Background to the new ISO 9001:2015 Requirement
Rather than repeat myself by going over the requirement at a general level, here’s a link to an earlier post where I have tried to explain the general principles involved.
Why is it important?
I’m drafting a gap analysis at the moment for what you could best describe as a “traditionally structured” QMS. Like many systems of this type, there is no formal structure for identifying internal and external issues, the associated risks and the necessary contingencies and back up plans. In this situation you often get the impression that the management team simply “know” what these things are and “naturally take them into account”. So why the need for anything more formal?
Well, here’s what can happen when you get things wrong …
It’s perhaps worthwhile taking time to consider the sequence of events and understanding what went wrong for Monarch because this sorry tale outlines quite well why it might be worthwhile trying to adopt a more formal proactive approach to risk management. Does it guarantee everything will be fine? Of course it doesn’t. But what it might do is provide focus as to the size and scale of risks that the company is running (ie, understanding the worst case scenario) and perhaps helping the company understand if there is a Plan B that can be put in place to mitigate the effects, should the worst come to the worst.
In short, the article suggests that Monarch had too many of its eggs in one or two baskets (holiday flights to Turkey and North African destinations) and when demand for flights to this region reduced considerably, it left the company with no place to go.
I know it’s always much easier to analyse failures from the perspective of hindsight, but this state of affairs catches the sentiment quite well.