You may think that you grasp the idea of risk and ISO management; but as you study risk in greater depth, you begin see it as a word of many colors.  Here’s an example from ISO 19011:2011.  It says that ISO management system auditors need to realize the risk associated with auditing.  This includes the risk that comes with the audit program and auditing risk.  In other words, there is a risk that the auditors are looking for and there is risk that comes in the process of doing the audit. Continue reading →