The ISO 9001 requirements pertaining to preventive action would get a lot more attention if people grasped the very simple fact that this is all about managing risk—which is really about managing the consequences of change. Whenever we change something, even for the better, there are consequences—ripples across the waters through which we navigate our quality management systems. Failure to anticipate the consequences of those changes is how we end up with bad things happening. Like the hapless rafter who is surprised by the rapids, our craft is buffeted and tossed. We get banged against partially hidden rocks, we lose our bearings, our provisions get lost in the swirl, and sometimes our vessel capsizes and we’re left adrift, at peril of going under.

 …