Abstract
The search for excellence, related to the processes, products and services quality and to the market requirement, makes organizations to implement their Quality Management Systems (QMS). In this context, with ISO 9001 standard revision, published in 2015, a new requirement is established: risk-based thinking. The main focus of this article is to provide information, by doing a Systematic Literature Review (SLR), about the state of the art of Risk and ISO 9001 standard, identifying the risks’ approaches used by the organizations and finding gaps and inconsistencies in the literature. This SLR was conducted as follows: (a) establishing the research main question; (b) locating studies (defining the research sources, timing and criteria); (c) analysis and synthesis (supported by QSR NVivo); and (d) findings and conclusions. The main field of research was chosen to answer the question “what kind of methodologies and methods, companies that have a QMS based on ISO 9001 can use as a support to the risk-based thinking requirement?” The paper’s aim is also to contribute with companies who are looking forward to implement the Risk Management in their processes.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Organizations have been facing a strong and competitive market besides high customer expectations, what makes them to look for ways to stay competitive. To reach that, companies try to improve the activities that add value to the process and business [1].
The search for excellence is intimately related to their products, services and processes’ quality and to achieve it, many organizations opt for a Quality Management System (QMS) implementation, supported by several models and tools [2]. Besides not being considered a TQM model, the ISO 9001 standard can be a good start for companies that are at the beginning of the quality achievement process [3].
The ISO 9001 standard, elaborated by the Technical Commit of the International Standardization Organization (ISO/TC 176), defines requirements to support organizations on the quality and conformity of their products and services, fulfilling customers’ necessities [4]. International Organization for Standardization (ISO), in 2016, announced that there are 1,643,529 valid ISO 9001 certificates worldwide, being only 7% in ISO 9001: 2015. In Brazil, there are 20,908 certified companies, 3% in ISO 9001:2015 [5].
On its latest version, ISO 9001:2015 contains changes apparently easy but that implies big challenges for the organizations [6, 7]. One of the most significant changes was the risks approach, implicit on the preview versions of the standard and now treated as “risk-based thinking”, as a requirement for the entire organizational environment. This concept seeks to instigate organizations to be more careful and to think in long-term [3, 8,9,10].
The risk management is a very comprehensive term and the researches related to it are in contrast, much specifics, which always leads to a gap, even small, to be filled [11]. This can be inferred from a number of studies that have analyzed risk management in the context of companies QMS and ISO 9001 implementation processes.
It is important to observe that being in the Digital Transformation Era, organizations have to adapt their strategies and models for business processes to the digital reality [12], what can also be related to the risk-based thinking approach, in terms of long-term thinking and opportunities to company’s growth.
In order to assist further research in this field, the paper aims at finding relevant literature contributions on risks, with particular interest on its relation with ISO 9001 standard, in the aspects of its emerging issues, most frequent talked themes and existing gaps. This paper was structured as follows: the first section covers the introduction; Sect. 2 characterizes this paper’s research methodology; and Sect. 3 describes the findings and conclusion.
2 Research Methodology
To conduct the study, the authors based on a systematic literature review (SLR) which is a methodology used by academic researchers to manage knowledge diversity, mapping and evaluating the existing intellectual territory, being capable to develop and increase the subject aspects, contributing to the state of the art [13].
The SLR was conducted as follows: (a) establishing the research main question; (b) locating of studies, where it is established the search sources, timing and criteria; (c) analysis and synthesis (supported by QSR NVivo); and (d) findings and conclusions [14, 15]. The topics (a) and (b), described previously, are discussed on this section as follows.
2.1 Locating of Studies
The SLR process (Fig. 1) was conducted as follows: the main field of research was choose to answer the question “what kind of methodologies and methods, companies that have a QMS based on ISO 9001 can use as a support to the risk-based thinking requirement?”. The location of articles considered the key words in two electronic databases: Scopus and ISI Web of Science (WoS), citation indexes that coverage mainly focuses on journals [16]. Li et al. [17] affirms that WoS “is the oldest citation database with both bibliographic data and citation data going back to 1900”. Besides being oldest and having the longest coverage, WoS does not index all of the journals that are found in Scopus, what aims to the fact that Scopus “has a larger proportion of exclusive journals and this is the case in all fields” [16].
