitate determination of the risks and
opportunities that need to be addressed.
Step 1.1 Determine the Internal and External
Issues
Categories of Internal Issues Categories of External Issues
•Management •Economic (exchange rates,
•Performance of the inflation, credit availability)
organization •Social (unemployment rate,
•Structure of the organization education level, safety, holidays)
•Roles and responsibilities •Political (political stability, local
•Culture and values infrastructure, public investments)
ISO 9001 Clause 4.1
•Infrastructure •Technological (automation,

•Staff and management materials, equipment, environment-
capabilities friendly)
•Stability of workforce •Market (competition, market
•Employee needs and stability, supply chain relationships)
expectations •Statutory and regulatory
•Safety and security (government and non-government
•Financial viability requirements)
Step 1.2 Understand the Needs and
Expectations of Interested Parties
Interested Party – stakeholder; person or organization that can
affect, be affected by, or perceive itself to be affected by a decision
or activity.
Interested Parties Needs and Expectations

ISO 9001 Clause 4.2
Examples of Interested Parties
customers; employees and others
end users or beneficiaries; working on behalf of the
joint venture partners; organization;
franchisors; statutory and regulatory
authorities (local, regional,
owners of intellectual national or international);
property;
trade and professional
parent and subsidiary associations;
organizations;
local community groups;
owners, shareholders;
non‐governmental
bankers; organizations;
unions; neighboring organizations;
external providers; competitors.
Examples of Needs and Expectations
Secure Responsive
Stable Convenient working condition
Trustworthy Adequate incentives
Honest Effective implementation of
Prompt regulations
Efficient Service availability
ISO 9001 Clause 4.2
Vital Accessibility
Accurate Easy and orderly process
Timely Helpful and friendly staff
Automated Reliable
Modern Conscious of its role
Effectively managed
Why Do We Need to Understand the Needs
and Expectations of Interested Parties?
To have focus on establishing objectives and
performance indicators;
To determine the appropriate scope of the
quality management system;
To facilitate determination of the QMS planned
ISO 9001 Clause 4.2
results;
To facilitate determination of requirements
related to products and services;
Step 1.3 Establish the Scope of the QMS
ISO 9001:2015 Clause 4.3 Requirements on the

scope of the QMS:
shall be available and be maintained as
documented information.
shall state the types of products and services
ISO 9001 Clause 4.3
covered, and
provide justification for any requirement of this
International Standard that the organization
determines is not applicable to the scope of its
QMS.
Step 1.3 Establish the Scope of the QMS
When determining this scope, the organization

shall consider:
a) the external and internal issues;
b) the requirements of relevant interested parties;
c) the products and services of the organization.
ISO 9001 Clause 4.3
Why do we need to define the scope?
When an organization
seeks to have its QMS
certified to ISO 9001, it is
required to agree a
"scope of registration“
ISO 9001 Clause 4.3
with its certification body.

This will define the
processes to which the
organization's QMS is
applicable, and against
which it will be assessed.
QMS Scope in the Quality Manual
Contents of the Quality Manual is usually based on the
requirements of Clause 4.2.2 of the ISO 9001:2008 which
specifies:
The organization shall establish and maintain a quality

manual that includes
a) the scope of the quality management system, including
details of and justification for any exclusions,
b) the documented procedures established for the quality
management system, or reference to them, and
c) a description of the interaction between the processes of
the quality management system.
Sample Statement of the QMS Scope
in the Quality Manual
LRA’s QMS applies to all operations and processes

required to deliver “property registration services” in the
Central Office and in the Registries of Deeds. LRA’s QMS
covers the management, core and support processes of
the LRA and its Registries of Deeds as indicated in the
QMS Process Map.
LRA’s QMS satisfies the full range of requirements

specified by ISO 9001:2015 Standard with some
clarifications on the applicability of the clause identified
below:
ISO 9001:2015 Clause 8.3 – Design and Development of Products
and Services
LRA exists with the purpose to implement and protect the Torrens
system of land titling and registration, as well as registration of
transactions involving personal properties. As such, LRA is mandated
to issue decrees of registration and certificates of titles and register
documents, patents and other land transactions through its property
registration services.
The requirements in the provision of property registration services are

