#103 – CONSULTANT QUESTIONS FOR ISO 9001: 2015 TRANSITION – GREG HUTCHINS

Greg Hutchins pixConsultants are going to be challenged with Risk Based Thinking and risk requirements in ISO 9001:2015.  Why?  Most ISO management system consultants are not risk consultants or understand RBT.  RBT and risk based auditing are so new that most ISO management system consultants have not done a risk based, process, and effectiveness audit.  

Consultants will have to address:

  • How do consultants who have read a lot about risk management, but have little real life application provide risk advice?
  • How do consultants who know ISO management system standards, learn RBT, risk assessment, and even risk management?
  • How do consultants learn different risk management frameworks, such as ISO 31000, COSO, and NIST 800 – 37?
  • How will consultants learn how to apply RCMM, system of controls, ISO 31000, and COSO if they have never done risk?
  • How will consultants learn about GRC or ERM statutes and their requirements?
  • How will consultants assist a company conduct a FMEA, but do not have the enterprise, business unit, or process risk perspective?
  • How will consultants learn to conduct Value Added Audits, such as Yellow Book or Red Book assessments?
  • How will consultants learn new risk management paradigms beyond Deming, Crosby, Feigenbaum, etc?
  • How will consultants apply COSO or ISO 31000 with ISO certified companies?
  • How will ISO consultants learn the language of GRC, ERM, etc.?
  • How will RBT and risk impact quality organizations?
  • How will quality consultants reengineer quality organizations to RBT and higher levels of RCMM?
  • How will QMS consultants learn risk treatment and control strategies, which are often more art than technology?
  • How will consultants develop a business case for ISO 9001:2015 certification, when many do not understand RBT?
  • How will consultants architect, design, deploy and assure risk frameworks for certified organizations?
  • How will consultants who may understand the technical nature of risk assessment, understand more nuanced concepts such as materiality, reasonableness, due diligence, opinions, etc.
  • How will QMS consultants with a product or transactional perspective in their quality background address 1. Enterprise level; 2. Programmatic/Project/Process level; or 3. Product/Transactional level risks?
  • How will quality consultants communicate operational and supply management risks to C level executives?

Lesson Learned:  Do your due diligence.  Interview your ISO management systems consultants carefully since many are now risk experts.  Develop a standard questionnaire and rate them based on answers to the questions.  Check with their previous clients about their risk experience.  If you are in doubt, keep shopping until you find the consultant that meets your requirements.

Bio:

Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com)  is the founder of:

CERMAcademy.com
800Compete.com
QualityPlusEngineering.com

WorkingIt.com

He is the evangelist behind Future of Quality: Risk®.  He is currently working on the Future of Work and machine learning projects.

He is a frequent speaker and expert on Supply Chain Risk Management and cyber security.  His current books available on all platform are shown below:

Leave a Reply

Your email address will not be published. Required fields are marked *