About the risk-based approach

Answer:

Please, consider first ISO 9000:2015 definition of risk: “effect of uncertainty on an expected result”. Because from this definition I always start by the expected results of an organization, and they can be at a general level (for example, the organization’s budget for this year – what can contribute to not achieving it?) or at departmental or process lev el (for example, launching of new products this first semester - what can contribute to not achieving it?). I would work with both approaches that you mention, but considering that a more mature management system should have already built in several mechanisms to handle your second approach, that means that more emphasis could be made on the first one.

The following material will provide you information about the risk-based approach:

ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/
free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/