The revision of the ISO 9001 quality standard in 2015 introduced risk-based thinking as a major innovation. In addition to explicit requirements for risk-based thinking, the standard also contains implicit requirements that address aspects of risk-based thinking. Small and medium-sized companies face particular challenges when implementing risk-based thinking, as they have fewer resources available. In this context, the ISO 9001:2015 standard does not provide any recommended actions to meet the requirements. Due to the scope for interpretation of the standards text, uncertainty may arise among those responsible, who must fulfill the requirements of risk-based thinking in order to ensure both compliance with the standard and proactive entrepreneurial action. This thesis examines the challenges that arise from the risk-based thinking of ISO 9001 for small and medium-sized enterprises and presents suitable methods for fulfilling the explicit and implicit requirements that are recommended by the scientific literature and applied by practitioners. As an introduction, the concepts of quality and risk management are explained and the need for a systematic approach to identifying and dealing with risks and opportunities is addressed. In addition, the explicit and implicit requirements of risk-based thinking in ISO 9001:2015 are analyzed and other guidelines are used as implementation strategies. Based on this, a theoretical analysis of challenges and methods in the context of risk-based thinking is carried out in order to create a theoretical basis for conducting an empirical survey and to compare the findings of the scientific literature with those of the expert interviews. The results of this thesis show that the greatest challenges for SMEs lie in establishing process thinking, communicating the benefits of risk-based thinking to all those involved and in the limited resources (time and personnel). The actual requirements of the standard text are less problematic than the scope for interpretation, which can lead to ambiguities and possible misinterpretations. It has also become apparent that SMEs use a variety of risk management methods. Standard methods such as brainstorming, the Ishikawa diagram, FMEA and SWOT are widely used. PESTEL and stakeholder analyses are usually used for context analysis. However, company-specific working methods dominate the effectiveness check of measures in the management review and the updating of risks and opportunities in the event of non-conformities. Standard methods alone are not sufficient to meet all the requirements of risk-based thinking.
Date of Award | 2024 |
---|
Original language | German (Austria) |
---|
Supervisor | Harald Staska (Supervisor) |
---|
Herausforderungen und Methoden zu expliziten und impliziten Anforderungen des risikobasierten Denkens im Rahmen der ISO 9001:2015 in KMUs
Walcher, C. M. C. (Author). 2024
Student thesis: Bachelor's Thesis