(Source adapted from [14])
SLR phases, methods, criteria and tools
The period of research was established based on the ISO 9001 standard transition process: its past edition was published in 2008 and replaced in 2015. In terms of key words, it was observed macro themes, which are “risk” and “ISO 9001”. The standard version was not specified due to the transition process. The research included peer reviewed articles published in Journals or Proceedings of International Conferences.
From Table 1 it is possible to see the number of found papers and the selection process criteria, inferring the excluded ones. The process’s result was 46 articles.
2.2 Analysis and Synthesis
As inferred from Table 1, the locating of studies resulted in a final number of 46 articles, 18 of them found in both WoS and Scopus databases. To analyze the selected articles, it was used the thematic synthesis approach, coding and extracting data with QSR NVivo, an effective computer software used to code data from full articles [15].
QSR NVivo supported the most frequent words used in the literature analysis (see Fig. 2), making it easier to find the main subjects approached by each article.
50 most frequent words (elaborated by the authors supported by QSR NVivo)
In parallel with the investigation above, the articles were analyzed by year of publication, indexed databases and types of publications (see Fig. 3); Table 2 presents the selected articles list.
Articles classification (elaborated by the authors)
The main analysis of the present article is described in this section. To answer the question proposed at the beginning of the SLR, the 46 papers were analyzed by methodologies, methods, models and/or tools presented in (see Fig. 4).
Articles x methodologies/methods/models/tools
It was found from the selected papers, 16 (P1; P3; P4; P6; P8; P11; P12; P13; P14; P19; P23; P28; P31; P32; P39; P44) that do not mention any of the topics listed above. Therefore, besides presenting subjects related to risks, quality management system and ISO 9000, they were not used to compose the final chart. All of the others, propose, explain or mention some methodology, method, model or tool to support the risk management activities and to the “risk-based thinking” required by ISO 9001.
It can be inferred from the Fig. 4 that 15 papers describe methodologies, while 22 present some method/model/tool. The most frequent methodologies observed were ISO 31000 and PDCA cycle. Regarding to them it is important to highlight that ISO 31000 is based on PDCA, prescribing a risks approach unfolded in: to identify, to analyze and to evaluate (P—plan), to treat (D—do), to monitor (C—check) and to analyze (A—act). The most related tool was the FMEA (Failure Modes and Effects Analysis), probably due to its wide dissemination and customers’ requirements (for example automotive and aeronautic sectors and healthcare products). However, FMEA has its limitations.
The analysis process can become cumbersome and long, with possible costs for application; and the method is not prepared to discover complex failure modes involving various failures or subsystems. To solve that question it should be used the FTA (Fault Tree Analysis) [18].
In addition, the mathematical formulation for the Risk Priority Number (RPN) is questionable and discussible since there is not any justification that, the product of Severity, Occurrence Probability and Detectability, results in the RPN [19, 20].
That tree factors are hard to be determined precisely because most of the FMEA’s information is expressed by a linguistic form, what makes the interpretation in a subjective way for the reader [19]. The same problem can happen with the Risk Matrix.
3 Findings and Conclusion
Nowadays, researches in risks and ISO 9001 are increasing, once that the companies are in an embryonic and underdeveloped stage to integrate the risk management approach into their QMS’s. This SLR addresses a current challenge for companies that want to maintain their QMS’s, helping them to understand how the risks approach can be realized, supported by theoretical models designed and described, in the most part, in conformity to ISO 31000 methodology.
As it was described in the preview section, qualitative tools may have issues that, if not observed or treated adequately, can give unexpected results to the analysis. To avoid problems like that, companies should look for combinations of qualitative and quantitative tools that better adequate to their necessities.