specified in LRA’s enabling laws and regulations. The responsibility
for the design and development of LRA’s services rests with the lead
organizations that crafted its enabling laws and regulations.
…
LRA claims that the requirements under ISO 9001:2015 Clause 8.3 –
Design and Development of Products and Services are not applicable
since the requirements of the services being offered by LRA are
derived from the provisions indicated in its enabling laws and
regulations.
To some extent, design and development initiatives manifest itself

through the planning and enhancement of LRA’s registration
operations and processes and therefore controls this according to ISO
9001:2015 Clause 8.1 – Operational Planning and Control”.
What are ABC’s Products and Services?
WORK1: Establish ABC’s QMS Scope
In establishing ABC’s QMS Scope, take into

account the following:
Products and services.
Mandate.
Purpose of the organization.
Context of the organization.
Requirements of relevant interested parties.
ISO 9001 requirements that are not applicable.
Step 1.4 Determine the Processes
Type Description
Management include processes needed for QMS
Processes (MP) planning, establishing policies, ensuring
communication, performance reviews by the
management, improvement of QMS
effectiveness and efficiency.
ISO 9001 Clause 4.4
Core Processes include all processes that provide the

(CP) desired outcomes of the organization
Support include all processes that are necessary to

Processes (SP) provide the resources needed for the
organization’s objectives and desired
outcomes
Process Sequence and Interaction
The requirements under clause 4.4,1b

4.4.1 Quality Management System and Its Processes
which require the organization to
The organization shall determine the processes needed for
the quality management system and their
determine the processes needed for the
application throughout the organization, and shall:
b) determine the sequence and interaction of these
QMS and determine their sequence and
processes;
interaction, can be described by creating
a system-level map of the organization’s
QMS processes.
See the samples on the next slides.
MANAGEMENT PROCESSES
Improvement Feedback
Strategic Planning Performance Review Internal Audit
Management Management
ORIGINAL REGISTRATION CORE PROCESSES

Verification & Projection Transmittal of Decree/OCT
Applicant’s Documents
Preparation of Decree/OCT
REGISTERING PUBLIC, LAND OWNERS, AGRARIAN REFORM

REGISTERING PUBLIC, LAND OWNERS, AGRARIAN REFORM
Docketing &
Publication Examination Authentication
SUBSEQUENT REGISTRATION Examination

Applicant’s Documents Encoding Releasing DECREES OF
Approval REGISTRATION,
Entry Printing
Payment Uploading
CERTIFICATES OF
TITLES
CHATTEL MORTGAGE REGISTRATION/UNREGISTERED LAND RECORDING
Applicant’s Documents Examination Releasing
Encoding
BENEFICIARIES
BENEFICIARIES
Entry Uploading
Payment Approval
PERSONAL PROPERTIES REGISTRATION

Registrant’s Documents Examination Uploading
Entry Releasing
Payment Approval
SUBDIVISION PLAN APPROVAL Plotting /

Scanning / Examination Releasing
Registrant’s Documents
Encoding REGISTERED TITLES
Entry Printing of Narrative AND DEEDS
Technical Description
Payment Approval
RECONSTITUTION – JUDICIAL/ADMINISTRATIVE Issuance

Transmittal to RD
Registrant’s Documents Plotting / Report
Examination
Entry Submission to
the Court
Encoding Reconstitution Order
Human Resource Outsourced Services

Info & Docu Mgt Financial Mgt Infrastructure Mgt Supplies Mgt Legal service
Mgt Mgt
SUPPORT PROCESSES
Sample QMS Process Map
ISO 9001 Clause 4
WORK2.1: ABC’s Organizational Structure
Department Functions
List down all ABC’s departments an describe their main functions

WORK2.2: ABC QMS Processes
MP CP SP
List down all ABC’s QMS Processes according to Type

