本帖最後由 hlperng 於 2019-10-4 19:07 編輯
Risk-Based Thinking in ISO 9001:2015 (ISO 9001:2015 版的風險為基思維)
國際標準化組織 (ISO) 發行的 2015 年版的 ISO 9001:2015,其主要改版精神之一為以風險為基礎,採用互動式 (proative) 取代過去被動式 (reactive) 預防行動 (preventive action) 的管理概念,稱之為「風險為基思維」 (risk-based thinking)。 國際標準化組織第 176 技術委員會第 2 分技術委員會 (ISO/TC 176/SC 2) 在 2015 年間發行三份內容相同的通知文件 (ISO/TC 176/SC 2/N1222、N1269、及 N1284) 說明此一「風險為基思維」的意義,熟知其說明,將有助於組織的品質管理系統對於此一概念導入的理解,以及尋求 ISO 9001:2015 版外稽單位進行認證時,能夠順利通過改版認證。
此一通知文件的中英文對照如下:
1. Purpose of this paper 1. 本文之目的
- to explain risk-based thining in ISO 9001
- 解釋 ISO 9001:2015 版有關風險為基的思維
- to address perceptions and concerns that risk-based thinking replaces the process approach
- 說明風險為基思維取代過程方法的觀點與關注項目
- to address the concern that preventive action has been removed from ISO 9001
- 說明從 ISO 9001 去除預防行動的關注項目
- to explain in simple terms each component of risk-based thinking
- 以簡單的名詞解釋風險為基思維的每一項元素
2. What is risk-based thinking 2. 何謂風險為基思維
One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to considering risk, rather than treating "prevention" as a separate component of a quality management system.
ISO 9001 2015 版主要變更之一為建立一套系統性方式來考量風險,而不是將「預防」當作品質管理系統的獨立元素。
Risk is inherenent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system.
風險為品質管理系統所有面向中固有的項目,所有的系統、過程與功能都存在著風險。風險為基思維確保在品質管理系統的整個規劃與使用過程中,可以識別、考量與控制所有的風險。
In previous editions of ISO 9001, a clause on preventive actoin was separated from the whole. By using risk-based thinking the consideration of risk is integral. It becomes proactive rather than reactive in preventing or reducing undesired effects through early identification and action. Preventive actioin is built-in when a management system is risk-based.
過去 ISO 9001 的幾個版本中,預防行動條款從整體中分離開成為獨立的章節。應用風險為基思維,則是整體的考量風險議題。在透過對於風險項目的早期識別並採取行動,以預防或降低不必要效應的時候,是採取互動的方式、而不是被動的方式。當管理系統是風險為基時,預防行動是內建的項目。
Risk-based thinking is something we all do automatically in everyday life.
風險為基思維是我們在每天的日常生活中,都會自動執行的事情。
Example: If I wish to cross a road I look for traffic before I begin. I will not step in front of a moving car.
範例:當我想過馬路時,在起步前我會觀看周邊的交通狀況,不會冒然衝到行駛中的車子前面。
Risk-based thinking has always been in ISO 9001 - this revision builds it into the whole management system.
風險為基早就存在於 ISO 9001 之中,此次改版將之建構在整個管理系統之中。
In ISO 9001:2015 risk-based thining needs to be considered from the beginning and throughout the system, making preventive action inherent to planning, operation, analysis and evaluation activities. 在ISO 9001:2015 版,從開始到整個系統的過程,都必須考量風險為基思維,在規劃、運作、分析與評估的固有作業中採取預防行動。
Risk-based thinking is already part of the process approach.
風險為基思維早已是過程方式的一部分。
Not all the processes of a quality management system represent the same level of risk in terms of the organization's ability to meet its objectives. Some need more careful and formal planning and controls than others.
當以組織能力衡量是否滿足其目的時,品質管理系統的每一過程的風險水準並不一定相同,有的過程比其他過程需要更仔細與正式的規劃和控制。
Example: To across the road I may go directly or I may use a nearby footbridge. Which process I choose will be determined by considering the risks.
範例:穿越馬路,我可能直接穿越或者使用附近的行人天橋。我將根據風險考量,決定選擇那一項過程。
Risk in commonly understood to have only negative consequences; however the effects of risk can be either negative or positive.
風險一般認知只有負面後果;不過風險的效應可以負面的、也可能是正面的。
In ISO 9001:2015 risks and opportunities are often cited together. Opportunity is not the positive side of risk. An opportunity is a set of circumstances which makes it possible to do something. Taking or not taking an opportunity then presents different levels of risk.
在 ISO 9001:2015 年版,風險與機會通常是相提並論,機會不一定是風險的正面意義。機會是執行某件事的所有可能狀況的集合體,把握或不把握機會存在著不同的風險水準。
Example: Crossing the road directly gives me an opportunity to reach the other side quickly, but if I take the opportunity there is an increased risk of injury from moving cars.