However, it has much more to be done regarding to the applicability of the tools in the companies’ contexts and about the efficiency of them. The authors suggest as future researches the application of some methodology in the context of certified companies, to evaluate its efficiency for the risk-based thinking approach.
References
Lee, C.K.M., Lv, Y., Hong, Z.: Risk modelling and assessment for distributed manufacturing system. Int. J. Prod. Res. 51, 2652–2666 (2013)
Fonseca, L.M.: From quality gurus and TQM to ISO 9001:2015: a review of several quality paths. Int. J. Qual. Res. 9, 167–180 (2015)
Fonseca, L.M.: ISO 9001 quality management systems through the lens of organizational culture. Qual. Access Success 16, 54–59 (2015)
Fonseca, L.M., Domingues, J.P.: How to succeed in the digital age? monitor the organizational context, identify risks and opportunities, and manage change effectively. Manag. Mark. 12, 443–455 (2017)
Quality blog (in Portuguese). http://blog.qualidadesimples.com.br/2017/09/21/cresce-o-numero-de-empresas-com-certificado-iso-9001-no-brasil/
Antilla, J., Jussila, K.: ISO 9001:2015-a questionable reform. What should the implementing organizations understand and do? Total. Qual. Manag. Bus. Excel. 28, 1090–1105 (2017)
Rybski, C., Jochem, R., Homma, L.: Empirical study on status of preparation for ISO 9001:2015. Total. Qual. Manag. Bus. Excel. 28, 1076–1089 (2017)
Chiarini, A.: Risk-based thinking according to ISO 9001:2015 standard and the risk sources European manufacturing SMEs intend to manage. TQM J. 29, 310–323 (2017)
International Organization for Standardization (2015). https://www.iso.org/obp/ui/#iso:std:iso:9001:ed-5:v1:en
Luko, S.N.: Risk management principles and guidelines. Qual. Eng. 25, 451–454 (2013)
Aven, T.: Risk assessment and risk management: review of recent advances on their foundation. Eur. J. Oper. Res. 253, 1–13 (2016)
Reis, J., Amorim, M., Melão, N., Matos, P.: Digital transformation: a literature review and guidelines for future research, vol. 745, pp. 411–421. Springer Nature (2018)
Tranfield, D., Denyer, D., Smart, P.: Towards a methodology for developing evidence-informed management knowledge by means of systematic review. Br. J. Manag. 14, 207–222 (2003)
Garza-Reyes, J.A.: Lean and green-a systematic review of the state of the art literature. J. Clean. Prod. 102, 18–29 (2015)
Thomas, J., Harden, A.: Methods for the thematic synthesis of qualitative research in systematic reviews. BMC Med. Res. Methodol. 8, 45 (2008)
Mongeon, P., Paul-Hus, A.: The journal coverage of Web of Science and Scopus: a comparative analysis. Scientometrics 106, 213–228 (2016)
Li, J., Burnham, J.F., Lemley, T., Britton, R.M.: Citation analysis: comparison of Web of Science®, ScopusTM, SciFinder®, and Google Scholar. J. Electron. Resour. Med. Libr. 7, 196–217 (2010)
Riplová, K.: Tool of risk management: failure mode and effects analysis and failure modes, effects and criticality analysis. J. Inf., Control. Manag. Syst. 5, 111–120 (2007)
Liu, H.C., Liu, L., Bian, Q.H., Lin, Q.L., Dong, N., Xu, P.C.: Failure mode and effects analysis using fuzzy evidential reasoning approach and grey theory. Expert Syst. Appl. 38, 4403–4415 (2011)
Gorlenko, O., Miroshnikov, V., Borbatc, N.: Development of management methodology for engineering production quality. In: International Conference on Mechanical Engineering, Automation and Control Systems (2016)
Atan, H., Ramly, E.F., Musli Mohammad, M.S.Y.: A review of operational risk management decision support tool. In: International Conference on Industrial Engineering and Operations Management (2017)
