The latest revision of ISO 9001 has done away with the preventive actionclause[1], which reads as follows:
“The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems. Continue reading
I’ve been working on an ISO 31000 book and am struggling to finish it. Why?
Well. ISO 31000 standard is 26 pages. And, my book has ballooned out to more than 26o pages. Do I have to say more?
One reason why my book is ten times longer than the standard is because ISO 31000 is a guideline that is open to interpretation and based on guidelines. Continue reading
First a confession. We say that we’ve been using ISO 31000 for a ten or so years.
Say what? ISO 31000 was developed in 2009. How can you been using the standard since 2006. OK, technically you’re right. But, we’ve been using AS/NZS 4360 since 2006. The Australian and New Zealand risk management standard was developed in 2004. Most importantly, ISO 31000 has a strong ‘look and feel’ to AS/NZS 4360. Continue reading
We have conducted hundreds of risk assessments in a number of sectors from homeland security to pension funds to Parks and Recreation departments. We have a number of hard lessons learned. These are some common mistakes we have made and seen: Continue reading
ISO 31K and COSO ERM are the two competing risk management frameworks? ISO 31K is the national standard for many countries. However, COSO ERM is the de facto risk standard for many global and publicly listed companies.
We have used both. There are differences. However, the similarities outweigh the differences. And, the critical question is:
So, can ISO 31000 and COSO ERM work together?
Yes. The COSO definition of control supports and reinforces ISO 9001:2015 control requirements, specifically both frameworks are: Continue reading