WORK2.3: Map ABC’s QMS Processes
Participants are tasked to prepare a

“system-level map” showing the
sequence and interaction between
the processes of ABC’s QMS.
ISO 9001 Clause 4.4.1
This will become the basis for

documenting the Quality Manual of
ABC.
TOPIC 2. Module 1
What is Risk?
Risk – effect of uncertainty
An effect is a deviation from the expected – positive or negative.
Uncertainty is the state, even partial, of deficiency of information
related to, understanding or knowledge of, an event, its
consequence, or likelihood.
Risk is often characterized by reference to potential events and
consequences, or a combination of these.
Risk is often expressed in terms of a combination of the
consequences of an event (including changes in circumstances)
and the associated likelihood of occurrence.
The word “risk” is sometimes used when there is the possibility of
only negative consequences.
Risks and Opportunities
ISO 9000:2015 doesn’t have a standard

definition of “opportunity”
ISO 14001:2015 defines “risk” similar to ISO
9001:2015
ISO 14001:2015 defines “risks and opportunities”
as:
“potential adverse effects (threats) and
potential beneficial effects (opportunities)”
39
REQUIREMENTS FOR PLANNING FOR THE QMS
When planning for the quality management

system, the organization shall consider the
issues referred to in 4.1 - Understanding the
organization and its context
and the requirements referred to in 4.2 -

Understanding the needs and expectations of
interested parties
and determine the risks and opportunities that
need to be addressed
40
Why Do We Need to Understand the
Context of the Organization?
To facilitate effective approach in setting and
achieving the goals and aspirations of the
organization (e.g. Vision, Objectives);
To facilitate effective approach in setting the
strategies of the organization (e.g. Strategic
ISO 9001 Clause 4.1
Directions, Quality Policy);

To determine the appropriate Scope of the
Quality Management System;
Why Do We Need to Understand the Needs
and Expectations of Interested Parties?
To have focus on establishing objectives and
To determine the appropriate scope of the
quality management system;
To facilitate determination of the QMS planned
ISO 9001 Clause 4.2
results;
To facilitate determination of requirements
related to products and services;
Again on the Requirement of 6.1.1
When planning for the quality management

system, the organization shall consider the
issues referred to in 4.1 and the requirements
referred to in 4.2 and determine the risks and
opportunities that need to be addressed
The word “CONSIDER”
According to ISO 14001:2015, Annex 3 –

Clarification of Concepts:
The word “consider” means it is necessary to

think about the topic but it can be excluded;
whereas “take into account” means it is
necessary to think about the topic but it
cannot be excluded.
The word “DETERMINE”
According to ISO 14001:2015, Annex 3 –

Clarification of Concepts:
The word “determine” implies a discovery

process that results in knowledge.
Intent of 6.1.1
The intent of this subclause is to ensure that

WHEN PLANNING THE quality management
ISO/TS 9002:2016 Clause 6.1.1
system PROCESSES, the organization

determines its risks and opportunities and plans
actions to address them.
Its purpose is to prevent nonconformities,
including nonconforming outputs, and to
determine opportunities that might enhance
customer satisfaction or achieve an
organization’s quality objectives.
ROLE OF RISKS AND OPPORTUNITIES
IN STRATEGIC PLANNING
Context of Needs and
the expectations
organization of interested
(4.1) parties (4.2)
Planning for
the QMS
(6.1.1)
STRATEGIC OPERATIONAL
(6.1.2)
Performance
SWOT Planning
ROA
Strategic Controls
Tactics
Directions (4.4.1f, 8.1)
47
ISO/TS 9002:2016 Basis for SWOT
At the strategic level, tools such as Strengths,

Weaknesses, Opportunities and Threats analysis
(SWOT) and Political, Economic, Social,
Technological, Legal, Environmental analysis
(PESTLE) can be used.
Page 2 of the QMS – Guidelines for the Application of ISO 9001:2015
ELEMENTS FOR STRATEGIC PLANNING
Mission –
Vision – organization’s
aspiration of what purpose for
an organization existing as
would like to expressed by top
become as management
expressed by top
management
APPROACH
IN
DEVELOPING
AND
ACHIEVING
OBJECTIVES
Mission
Vision
Context of the organization Strategy – plan to
– combination of internal and achieve a long-term
external issues that can have Strategy
or overall objective
an effect on an organization’s
approach to developing and
achieving its objectives.
OBJECTIVES 49
SAMPLE MISSION & VISION STATEMENT
MISSION STATEMENT:
To engage in the general business of integrated
logistics and trading needed or required in
carrying out the business of the corporation.
VISION STATEMENT:
To be the preferred Filipino
integrated logistics company in
the Philippines by 2020 offering
efficient, progressive and
innovative solutions for all
logistics needs. 50
SAMPLE STRATEGIES FROM SWOT ANALYSIS
VISION: INTERNAL
To be the preferred Filipino STRENGTHS WEAKNESSES
integrated logistics •Owned Assets •Timescales, deadlines and pressure.
•Strategic Location •Continuity, supply chain robustness.
company in the Philippines •Quality Processes and Procedures •Decentralize sales to develop business
by 2020 offering efficient, •Manpower with in-depth knowledge in
logistics
progressive and innovative •Ability to raise long and short capital.
solutions for all logistics •CARE Certification (Safety, Health and
Environment)
needs.
OPPORTUNITIES S/O Strategies: W/O Strategies:
•Business Expansion and Continuation
•Modernization and upgrading of •Integrated approach in business
•New Markets (ASEAN Integration)
•New Technologies equipment and infrastructure development
•Partnerships •Guarantee exceptional services and •Strengthen global partnership and
•ISO 9001 Requirements for Human deliverables network.
EXTERNAL
Resource Development •Professionalize our people in terms

