Featured Product
This Week in Quality Digest Live
Operations Features
Eric Whitley
Robotic efficiency coupled with human intuition yields a fast, accurate, adaptable manufacturing system
Etienne Nichols
How to give yourself a little more space when things happen
InnovMetric Software
One software capable of operating portable metrology equipment and CMMs within the same user interface
MIT News
Mens, Manus and Machina (M3S) will design technology and training programs for human-machine collaboration
Gleb Tsipursky
The future of work is here, and AI is the driving force

More Features

Operations News
A centralized platform and better visibility are key improvements
Greater accuracy in under 3 seconds of inspection time
Oct. 17–18, 2023, in Sterling Heights, Michigan
Enables scanning electron microscopes to perform in situ Raman spectroscopy
For current and incoming students in manufacturing, engineering, or related field
Supports back-end process control
Transforming the development and optimization of bioprocesses using Tetra data
For processed, frozen, and preprocessed vegetables, confections, and more
Signalysis SigQC software now fully integrated with MECALC QuantusSeries instrumentation

More News

Mike Micklewright


Lean, Quality, and Risk-Based Thinking in ISO 9001:2015

Integrating principles, culture, and tools

Published: Wednesday, January 13, 2016 - 15:19

I’ve made the point many times that the quality function and the lean/continuous improvement/kaizen function within an enterprise are really one and the same. Treating them as separate value streams with their own documentation, procedures, and goals is wasteful, short-sighted, and disrespectful of employees and customers alike. Why? Because all that duplication impedes the ability to create flow and add value, which are what employees and customers are most interested in, anyway.

Nowhere is this inefficiency more obvious than in the registration and auditing process for general management system standards such as ISO 9001, or sector-specifics like AS9100 or ISO/TS 16949. Although those in the quality department usually handle the registration process, if these individuals really looked at their colleagues who are forming kaizen teams and walking the gemba as part of their standard work, they would find that these lean leaders have a wealth of practical knowledge that can and should be used to satisfy many of the requirements of these standards. You see, it shouldn’t be two teams working on separate things! In many respects, quality and lean are one function, with one and only one ultimate goal: To deliver value for the business overall. That’s why I like to refer to this entire discipline as a business management system.

One way that an understanding of the business management system can become crystal clear is to look at it through the context of risk-based thinking, which is now a part of ISO 9001:2015. For many quality professionals, risk appears to be an arcane and perhaps intimidating concept that is alien to their work—and maybe even their entire way of thinking. Nothing could be further from the truth. Ensuring quality means making certain that the enterprise has a structure and a way of doing things that everyone understands. The intention of ISO 9001:2015 is to give everyone in the organization the ability to act in a given way (the “right” way, depending on the organization) in a variety of expected and unexpected occurrences. It is in the latter case—regarding unexpected occurrences—that an understanding of risk is critical.

For those within the organization who practice lean, risk is never far from their thoughts. These individuals are usually enmeshed in the day-to-day business of output in one way or another, producing widgets, or sales, or happy customers (hopefully all three at the same time).

Production is inherently risky, and so these professionals understand the concepts of poka-yoke (mistake proofing), failure modes effects and analysis (FMEA), and risk priority numbers (RPN). When one is in this role, it’s important to consider all potential variables of any process and/or any change in a process as part of the overall continuous improvement effort.

The FMEA approach to mitigating risk

So when it comes to the risk-based thinking language within ISO 9001:2015, how can lean professionals come together with their quality colleagues to share knowledge, build communication and camaraderie, and sharpen their understanding of risk?

Although ISO 9001:2015 doesn’t dictate a specific approach to demonstrating proficiency with risk-based thinking, to my mind, the best way to achieve this, at the design and process levels, is through FMEA. Other tools (e.g., hoshin kanri) might be used for different applications of risk management. Done properly, FMEA can help users quickly diagnose potential problems, calculate an RPN, take action to reduce risks, and then sustain improved conditions indefinitely. It’s an ideal way to understand and address risk, and it’s unquestionably good for the organization, too!

The FMEA form is an extremely approachable and logical risk management tool. Filling it out simply requires an understanding of a problem and its effects on the customer, critical thinking skills, an understanding of root cause, and some simple language to describe it and potential solutions. With that and some basic math skills, you will be well on your way to assessing and ranking problematic situations within your organization. Even more, through the FMEA process, you will come to understand how to mitigate risky situations and processes within your organization.

The clip below is a sneak preview from the two-part “Risk Management” set of the my new streaming video training series, “Creating and Sustaining Lean Improvements,” produced in conjunction with Quality Digest’s training division, 360 Performance Circle. In this clip, you’ll learn more about what an FMEA form actually looks like, how it gets filled out, and how an RPN is calculated:

Managing risk throughout the organization

Of course, an FMEA is only a tool—a blueprint, if you will—for identifying potential problems and beginning to solve them tactically. A bigger value comes from embedding an appreciation for risk into the principles and culture of the organization. For this one must consider risk at all levels of the organization.

Typically, such a consideration would include products, processes, projects, and strategic decisions—anything and everything that creates or inhibits the creation of value. For example, when poka-yoke becomes part of the culture, and viewed through the prism of the organization’s entire output, then good things can happen. Risk is quickly transformed from just another task into a core consideration that drives planning and leads to efficient, results-focused operations. Put another way, it becomes part of your culture.

It is at this level that the concept of hoshin kanri takes hold. The term can be defined as “strategic policy deployment,” and at its core it is about connecting strategic planning with proper outputs, and aligning the various levels of the organization, in an intentional way, with a desired outcome or set of outcomes. In a nutshell, it determines how best to use resources to drive continuous improvement efforts (e.g., kaizen events and corrective actions) to create the largest effects and mitigate the greatest risks. This is focused management at its very best, where great ideas are developed, communicated throughout the organization, and executed on time, within budget, and in accordance with other specified metrics. None of this is possible without a keen and clear-eyed understanding of the nature of the organization. Properly performed, hoshin kanri gives managers a realistic insight into the organization’s risks as well as its opportunities.

To show you what I mean, here’s another short clip from the risk management series. Here, you can learn more about hoshin kanri and how it connects to the concept of risk-based thinking:

Risk-based thinking may require a shift in outlook, but it provides organizations with some unique benefits. It helps unite disparate quality and lean teams, provides better insight into problems, clarifies solutions, and helps leaders make plans based on the realities of the business.

With an unshaken commitment to principles, communicated through culture and executed through the right tools, organizations can take great advantage of a better understanding of risk. I urge you to consider what an enhanced focus on risk can do for your business management system today.


About The Author

Mike Micklewright’s picture

Mike Micklewright

Mike Micklewright has been teaching and facilitating quality and lean principles worldwide for more than 25 years. He specializes in creating lean and continuous improvement cultures, and has implemented continuous improvement systems and facilitated kaizen/Six Sigma events in hundreds of organizations in the aerospace, automotive, entertainment, manufacturing, food, healthcare, and warehousing industries. Micklewright is the U.S. director and senior consultant for Kaizen Institute. He has an engineering degree from the University of Illinois, and he is ASQ-certified as a Six Sigma Black Belt, quality auditor, quality engineer, manager of quality/operational excellence, and supply chain analyst.

Micklewright hosts a video training series by Kaizen Institute on integrating lean and quality management systems in order to reduce waste.


ISO 9001:2015

Quite an insightful read on the why & what of ISO 9001:2015

very educative


I am learning more on quality management and came across this website.

The article is very educative.

Thank you.