Risks and opportunties in ISO 9001

It is up to the organization to decide whether the responsible of the procedure is the president of the company or the quality manager. Usually the quality manager is responsible for directing the risk and opportunity assessment while the organization´s top management is responsible for creating the risk management committee and providing the resources needed to assess and manage the risks. Nevertheless, the procedure is not a mandatory document within the QMS.

It is important to note that the requirements in ISO 9001:2015 are to analyze the ris ks within your QMS and then decide what actions need to be taken. This doesn´t even need to be maintained as documented information. If you already do this ( analyze risks with FMEA analysis and take actions based on that analysis) as part of your business strategy the you already meet the requirements of ISO 9001:2015 and will be acceptable for your certification audit. Remember you will also need to address the opportunities and this cannot be done through a FMEA analysis, but you can conduct a simple brainstorming session with the relevant people of your organization.

To learn more about risks and opportunities in ISO 9001, see - Does ISO require a procedure for addressing risks and opportunities? https://advisera.com/9001academy/blog/2017/10/10/does-iso-9001-require-a-procedure-for-addressing-risks-and-opportunities/

If you want to find out more about FMEA risk assessment, see this article - Methodology for ISO 9001 risk analysis: https://advisera.com/9001academy/blog/2015/09/01/methodology-for-iso-9001-risk-analysis/