IRCA INform

Achieving sustainability

through risk management

Gary Cort and Natalia Scriabina explain how risk management is important to ISO 9004’s approach to sustainability Sustained success, as defined in the latest revision of ISO 9004, is a ‘result of the ability of an organization to achieve and maintain its objectives in the long term’.

Thinking for the long term without compromising short-term results has been a fundamental principle of sustainability practices since sustainable development was first defined. The implementation of sustainability practices is becoming more important for organizations searching for predictable development in today’s changing business environment.

Eight areas to apply risk management

The ability to achieve sustained success depends on an organization’s adaptability, codes of conduct, relationship with stakeholders and capability to innovate. Risk management is one of the processes that support sustained success.

ISO 9004, revised in 2009 emphasizes the vital importance of monitoring and analyzing risks and opportunities resulting from changes in the business environment. It highlights eight areas where risk management can be effectively applied in order to achieve sustained success. Table 1 summarizes these processes, related areas of potential risks, recommended actions and corresponding clauses of ISO 9004.

Table 1: Application of risk management to business processes for achieving sustained success

Indicators of maturity levels

ISO 9004 suggests that business processes can be ranked at one of the following five maturity levels:

1. Basic – the organization only changes in response to fixing problems that have already happened
2. Proactive – the organization refocuses its improvement efforts on prevention, anticipating problems and assessing risk exposure
3. Flexible – a fundamental change occurs in the process system and the organization focuses on instituting malleable processes that can adapt to different situations
4. Progressive – the management system has been subsumed by the organization culture, systems tend to rely less on formal procedures and instead trust to the commonly held beliefs of the organization to do the right thing
5. Achieving sustained success – the organization is ‘self aware in a global context’. It is constantly searching for better ways to achieve success in a way that balances the interests of all affected parties

Risk management practices applied to business processes are important indicators of maturity levels in achieving sustained success. For example, organizations that are ‘flexible’, ‘progressive’, and ‘achieving sustained success’ monitor risks related to the relationship and capabilities of key partners.

Risk management and Dow Jones Sustainability Indexes

In addition to the model of maturity levels provided by ISO 9004, there are other recognized models designed to evaluate an organization’s level of sustainability. One example is the Dow Jones Sustainability Indexes, which were created in 1996 and are widely used in financial and investment management. The maturity of a risk management process in an organization is an important element in the evaluation model. Factors taken into account are:

• distribution of responsibilities and authorities in risk management at the group level
• definition and deployment of:

1. a uniform, group-wide risk analysis framework that may include risk assessment, risk management, risk communication and reporting
2. a risk-assessment system based on evaluation of multiple parameters that may include probability, magnitude, time horizon and correlation
3. a risk-response strategy to establish methods and decision criteria applied to retaining, transferring, or avoiding risks

• deployment of tools to rank risk exposures on a two-dimensional scale including probability and magnitude

Available free online, you can use the assessment from the Quality Professionals' Resource Centre website to verify that your knowledge of the future and the history of sustainability practices is up to date. It will highlight any areas that you may need to work on to effectively use ISO 9004:2009 in your work.

About the author

Dr Gary Cort currently chairs ISO/TC 176 for ISO 9000 standards.

Natalia Scriabina is a managing director of the Quality Professionals’ Resource Center based in Ontario, Canada. Natalia is an IRCA Lead Auditor.

 

Have an issue to raise? A question to ask? Give us your opinions now in the Online Forums.