of learning and competency
development and values formation
THREATS S/T Strategies: W/T Strategies:
•Double standard in regulation
•Maintain a healthy and safe work •Benchmarking to close
•Global Recession
•Price War environment competitors
•Weather effects due to climate change.
•Occupational risks
51
SAMPLE STRATEGIC DIRECTIONS
STRATEGIC DIRECTIONS:
1. Modernization and upgrading of equipment and
infrastructure
2. Guarantee exceptional services and
deliverables
3. Integrated approach in business development
4. Professionalize our people in terms of learning
and competency development and values
formation
5. Strengthen global partnership and network.
6. Benchmarking to close competitors
7. Maintain a healthy and safe work environment
52
Alignment of Objectives with the
Strategic Directions
Strategic Direction
Example: Maintain a healthy and safe work environment
Objective
Example: Injury free workplace
Performance Indicator
Example: Percentage of safe personnel
Planned Result
Example: 100 Percent
Tactics
Example: Conduct awareness campaign
53
Why Align the Objectives with the Strategic
Directions?
Top management shall demonstrate

leadership and commitment with respect to the
quality management system by:
b) ensuring that the quality policy and quality
objectives are established for the quality

management system and are compatible with
the context and strategic direction of the
organization
54
REQUIREMENTS ON QUALITY OBJECTIVES
When planning how to achieve its quality

objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;

d) when it will be completed;
e) how the results will be evaluated.
55
Sample Annual Performance Plan
ANNUAL PERFORMANCE PLAN for YEAR 2018

MISSION: To engage in the general business of VISION: To be the leading integrated logistics
integrated logistics needed in carrying out the company in the Philippines by 2020.
business of the corporation.
STRATEGIC DIRECTION: Maintain a Healthy ACCOUNTABLE: Safety and Security
and Safe Work Environment Department
OBJECTIVE PERFORMANCE PLANNED QUARTER TACTICS
INDICATOR RESULT WHAT WHEN RESOURCES
Injury Free Percentage of safe 100% Conduct Daily (start on Snack for P20
Work Place personnel Toolbox 1st WD of per person
meetings January 2018)
Awareness February 5, Soft and
Seminar on 2018 Hardcopies of
Injury Free leaflets
Workplace
56
Sample Annual Performance Evaluation
PERFORMANCE EVALUATION for YEAR 2018

MISSION: To engage in the general business of VISION: To be the leading integrated logistics
integrated logistics needed in carrying out the company in the Philippines by 2020.
business of the corporation.
STRATEGIC DIRECTION: Maintain a Healthy ACCOUNTABLE: Safety and Security
and Safe Work Environment Department
OBJECTIVE PERFORMANCE PLANNED ACCOMPLISHMENT & PERFORMANCE RATING
INDICATOR RESULT
ACTUAL RESULT AR RR AVE Q AVE
Injury Free Percentage of safe 100%
Ja
94% 4 4 4
n
Work Place personnel 4
Mar Feb
97% 5 4.75 4.42
5
100% 5 4 4.5
Sample Evaluation Criteria
CRITERIA DESCRIPTION
ACHIEVEMENT RATING Measure of the extent to which
(AR) planned results are achieved.
REALIZATION RATING Measure of the extent to which

