The QM Corner showed how companies can become more successful with systematic opportunity and risk management in accordance with ISO 9001.
The publication of the revised ISO 9001 is expected to be delayed until fall 2026; publication was originally planned for the end of 2025. The first draft, the Committee Draft CD, was announced back in April 2024 and presented to the members of the ISO committee TC 176 for discussion. One of the central elements of this revision is integrated opportunity and risk management.
Effective opportunity and risk management is seen as the key to making companies resilient and future-proof – ideally even antifragile. It is not only about recognizing and avoiding risks, but also about actively exploiting and systematically shaping opportunities. Particularly in mechanical and plant engineering, where companies are often confronted with complex technical requirements, supply chain risks, legal uncertainties and internal process challenges, an early and structured approach to risks and opportunities is crucial to success. At the same time, well-established opportunity management holds enormous potential: technological innovations, more efficient processes and strengthening customer loyalty and employee motivation.
In order to provide companies in North Rhine-Westphalia with practical impetus on these topics, ProduktionNRW organized a digital edition of the QM Corner on 10 July 2025.
Risk and opportunity management in ISO 9001
Jörg Rinn, Project Manager at GUKSA GmbH, explained how the current ISO 9001:2015 requires organizations to take risks and opportunities into account throughout the entire quality management system – from the analysis of the organizational context to strategic planning and regular management reviews. Risks are defined as the effects of uncertainties that can have both positive and negative consequences.
The standard does not specify concrete methods for identifying risks and opportunities, but recommends systematic approaches. This can be done, for example, through SWOT analyses, prioritization or structured risk assessments. An example of a corporate cooperation project was used to demonstrate how risks can be managed effectively in four steps: Analysis (e.g. using SWOT), prioritization (e.g. through pair comparisons), evaluation (e.g. in the form of a risk map) and derivation of concrete measures. Particularly critical risks are dealt with in a targeted manner through action plans, responsibilities and progress checks.
In conclusion, Jörg Rinn emphasized that risk management should not be equated with risk avoidance. Rather, it is about consciously taking calculated risks in order to actively exploit opportunities – an increasingly important management tool, not only in ISO 9001, but also in conjunction with other standards such as ISO 14001 or ISO 27001.
Discussion and exchange
In the subsequent exchange, the participants discussed, among other things, the appropriate level of detail in the risk statement and specific procedures for risk assessment. Dr. Frank Bünting, Deputy Head of Department at VDMA Business Advisory, concluded by emphasizing that risk management should not be carried out solely for external auditors. Active risk management means learning from mistakes in a targeted manner and deriving improvements from them – for genuine quality development.
Organizer
The event was organized by ProduktionNRW. ProduktionNRW is the cluster for mechanical engineering and production technology in North Rhine-Westphalia and is organized by VDMA NRW. ProduktionNRW sees itself as a platform for networking, informing and marketing companies, institutions and networks with each other and along the value chain. Significant parts of the services provided by ProduktionNRW are funded by the Ministry of Economic Affairs, Industry, Climate Protection and Energy of the State of North Rhine-Westphalia.