Brought Into Focus

Abstract:This article discusses the basics of risk-based thinking, including the elements of risk-based thinking that appear in the draft version of international standard ISO 9001:2015 ("Quality Management Systems — Requirements") and that may affect organizations as they work toward compliance to the revised standard. Four main types of risk are covered: 1) organizational risk; 2) strategic risk; 3) compliance risk; and 4) operational risk. Some methods of risk analysis and risk management are explained, as are the concepts of risk appetite and risk tolerance. The author maintains that risk-based thinking within an organization must start by defining its measurable objectives. Risks are obstacles that impede progress toward achieving these objectives. Organizations must determine their risk appetite and risk tolerance so they will have a consistent risk philosophy. They then determine risk levels by combining the likelihood of an event and its consequences in a risk analysis …

Access this article
Other ways to access this article
Please register to access this article

Social Bookmarking

Digg, delicious, NewsVine, Furl, Google, StumbleUpon, BlogMarks, Facebook



Excellent article, good reference and very useful.
--Gabriela Carmona, 12-22-2014


Do you really think companies are going to let ISO auditors evaluate its risk regarding a risk of material misstatements due to fraudulent revenue recognition. An auditor should test the controls established to detect fraud in the revenue recognition processes.
That is CPA's do and already.
--bill koster, 12-17-2014


Excellent article! I'll definitely make use of the Rick Assessment templates.
--Liz Wibright, 11-04-2014


Great article! I will share this with the Top Management Team
--George Slade, 09-15-2014


Very useful for me and my company.
--Boyka Nenkova, 09-10-2014


Featured advertisers