(RR) planned activities are realized within
the planned schedule
Sample Achievement Rating (AR) Scale
RATING
DESCRIPTION
NUMERICAL ADJECTIVAL
Performance met or exceeded the expectations. Actual result is at par or greater than
the planned result (i.e. ≥95%). Results that are either hit or miss (e.g. “zero accident”),
5 Outstanding
a hit will earn this rating. For those with threshold value , the positive deviation is 50%
away from the threshold.
Performance almost met the expectation. Actual result nearly fulfilled the planned
Very result. Performance met 85% to 94% of the planned target. For those with threshold
4
Satisfactory value , the positive deviation is within 49% to 11% away from the threshold.
Performance roughly hit the expectation. The department/unit generally meets most
planned results, but struggles to fully meet them completely. Performance met 75% to
3 Satisfactory
84% of the planned targets. For those with threshold value , deviation is within ±10%
Performance is noticeably less than expected. Performance only met 51% to 74% of
2 Unsatisfactory the planned targets. For those with threshold value , negative deviation is 11% to 49%
Performance failed to meet expectation. Performance failed to deliver most of the
target by 50% and below. Results that are either hit or miss, a miss will earn this
1 Poor
rating. For those with threshold value , negative deviation is 50% away from the
threshold.
Sample Realization Rating (RR) Scale
RATING
DESCRIPTION
NUMERICAL ADJECTIVAL
Done in advance or accomplished as planned without any pending issues. For a
5 Outstanding number of activities that must be done on a set time frame, 95% to 100% of the
activities were done as planned.
Accomplished as planned but with minor pending issues. For a number of activities
Very
4 that must be done on a set time frame, 90% to 94% of the activities were done as
Satisfactory planned.
Done on a later date but have not caused problems to the company or other
3 Satisfactory departments. For a number of activities that must be done on a set time frame, 80% to
89% of the activities were done as planned.
Delayed which caused minor problems to the company or other departments. Minor
problems can include noticeable inconvenience of affected departments (e.g. re-
2 Unsatisfactory scheduling, re-location, re-assignment, etc.) and may incur additional cost. Effects are
only felt within the organization. For a number of activities that must be done on a set
time frame, 51% to 79% of the activities were done as planned.
Delayed which caused considerable problems to the company. Considerable problems
can result to moderate costs to the company and inconvenience of the company’s
1 Poor customer. This may also cause noncompliance to regulatory requirements. For a
number of activities that must be done on a set time frame, below 50% of the activities
were done as planned.
Can ABC satisfy the Requirements through:
Strategic Performance Management

System?
Office Performance Commitment and
Review?
Individual Performance Commitment
and Review?
REVIEW ABC’S STRATEGIC PLANS
Let’s devote some time to review the

Strategic Plans and check whether:
Internal and external issues were
considered
Needs and expectations were
considered
ISO 9001 Clause 6.2
Risks and opportunities were

determined
Measurable objectives are determined to
support the strategic directions
ROLE OF RISKS AND OPPORTUNITIES
IN OPERATIONAL PLANNING
Context of Needs and
the expectations
organization of interested
(4.1) parties (4.2)
Planning for
the QMS
(6.1.1)
STRATEGIC OPERATIONAL
(6.1.2)
Performance
SWOT Planning ROA
Strategic Controls
Tactics
Directions (4.4.1f, 8.1)
63
REQUIREMENTS FOR ADDRESSING RISKS
AND OPPORTUNITIES ON PROCESSES
The organization shall plan:

a) actions to address these risks and
opportunities;
b) how to:
1) integrate and implement the actions into its quality

management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
64
Why do we need to Address Risks
and Opportunities?
Action Intention
Address risks to •prevent, or reduce, undesired
effects
•give assurance that the QMS can