Barata, J., Rupino, P.C., Costa, C.C.: Developing an IS quality culture with ISO 9001: hopefully, a never ending story. In: 24th Australasian Conference on Information Systems (2011)
Boiral, O.: Managing with ISO systems: lessons from practice. Long Range Plan. 44, 197–220 (2011)
Budaj, P., Hrnciar, M.: The Importance of Risk-Based Thinking for Enterprise Performance Planning, pp. 244–252. Technical University of Liberec, Faculty Economics, Liberec (2015)
Chen, D., Chang, W.F.: A practical flow regarding 2nd party audit on quality proficiency in supplier management. In: Joint International Symposium on e-Manufacturing and Design Collaboration (2017)
Da Fonseca, L.M.C.M.: ISO 14001:2015: an improved tool for sustainability. J. Ind. Eng. Manag. 8, 37–50 (2015)
Emetumah, F.C.: Integrated management systems as a risk management tool: combining ISO 9001, ISO 14001 & OHSAS 18001 standards in process industries. In: Risk, Reliability and Safety: Innovating Theory and Practice, pp. 1216–1221. Taylor & Francis Group, London (2017)
Ezrahovich, A.Y., Vladimirtsev, A.V., Livshitz, I.I.: Risk-based thinking of ISO 9001:2015—the new methods, approaches and tools of risk management. In: International Conference “Quality Management, Transport and Information Security, Information Technologies”, pp. 506–511 (2017)
Galleto, M., Franceschini, F., Mastrogiacomo, L.: ISO 9001 certification and corporate performance of Italian companies. Int. J. Qual. Reliab. Manag. 34, 231–250 (2017)
Giannetti, C., Ransing, R.S.: Risk based uncertainty quantification to improve robustness of manufacturing operations. Comput. Ind. Eng. 101, 70–80 (2016)
Gołaś, H.: Risk management as part of the quality management system according to ISO 9001. Commun. Comput. Inf. Sci. 435, 519–524 (2014)
Gołaś, H., Mazur, A., Gruszka, J.: Improving an organization functioning in risk conditions in accordance with ISO 9001: 2015. In: 2016 International Conference on Economics and Management Innovations, vol. 57, pp. 257–261 (2016)
Harafonova, O.I., Zhosan, G.V., Yankovoi, R.V.: Distinctions and features of ISO 9001:2015 standard implementation in the context of social and strategic development of enterprises. Sci. Bull. Polissia 3, 66–71 (2017)
Harasymiuk, J., Barski, J.: Risk management as a determinant of the effectiveness of the quality management system in a building company. In: 2016 International Conference on Economics and Management Innovations, vol. 57, pp. 8–12 (2016)
Kline, J.J., Hutchins, G.: Enterprise risk management: a global focus on standardization. Glob. Bus. Organ. Excel. 36, 44–53 (2017)
Kotek, L., Nosek, A., Fiala, A., Bartos, V.: Risks in industrial management systems. MM Sci. J. 12, 1608–1612 (2016)
Lenning, J., Gremyr, I.: Making internal audits business-relevant. Total. Qual. Manag. Bus. Excel. 28, 1106–1121 (2017)
Liu, F., He, Y., Cui, J.: Product assembling quality risk analysis approach based on RQR chain. In: 2nd International Conference on Reliability Systems Engineering (2017)
Liu, Q., Du, Q., Shi, W., Zhu, J.: Modeling of risk treatment measurement model under four clusters standards (ISO 9001, 14001, 27001, OHSAS 18001). In: 2nd SREE Conference on Engineering Modelling and Simulation, vol. 37, pp. 354–358 (2012)
Luburić, R.: Quality management principles and benefits of their implementation in central banks. J. Cent. Bank. Theory Pract. 4, 91–121 (2015)
Luburić, R.: Knowledge and learning in terms of operational risk management in the financial and banking systems. Int. J. Qual. Res. 10, 559–568 (2016)
Medić, S., Karlović, B., Cindrić, Z.: New standard ISO 9001:2015 and its effect on organizations. Interdiscip. Descr. Complex Syst. 14, 188–193 (2016)
