Single Management System
The means to a Risk-based Organization is through a Single Management System. A configuration of integrated disciple Management Standards. Whether an organization is certified to even one Management Standard, all the operating disciples are to be considered for potential risks related to issues that may cause the process not to realize the intended outcome. The point is, an organization needs to consider other disciples in the process, regardless of certification.
Strategic Planning is included in all Management Standards, the certification to one Standard, cannot cover all the requirements of organizational planning unless all disciplines are covered, in order to direct the strategic direction
Similarly, the needs and expectations pertaining to one Standard cannot be considered for just that Standard, because for example if the organization is solely 9001 certified, it is not only about the product, because environmental risk issues, for which there are legal requirements can impact the organization’s strategic direction
Management cannot be separated out by disciplines, a holistic approach has to be adopted, otherwise, the strategic direction is at risk. 2015 Management Standards, are risk-driven.
ISO 19011:2018 introduces a new principle Risk-based approach to auditing, which is applicable to the 2015 Standard and is distinguished from clause-based auditing, which the method that Lead and Internal Auditors are trained to. 19011:2018 also states that risk cannot be audited as a stand-alone event, which is the practice of clause based auditing. Therefore, a change in the auditing method is deemed necessary, because of ISO 19011:2018.
Training is required to transition from clause-based auditing Lead/Internal auditor methodology to a risk-based approach to facilitate a holistic multidisciplinary approach to the operations in order to accommodate the Strategic direction of the organization.
Certified Management System Risk Auditor
An on-line competency program, to gain an understanding of ISO 19011:2018 and to be tested with an open book test. Content is provided to set up the organization for a risk-based audit. Persons are tested on the content. An electronic form is provided to conduct a risk-based audit. The Certificate is provided on the completion of the first audit.
Jeffrey Lewis CQP, FCQI.