achieve its intended results
Address •enhance desirable effects
opportunities to •achieve improvement
65
Requirements on Risks and Opportunities
Requirements for Risks & ISO During which process of
Opportunities (R&O) 9001:2015 the company’s establish
Clauses QMS.
Determine R&O when planning for 6.1.1 Strategic Planning and
QMS, consider 4.1 and 4.2. Operational Planning
Plan actions to address the 6.1.2a SWOT, Performance Planning
determined R&O and Risk/Opportunities and
Actions Analysis
Plan how to integrate and 6.1.2b.1 Establishing strategic directions,
implement actions to address R&O objectives, tactics and incorporate
into the QMS processes actions on procedures
Implement the actions to address 4.4.1f Implement actions on the
the R&O processes and those that are
specified in the procedures
Implement the actions to meet 8.1 Production and service provision
requirements for products/services
66
TOPIC 2. Module 2
Risks/Opportunities & Actions (ROA) Analysis
RISKS/OPPORTUNITIES & ACTIONS ANALYSIS
Process: Material Procurement Process Owner: Material Control Department
Interested Parties – Needs & Expectations: Internal & External Issues:
•Production Department – materials are available when needed •Single source provider per critical material
•Production Control Department – adequate time to process requests •High quality performance of suppliers i.e. minimal rejects
for materials •Low delivery performance of suppliers i.e. with delays
•Material Provider – on-time and accurate purchasing information (e.g. •Good IT infrastructure i.e. connectivity
POs)
Opportunities that can Actions to Address Risks & Opportunities

Process Planned Risks that can adversely
beneficially affect the
Results affect the planned result Additional Controls
planned result Existing Controls
(by and when)
Needed materials Requests for materials are Requests for materials must No further action.
are available on sent with less time to be submitted a month earlier
time prepare (i.e. ASAP) than the next month’s
production
Automate ordering of Ordering of materials is Have an electronic stock
materials for triggered by submission of monitoring program that
replenishment requests automatically prompts for
initiating ordering of materials.
(Materials Director on
12/27/17) 68
Process: Process Owner:

(by and when)
Specify the QMS process or sub-process (i.e. management, core or

support) to be analyzed.
69

(by and when)
Describe the function that has accountability of the QMS process or

sub-process
70

(by and when)
Interested parties can include the end-user, customer, function on the next process,
external provider, process owner or any entity that can affect and/or be affected by the
results of the process.
Needs and expectations can be stated, generally implied or obligatory.
The “needs and expectations” can serve as basis for identifying the “planned results”. 71

(by and when)
A.k.a context of the organization.

Issues can serve as basis for determining risks and opportunities.
Internal issues to consider include performance of the organization, resources, knowledge,
capability, management, culture and values, strengths and weaknesses, etc.
External issues to consider include technology, regulatory, economy, competition, social,
environment, external resources, etc. 72

(by and when)
The planned results should be aligned with the “needs and expectations”
The planned results should support the achievement of the process objectives or the function’s
MFOs and form the basis for the procedures expected outputs.
Results should be verifiable. Concrete evidence should support the attainment of the planned
results. 73
Planned Results into Expected Outputs

(by and when)
Can be described as the manner in which the requirements of the process could be prevented from
fulfillment.
Risks can lead to non-fulfillment of a requirement (i.e. nonconformity)
Situation that will hinder achievement of the planned results/outputs.
Risks contributes to the “opposite” of the planned results/outputs (i.e. nonconforming outputs)
75
Consider risks during normal, abnormal and emergency situations.

(by and when)
Set of circumstances which makes it possible to enhance desirable effects that could
enhance customer satisfaction or achieve improvement.
Opportunities, as exploitable circumstances, are to be translated into concrete actions
(Additional Controls column).
Opportunities can stem from risks. If this is the case, put the opportunity in the same row
76
with the risk.

(by and when)
Define the existing actions or controls that prevent, detect, correct, contain or
mitigate risks.
Actions should be defined in a concrete manner and should be verifiable.
In case there is an identified opportunity, describe the existing action or control
that is subject for improvement . 77

(by and when)
The analyst may opt to do a “reverse analysis” approach (i.e. describe first the
Existing Controls then work back to identify the risks being controlled
Actions entered into this column should be reflected into the documented
procedures, as applicable.
78

(by and when)
Actions should be preventative in nature to eliminate or reduce the likelihood of the occurrence of
risks including its consequences/effects.
Identified actions should become part of the controls or planned arrangements of the process or
procedure.
Can trigger revision of procedures. Must have target dates and assigned person/function.
Actions should be defined in a concrete manner and should be verifiable. 79
•Production Department – materials are available when needed •Single source provider per critical material
•Production Control Department – adequate time to process requests •High quality performance of suppliers i.e. minimal rejects
for materials •Low delivery performance of suppliers i.e. with delays
•Material Provider – on-time and accurate purchasing information (e.g. •Good IT infrastructure i.e. connectivity
POs)

(by and when)
production
12/27/17) 80
TOPIC 2. Module 3

opportunities;
b) how to:

82
Requirements to Integrate and Implement
Actions Into the QMS Processes
Clause Requirement
6.1.2b.1 The organization shall plan how to integrate and
implement the actions into its quality management
system processes (see 4.4)
4.4.1f The organization shall determine the processes needed
for the quality management system and their application
throughout the organization, and shall address the risks
and opportunities as determined in accordance with the
requirements of 6.1
8.1 The organization shall plan, implement and control the
processes (see 4.4) needed to meet the requirements for
the provision of products and services, and to implement
the actions determined in Clause 6
Actions into Controls in the Procedure
TOPIC 2. Module 4

opportunities;
b) how to:

86
Risks and Opportunities Processes
Requirements for Risks & ISO During which
Opportunities (R&O) 9001:2015 process of the
Clauses company’s
establish QMS.
Plan how to evaluate the 6.1.2b.2 Performance Evaluation,
effectiveness of actions to address Internal Audit
R&O
Analyze and evaluate appropriate 9.1.3e Performance Evaluation,
data and info in order to evaluate the Internal Audit
effectiveness of actions taken to
address R&O
Review the QMS while taking into 9.3.2e Management Review
consideration the effectiveness of
actions taken to address R&O
If necessary, when NC occurs, update 10.2.1e Corrective Action (CA) on
R&O determined during planning Nonconformities
Definition of EFFECTIVENESS
“extent to which planned activities are realized and
planned results are achieved”
- 3.7.11 of ISO 9000:2015
Planned activities are realized

EFFECTIVENESS Planned results are achieved
Process
Set of interrelated or
interacting activities
INPUTS that use inputs to OUTPUTS
deliver an intended
result.
- 3.4.1 of ISO 9000:2015
Processes in an organization are generally planned and

carried out under controlled conditions to add value.
What the Auditors should look for in a process?
As per 4.4 QMS and its processes, a process

must:
have the required inputs and expected outputs;
have applied criteria and methods;
have monitoring, measurement and related
have the needed resources (e.g. people, infrastructure,
environment);
have assigned responsibilities and authorities;
89
What the Auditors should look for in a process?
As per 4.4 QMS and its processes, a process

must:
have actions to address the identified risks and
opportunities;
be evaluated and implement any changes needed to
achieve the intended results;
be improved;
to the extent necessary, maintain and/or retain
documented information to support its effective
operation;
be in accordance with the requirements of ISO 9001.
90
Process Map (i.e. Turtle Diagram)
Controls and Actions:
Resources:
•To address risks and opportunities
•People
•To achieve planned results,
•Infrastructure
including changes
•Environment
•To external providers
•Monitoring and measuring
•To deal with nonconforming
•Organizational knowledge
outputs
Inputs:
•Interested parties needs and Outputs:
expectations Realization of •Evidence of achieving the
•Voice of the process planned/intended results
Planned
•Information •Objective of the process
•Materials Activities
•Requirement of the next process
•Output of preceding process
Criteria and Method: Monitor, Measure & Analyze:

•Planned activities and planned •Measures of effectiveness and
arrangements efficiency
•Documented information •Retained documented information
(procedures, instructions, •Indicators of performance and of
standards, manuals, etc.) continual improvement
•Input and output criteria 91
Where to Look for to Evaluate Effectiveness?
(by and when)
production
12/27/17)
Planned activities are realized