範例:直接穿越馬路,可以帶來快速抵達馬路另外一邊的機會,但是我若採取此一機會,將會增加被行駛中車輛撞傷的風險。
Risk-based thinking considers both the current situation and the possibilities for change.
風險為基思維同時考量現有狀況和變更的機率。
Analysis of this situation shows opportunities for improvement:
- a subway leading directly under the road,
- pedestrian traffic lights, or
- diverting the road so that the area has no traffic.
這些現況的分析顯示改進的機會:
- 走行人地下道,
- 依照行人交通號誌,或
- 改走道路中沒有交通狀況的區域。
4. Where is risk addressed in ISO 9001:2015 4. ISO 9001:2015 版中強調風險之處為何
The concept of risk-based thinking is explained in the introduction of ISO 9001:2015 as an integral part of the process approach.
在 ISO 9001:2015 版簡介解釋,風險為基思維的概念,是過程方式整體的一部分。
ISO 9001:2015 uses risk-based thinking in the following way:
ISO 9001:2015 版考量風險為基思維之處說明如下:
Introduction - the concept of risk-based thinking is explained.
簡介 - 解釋風險為基思維
Clause 4 - the organization is required to determine its QMS processes and to address it risks and opportunities
第 4 章:組織必須決定品質管理系統過程,並且說明其風險與機會。
Clause 5 - top management is require to
- Promote awareness of risk-based thinking
- Determine and address risks and opportunities that can affect product/service conformity
第 5 章:高層管理必須- 促進風險為基思維的認知
- 決定及強調影響產品與服務符合性的風險與機會
Clause 6 - the organization is required to identify risks and opportunities related to QMS performance and take appropriate actions to address them
第 6 章:組織必須識別與品質管理系統性能有關的風險與機會,並採取處理這些項目適切的行動項目。
Clause 7 - the organization is required to determine and provide necessary resources (risk is implicit whenever "suitable" or "appropriate" is metioned)
第 7 章:組織必須決定與提供必要的資源(當條文提到「適用時」或「合適時」等字眼時,表示這些過程隱含著風險)
Clause 8 - the organization is required to manage its operational processes (risk is implicit whenever "suitable" or "appropriate" is mentioned)
第 8 章:組織必須管理其運作過程(當條文提到「適用時」或「合適時」等字眼時,表示這些過程隱含著風險)。
Clause 9 - the organization is required to monitor, measure, analyse and evaluate effectiveness of actions taken to address the risks and opportunities
第 9 章:組織必須監視、量測、分析與評估處理風險與機會所採取行動項目的有效性。
Clause 10 - the organization is required to correct, prevent or reduce undesired effects and improve the QMS and update risks and opportunities
第 10 章:組織必須改正、預防或降低不必要的效應,以及改進品質管理系統和更新其相對應的風險與機會。
5. Why use risk-based thinking? 5. 為何使用基於風險思維?
By considering risk throughout the system and all processes the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product or service.
在整過系統與所有過程中考量風險,可以改進達到規定目的的可能性,產出結果更一致,而且顧客對於接收到期望的產品或服務更具信心。
Risk-based thinking: (風險為基思維)
- improves governance (改進治理)
- establishes a proactive culture of improvement
- 建立互動式改進文化
- assist with statutory and regulatory compliance
- 協助法令與規章的符合性
- assures consistency of quality of products and services
- 確保產品與服務品質的一致性
- improves customer confidence and satisfaction
- 改進顧客信心與滿意度
Successful companies intuitively incorporate risk-based thinking.
成功的公司都是直覺地導入風險為基思維。
6. How do I do it? 6. 我要如何作?
Use risk-based thinking in building your management system and processes.
在建構自己的管理系統與過程時,使用風險為基思維。
Identify what your risks are - it depends on context
識別自己的風險為何 - 它與情境有關
Example: If I cross a busy road with many fast-moving cars the risks are not the same as if the road is small with very few moving cars. It is also necessary to consider such things as weather, visibility, personal mobility and specific personal objectives.
範例:
當我穿越一條許多快速行駛的忙碌馬路與一條很少車子行駛的馬路時,它們的風險是不一樣的,而且還必須考量其他因素,例如:天候、視覺性、人員運動性和特殊人員標的。
Understand your risks 瞭解自己的風險
What is acceptable, what is unacceptable? What advantages or disadvantages are there to one process over another?
那些風險可以接受、那些不能接受?相對於其他過程,該過程有何優點或缺點。
Example:
Objective: I need to safely crosss a road to reach a meeting at a given time.
- It is UNACCEPTABLE to be injured.
- It is UNACCEPTABLE to be late.
範例:
目的:我需要安全地穿越過馬路以便在規定的時間參加一項會議
Reaching my goal more quickly must be balanced against the likelihood of injury. It is more important that I reach my meeting uninjured than it is for me to reach my meeting on time.
更快速地達成目標必須和受傷的可能性達到均衡,沒有受傷地抵達會議場所、可能比準時抵達會議場所更重要。
It may be ACCEPTABLE to delay arriving at the other side of the road by using a footbridge if the likelihood of being injured by crossing the road directly is high.
