Risk and opportunities in QMS

Is it required to identify risk and opportunities for each process in QMS?

Answer:

Short and straight answer: no.

More detailed answer: It is not mandatory, but I bet that all organizations determine risks and opportunities in every process, even without being aware that they are doing so. For example, why do organizations:

• Evaluate training effectiveness?
• Select people that they want to admit?
• Define authorities to issue orders to suppliers?
• Order supplies before they are out of stock?
• Control quality of supplies at reception? 
• Review and approve customers’ orders? 
• Control production process and product/service quality? 
• Control design and development projects? 

Behind each of those activities is a risk that organizations want to prevent.

Is it required to identify issues, interested parties and associated risks for each process or department?

Answer:

Short and straight answer: no.

Normally, organizations when determining issues and interested parties think more broadly, they consider the whole organization. For example, if a raise in trade barriers affects your organization, or if a new regulation makes part of your product range obsolete, that’s not a process or department issue. What happens is that when your organization consider the issues determined in clause 4.1 and what is relevant for interested parties, determined in clause 4.2, you determine another kind of risks. For example, loss of market share due to trade barriers and more demanding regulatory requirements. 

The following material will provide you information about the risk-based approach, context and interested parties:

- ISO 9001 – How to address risks and opportunities in ISO 9001 - https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits - https://advisera.com/9001academy/knowledgebase/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
- ISO 9001:2015 Risk Management Toolkit - https://advisera.com/9001academy/iso-90012015-risk-management-toolkit/  
- Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/