All good quality management efforts, including those following and/or in compliance with the ISO 9001 Quality Management Systems Standard, include an emphasis on risk management and the Plan-Do-Check-Act (PDCA) cycle for continuous improvement.
In this article, we give a brief introduction to risk management and the PDCA cycle and their relation to quality assurance and quality management.
And don't leave without downloading the free PDCA Cycle infographic from the bottom of this article!
Here's how the ASQ/ANSI/ISO 9001:2015 Quality Management Systems-Requirements standard explains the influence of risk management and the PDCA cycle for continuous improvement in quality management:
This international standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.
The process approach enables an organization to plan its processes and their interactions.
The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.
Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise...
Source: 9001: 2015, Introduction, 0.1 General
So to help you with your quality management efforts, let's look at brief overviews of risk-based thinking and the PDCA cycle.
Before we talk about risk-based thinking and risk management, it helps to know what we mean by risk. For that, let's turn to the ISO 31000-2018 Risk Management-Guidelines standard, which defines risk this way:
Risk is risk as the “effect of uncertainty on objectives” and notes that “(a)n effect is a deviation from the expected.”
So you see that by this definition, risk has both positive and negative connotations since it's all about uncertainty as we pursue our objectives and changes from what's expected. A change can be good, or a change can be bad. Changes can present hazards, threats, and costs, but changes can also present opportunities, benefits, and rewards.
We cover this issue more in our Risk Management Basics: What Is Risk? article.
Once you've got a handle on what risk is, you can begin thinking of risk management. Again according to ISO 31000, risk management involves risk assessment--which itself can be broken down into risk identification, risk analysis, and risk evaluation--risk treatment, and monitoring and review.
Risk management can be applied to quality but to any other part of your organization as well--finance, supply chain, human resources, safety, and more.
The Plan-Do-Check-Act (PDCA) cycle is associated with Shewhart and Deming (there's a long story there...download our free PDCA cycle infographic below for the story) and it's a four-step process for carrying out and evaluating the effects of change. It's frequently used in quality management, lean manufacturing, project management, and other fields.
The four steps of the PDCA cycle are:
The PDCA cycle is designed to be used in an iterative manner, meaning you do it again and again to create a virtuous cycle of continuous improvement.
We hope you enjoyed this article on the importance of risk-based thinking and the PDCA cycle for change and continuous improvement informative and we invite you to check out and keep up with other articles, past and forthcoming, in our ongoing Quality Management Basics series.
Feel free to let us know if you need some help with training for quality and quality management, including (but not limited to) training solutions for the food and beverage industries and cGMP.