With the release of the Final Draft of ISO9001:2015 this week and its focus on risk-based Compliance Management, I thought I would share our approach to Risk-Based Auditing from our experience with the likes of Defence Aviation and the Australian Quarantine Inspection Service, both leaders in the field. Continue reading
Both Quality Auditing and the Internal Auditing professions use the term ‘internal auditing.’ To avoid confusion, we usually differentiate between the two by using the terms ‘Quality Auditing’ and ‘Internal Auditing.’ Continue reading
Yes, ISO 31000 is an ERM System.
But, in ISO 31000 terms ERM stands for ‘Enhanced Risk Management’, which is the standard’s equivalent to Enterprise Risk Management.
ISO 31000 Annex A describes the ‘Attributes of Enhanced Risk Management,’ which is the ERM equivalent for ISO 31000. Continue reading
Enterprise Risk Management (ERM): is a process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of a risk to an organization. It expands beyond a daily run of the mill operational management! A true ERM program will have its scope expand to strategic, financial, reputational, human resource and business continuity as well as operational and legal risks. Continue reading
Yes. The COSO definition of control supports and reinforces ISO 9001:2015 control requirements, specifically both frameworks are: