COSO has announced its intention to review its 2004 ERM Framework and has already started soliciting feedback. Broadly panned by the Risk fraternity, I believe it can provide a valuable contribution to the GRC landscape. Although I expect critics from both sides (COSO & ISO 31000), here are my recommendations. Continue reading
Confusion surrounding ISO 9001 has caused many organizations across the globe untold troubles. The upcoming revision of ISO 9001, due later this year, offers yet another source of confusion: the concept of risk-based thinking (RBT). Some are responding to this new requirement with suggestions for companies to use risk assessment tools to provide (easy?) evidence of risk-based thinking. Continue reading
This is what I think of the changes in ISO 9001:2015.
The key differences in ISO 9001:2015 is the requirement to use risk-based tools (e.g., Reference standard ISO 31000-2009 [Risk Management-Principles & Guidelines] to pre-determine any hazards & their associated mitigation, reduction and/or mitigation for each of the 2015 ten clause requirements.
Continue reading
In 1987, when the ISO 9000 family was originally released, the ISO 9000 (the document) was fairly clear about the intended use of the standards. Despite this, organizations got the idea that THEY were the end users of ISO 9001. This mindset was so prevalent that it influenced later revisions of the standard, as its authors try to be responsive to customer feedback. This mindset is still prevalent today; a change in mindset would make many organizations’ experience with ISO 9001 much better. Continue reading
Many organizations, associations, and standards are going through disruptive change and innovation. We believe this is occurring in quality and even ISO 9001:2015.
So, what is disruptive innovation? Wikipedia defines ‘disruptive innovation’ as: Continue reading