ISO9001風險管理實務與方法論之研究

The Practice and Methodology Study of ISO 9001 Risk Management

韓慧林、王貴民、邱詩庭、尤若涵
H. L. Hai, K. M. Wang, S. T. Qiu and J. H.Yu

實踐大學 資訊管理系


摘要

在公司的作業流程中,風險管理具備下列效益:避免非預期損失、改善管理績效及作業效率、有效運用資金、滿足利害關係人、以及符合法規要求。任何公司在自我評估控制架構中,評估類別通常與組織部門和功能性相對應,對於每一評估類別,各部門應針對部門特性深入檢視相關風險及其嚴重度。再針對所見風險問題進行總和評分及排序,但此主要用意是識別高度風險事件與跟催,以降低風險。 所有風險管理要求希望企業建立過程導向與風險導向之作業或思維,並在ISO9001:2015條文中佔有舉足輕重之地位。在風險管理研究中,我們探討與分享ISO9001:2015輔導與稽核實務經驗,促使企業管理者勇於檢視與分析企業在經營管理所可能面對之風險。

關鍵字:ISO9001、風險管理、自評架構。

ABSTRACT

There are many benefits to managing the risks in the operational processes of corporate, including: avoid unexpected losses and improve management performance and operational efficiency, efficient use of capital, satisfy stakeholders, comply with regulation. In the control self–assessment framework of a company, the categories correspond generally to department and functions within the organization. For each category, specific questions are answered to gain insight into the associated risks and their severity. Scoring is typically a sum of risk order value for the question, but the main benefit is identification of high-risk areas and follow-up actions to reduce risks. All the risk requirements are intended to be applicable to process-oriented and risk-oriented acts of firms and they are also very important in ISO 9001:2015. In this risk management study, we share the consultant and audit experiences of ISO9001: 2015 certificated. The managers are now strongly encouraged to use risk analysis in order to decide for yourself which challenges you see in the management of your business processes.

Keywords: ISO9001; Risk Management; Self–assessment Framework