qimono / Pixabay

There is always an element of risk in everything and anything we do. However, in business the number of risks and their level of risk, are a key focus area in ISO Standards. Risks have always been considered in ISO standards and can determine the way an organization operates, what projects it takes on, as well the way it cares for its staff.

However, the new ISO 9001:2015 and ISO 14001:2015 place them in a more prominent position upon analyzing an organization. Whereas in previous standard versions it was a separate clause, they now require it to be evaluated across all clauses. Taking into consideration all risks when establishing processes, controls, and improvements for quality management systems, as well as health and safety, and environmental areas.

Risk analysis helps create a preventive plan of action, and to do so there are several tools to consider when analyzing the risks, including SWOT and PESTLE analysis. Each of these analyses help identify the actual risk itself, who it may have an impact on, and provides information for a team to compile ways to prevent the risks happening in the future. It is important that all the information gathered and used, is accurate, reliable, and complete so no unexpected risks arise after analysis. Following proper procedure for each of the following tools will reduce the failure of the analysis and reduce the chance of faulty decision making.


NeuPaddy / Pixabay

SWOT stands for Strengths, Weaknesses, Opportunities, and Threats. It is an excellent tool for looking at the internal strength and weaknesses an organization has in relation to its environment. For example, knowledgeable research staff could be a strength, but a heavy workload culture is a weakness. This weakness could reduce the opportunities available with limited capability to take on new products/services without risking the mental and physical health of the workforce.    


geralt / Pixabay

PESTLE stands for the Political, Environmental, Sociological, Technological, Legal, and Economical forces that would impact on an organization. It is a good tool to identify environmental risks such as pollution levels to the local environment when expanding manufacturing into a more rural area. Political and legal risks can include using materials that do not comply with EU health, safety, and environmental requirements. Technological risks are the use of outdated or no longer supported machinery and software that could slow down the processes of production.

Taking It One Step Further

PESTLE can be used to gather the required information on risks such as the legal requirements of an organization during production, and the health and safety of its workforce. SWOT can be used to determine the strengths the organization has whether new or ongoing projects. However, to take the risk analysis further coupling Failure Mode and Effects Analysis (FMEA), which we have covered previously, with SWOT and PESTLE gives a stronger overall analysis and actions to mitigate the risks. FMEA takes the identified risks from SWOT and PESTLE, then prioritizes them to reduce risks going forward with a project.

If you do not feel qualified enough or have enough knowledge of the available tools for risk analysis then consider learning from a professional. Here at McDonald Consulting Group, we train everyday staff members to become risk analysts, with courses throughout the year or group training at your workplace.

Contact us for more information, or visit our training page.