當直接穿越馬路受傷的可能性較高時,因為改走行人天橋到道路另外一邊而遲到,可能是可以接受的。
I analyse the situation. The footbridge is 200 metres away and will add time to my journey. The weather is good, the visibility is good and I can see that the road does not have many cars at this time.
我分析整個狀況,行人天橋在 200 公尺外,會增加行程所需時間。當時氣候不錯,視覺良好,可以清楚地知道馬路上車子不多。
I decide that walking directly across the road carries an acceptably low level of risk of injury and will help me reach my meeting on time.
我決定直接走路穿越馬路所引起受傷的風險是可以接受的低,有助於我準時抵達會議場所。
Plan actions to address the risks 規劃處理風險的行動項目
How can I avoid or eliminate the risk? How can I mitigate risks? 怎樣才可以避免或消除風險?怎樣才可以緩解風險?
Example: I could eliminate risk of injury caused by being hit by a vehicle if I use the footbridge but I have already decided that the risk involved in crossing the road is acceptable.
範例:假如我改走行人天橋,當然可以消除因為被車子撞到而造成傷害的風險,但是我已經決定穿越馬路的風險是可以接受的。
Now I plan how to reduce either the likelihood or the impact of injury. I cannot reasonably expect to control the impact of a car hitting me. I can reduce the probability of being hit by a car.
目前我規劃如何降低受傷的可能性或衝擊,我不能奢望能夠控制車子撞到我的衝擊,但是我可以降低被車子撞到的機率。
I plan to cross at a time when there are no cars moving near me and so reduce the likelihood of an accident. I also plan to cross the road at a place where I have good visibility.
我規劃在沒有車子開向我時穿越馬路,如此可以降低意外的可能性。我同時規劃在視線良好的地方穿越馬路。
Implement the plan - take action 執行計畫 - 採取行動
Example:
I move to the side of the road, check there are no barriers to crossing. I check there are no cars coming. I continue to look for cars whilst crossing the road.
範例:
我走到馬路邊,檢查穿越時並沒有障礙,也沒有車子行駛過來。在穿越馬路時,持續地注意有無車子出現。
Check the effectiveness of the action - does it work?
檢查行動的有效性 - 是否有作用
Example:
I arrive at the other side of the road unharmed and on time: this plan worked and undesired effects have been avoided.
範例:
我毫髮無傷且準時抵達道路的另外一邊:此一計畫是有用的,而且可以避免掉不必要的效應。
Learn from experience - improve
從經驗學習 - 改進
Example:
I repeat the plan over several days, at different times and in different weather conditions.
範例:
幾天後,在不同的時間和不同天候條件,我重複此一計畫。
This gives me data to understand that changing context (time, weather, quantity of cars) directly affects the effectiveness of the plan and increase the probability that I will not achieve my objectives (being on time and avoiding injury).
如此可以提供資料,讓我瞭解變更情境(時間、天候、車子數量)會直接影響計畫的有效性,並且增加我無法達成目的的可能性(準時抵達且避免受傷)。
Experience teaches me that crossing the road at certain times of day is very difficult because there are too many cars. To limit the risk I receive and improve my process by using the footbridge at these times.
經驗教導我們,在每天某一段時間因為車子太多,穿越馬路是很困難的。在這些時段,我可以改進過程改走行人天橋,以便縮限可能接受到的風險。
I continue to analyse the effectiveness of the processes and revise them when the context changes.
我持續地分析過程的有效性,並且在情境變更時修改這些計畫。
I also continue to consider innovative opportunities:
- can I move the meeting place so that the road does not have to be crossed?
- can I change the time of the meeting so that I cross the road when it is quiet?
- can we meet electronically?
我也可以持續考慮一些創新的機會:
- 是否可以改變會議地點,因此可以不必穿越馬路?
- 是否可以改變會議時間,以便我可以等馬路都淨空時才穿越過馬路?
- 是否可以採用電子會議方式?
7. Conclusion
7. 結論
Risk-based thinking:
- is not new
- is something you do already
- is on-going
- ensures greater knowledge of risks and improves preparedness
- increases the probability of reaching objectives
- reduces the probability of negative results
- makes preventive a habit
基於風險思維:
- 不是新的東西
- 是已經具備的東西
- 是正在進行的東西
- 確保更多的風險知識及改進準備狀態
- 增加達成目標的機率
- 降低負面結果的機率
- 養成預防的習慣
Other useful documents (其他有用的文件)
- ISO 31000:2009, Risk managment - Principles and guidelines
- PD ISO/TR 31004:2013, Risk management - Guidance for the implementation of ISO 31000
- ISO 9001:2015 Risk-based thinking - power point presentation
- ISO 31010:2010 Risk management - Risk assessment techniques
引用資料
| 
發表於 2016-2-23 09:52:54
分享
收藏
分享