Novaková, R., Pauliková, A., Cekanová, K.: Risk management as a part of a quality management system in woodworking companies. In: Czech University Life Sciences Prague, Prague 6, pp. 170–178 (2017)
Pacaiová, H., Sinay, J., Nagyová, A.: Development of GRAM—a risk measurement tool using risk based thinking principles. Measurement 100, 288–296 (2017)
Parra-López, C., Hinojosa-Rodríguez, A., Carmona-Torres, C., Sayadi, S.: ISO 9001 implementation and associated manufacturing and marketing practices in the olive oil industry in southern Spain. Food Control 62, 23–31 (2016)
Psomas, E.L.: The effectiveness of the ISO 9001 quality management system in service companies. Total. Qual. Manag. Bus. Excel. 24, 769–781 (2013)
Rebelo, M.F., Silva, R., Santos, G.: The integration of standardized management systems: managing business risk. Int. J. Qual. Reliab. Manag. 34, 395–405 (2017)
Rewilak, J.: MSA Planning—a proposition of a method. Key Eng. Mater. 637, 45–56 (2015)
Rodriguez, D.R.: Partial implementation of the Quality Management System by ISO 9001:2015. Case study. Dilemas Contemporaneos-Educacion Politica Y Valores, 4:31 (2017)
Ruamchat, K., Thawesaengskulthai, N., Pongpanich, C.: Development of quality management system under ISO 9001:2015 and Joint Inspection Group (JIG) for aviation fuelling service. Manag. Prod. Eng. Rev. 8, 50–59 (2017)
Sari, Y., Wibisono, E., Wahyudi, R.D., Lio, Y.: From ISO 9001:2008 to ISO 9001:2015: significant changes and their impacts to aspiring organizations. In: International Conference on Informatics, Technology and Engineering (2017)
Sartor, M., Orzes, G., Di Mauro, C., Ebrahimpour, M., Nassimbeni, G.: The SA8000 social certification standard: literature review and theory-based research agenda. Int. J. Prod. Econ. 175, 164–181 (2016)
Savino, M.M., Brun, A., Xiang, C.: A fuzzy-based multi-stage quality control under the ISO 9001: 2015 requirements. Eur. J. Ind. Eng. 11, 78–100 (2017)
Sitnikov, C.S., Bocean, C.G.: The role of risk management in ISO 9001: 2015. In: 9th International Management Conference: Management and Innovation for Competitive Advantage (2015)
Sitnikov, C.S., Bocean, C.G., Berceanu, D., Pîrvu, R.: Risk management model from the perspective of implementing ISO 9001:2015 standard within financial services companies. Amfiteatru Economic 19, 1017–1034 (2017)
Sousa, S., Nunes, E., Lopes, I.: Measuring and managing operational risk in industrial processes. FME Trans. 43, 295–302 (2015)
Vasile, F.: A critical approach of thinking risk-based existing in the new issue of ISO 9001: 2015 standard (in Romanian). EEA—Electrotehnica, Electronica, Automatica 65, 19–23 (2017)
Vasile, F.: The improvement of the manufacturing processes of electric servomotors by applying the new editions of the international standards on the quality and environment (in Romanian). EEA—Electrotehnica, Electronica, Automatica 65, 79–84 (2012)
Wong, S.K.: Risk-based thinking for chemical testing. Accred. Qual. Assur. 22, 103–108 (2017)
Acknowledgements
The authors thank CNPQ, CAPES, FAPEMIG, FUPAI and Sisvoo Sistemas Eletrônicos Ltda., for funding support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Martins, Y.S., da Silva, C.E.S. (2019). Risk and ISO 9001: A Systematic Literature Review. In: Reis, J., Pinelas, S., Melão, N. (eds) Industrial Engineering and Operations Management I. IJCIEOM 2018. Springer Proceedings in Mathematics & Statistics, vol 280. Springer, Cham. https://doi.org/10.1007/978-3-030-14969-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-14969-7_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14968-0
Online ISBN: 978-3-030-14969-7
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)