EFFECTIVENESS Planned results are achieved 92
Sample Assessment of Effectiveness
of Actions on Internal Audit
AUDITOR’S NOTES
Criteria to be Checked Observed Evidence Audit Findings
(what must be happening) (what is actually happening) (C or NC)
Define the requirements that must be satisfied. Describe your observations on the extent of Record the result of the evaluation of the
(i.e. customer, regulatory, product, service, conformance with the specified requirements that observed evidence against the sampled
process, international standard requirements, must be satisfied, including the extent of criteria. Identify opportunity for
including planned results and actions to achievement of the planned results and realization of improvement, if the audit finding warrants
address risks and opportunities) planned activities. it. If there’s any, describe good practices
worth noting.
Requests for materials Review of the following NC
must be submitted a MRs:
month earlier than the •MR001 dated 8/16/15,
next month’s production •MR003 dated 8/23/15,
(i.e. in the 1st week of •MR005 dated 8/30/15, etc.
each month) clearly indicates that the
specified requirement
(see 5.1.1 of Material wasn’t being followed
Procurement Procedure)
Management Review Inputs/Outputs
INPUTS
Status of actions from
previous reviews
Changes in internal an
external issues
Info on the performance and
effectiveness of QMS OUTPUTS
Customer feedback Decisions and actions
Quality objectives related to:
Process performance Opportunities for
Analyze Decide Act
Product/service improvement
conformity
Any need for
Status of CA
Results of monitoring /
changes to QMS
measurement Resources needs
Results of audits
External providers
performance
Needed resources
Effectiveness of actions to
address risks and opportunities
Opportunities for improvement 94
Sample Review of Effectiveness of
Actions on Management Review
PROCESS RISKS / ADDITIONAL ACTION TAKEN REMARKS
OPPORTUNITIES CONTROLS (by and when)
(O / R) (by and when)
Material O - Automate ordering Have an electronic An MS Excel Apply the program
Procurement of materials for stock monitoring program was to indirect supplies
replenishment program that developed to stocks (non-
automatically electronically warn production).
prompts for the Material Coordinate with
initiating ordering of Director once the Administration
materials. remaining stock is Director
(Materials Director already below the
on 12/27/17) re-ordering level.
(Material Director
with IT
Programmer,
11/30/17)
WORK3: Risks/Opportunities & Actions
Analysis
Using the Risks/Opportunities & Actions Analysis

form, participants are to list down at least two (2)
planned result of their relevant process and
determine the:
Risks that can adversely affect the planned results;
Opportunities that can beneficially affect the planned
results;
Existing controls;
Additional controls.
Present the outputs for critiquing.
TO ALL PARTICIPANTS…

ISO 9001 Workshop on Process Mapping and Risk Planning

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO 9001 Workshop on Process Mapping and Risk Planning

Uploaded by

Copyright:

Available Formats

Workshop on Process

Mapping and Risk-Based

This workshop intends to:

The following outputs are expected:

Note: Whether the “intended result” of a process

the context of the reference.

5.1 Leadership and commitment

management system by:

This International Standard employs the process

4.1 6.1 7.1

Relevant clauses: 5.1.1; 5.2.1; 10

Directions, Quality Policy);

•Infrastructure •Technological (automation,

Interested Parties Needs and Expectations

ISO 9001:2015 Clause 4.3 Requirements on the

When determining this scope, the organization

with its certification body.

The organization shall establish and maintain a quality

LRA’s QMS applies to all operations and processes

LRA’s QMS satisfies the full range of requirements

The requirements in the provision of property registration services are

To some extent, design and development initiatives manifest itself

In establishing ABC’s QMS Scope, take into

Core Processes include all processes that provide the

Support include all processes that are necessary to

The requirements under clause 4.4,1b

ORIGINAL REGISTRATION CORE PROCESSES

REGISTERING PUBLIC, LAND OWNERS, AGRARIAN REFORM

SUBSEQUENT REGISTRATION Examination

PERSONAL PROPERTIES REGISTRATION

SUBDIVISION PLAN APPROVAL Plotting /

RECONSTITUTION – JUDICIAL/ADMINISTRATIVE Issuance

Human Resource Outsourced Services

List down all ABC’s departments an describe their main functions

List down all ABC’s QMS Processes according to Type

Participants are tasked to prepare a

This will become the basis for

ISO 9000:2015 doesn’t have a standard

When planning for the quality management

and the requirements referred to in 4.2 -

Directions, Quality Policy);

When planning for the quality management

According to ISO 14001:2015, Annex 3 –

The word “consider” means it is necessary to

According to ISO 14001:2015, Annex 3 –

The word “determine” implies a discovery

The intent of this subclause is to ensure that

system PROCESSES, the organization

At the strategic level, tools such as Strengths,

Resource Development •Professionalize our people in terms

Top management shall demonstrate

objectives are established for the quality

When planning how to achieve its quality

c) who will be responsible;

ANNUAL PERFORMANCE PLAN for YEAR 2018

PERFORMANCE EVALUATION for YEAR 2018

Injury Free Percentage of safe 100%

REALIZATION RATING Measure of the extent to which

Strategic Performance Management

Let’s devote some time to review the

Risks and opportunities were

The organization shall plan:

1) integrate and implement the actions into its quality