Transnet Engineering wins IRMSA Award
October 28, 2016
What you need to know about the Dakota Access Pipeline
December 20, 2016

SHEQ Integrated Risk Management Framework

By Steve Simmonds, Executive Head: Business Development at IsoMetrix

Quality is defined as a measure of consistent excellence brought about by a strict commitment to standards that achieve uniformity of a product in order to satisfy specific customer or user requirements. However, quality means different things to different people. Quality is a journey, a constant striving for better results, and a quest for continual improvement.

ISO Management System Framework

While individual industries may define quality differently according to what quality means to them, managing quality is built on a universal framework that needs to be adapted to suit specific circumstances. The current ISO 9001, ISO 14001 and OHSAS 18001 standards create a good platform from which companies can develop their Management System. Since there are many synergies between the systems and the principles are relatively similar, these three systems can be combined into one management system. An Integrated Management System eliminates duplication of resources, such as time, effort and paperwork.

While ISO 9001 is the foundational standard that helps organizations identify customer requirements and achieve customer satisfaction. OHSAS 18001 assesses the risk associated with the OH&S hazards that have been identified and determines the controls that are necessary to reduce OH&S risks to an acceptable level and management compliance performance. While ISO 9001 and IS0 14001 have in the main an external focus, OHSAS 18001’s focus is internal.

Risk and quality

It is important to keep the bigger picture in mind. Quality does not exist in a vacuum. Risk management is inseparable from quality. The principles that apply to both; reputation, risk and quality are the same. The idea is to harmonize the risk management process and definitions, as well as existing and future standards.

As part of a SHEQ management system, risk management becomes the uniting foundation along with ISO 9001, creating an integrated management system. By integrating your management systems, and recognizing the impact each has on the other and how they all work together, it becomes a unifying entity and a center of excellence.

Risk-based strategic processes and operations model

Risk is central and not auxiliary to business processes. It forms the pillars of the organization, it is not something that sits in the middle or at the bottom. Your policy statement, standards and procedures, Quality Management (QM) plans and quality control plans inform communication and training. This is crucial. Quality is all about people; while you need to focus on the business, and worry about the profits, don’t forget about the people.

This, in turn, informs an organization’s structure and accountability. What controls do you have in your business? What are your critical controls and who owns these controls? This cycle needs to be constantly reviewed and improved. This is where you benchmark, not merely as an exercise but as an ingrained part of your strategy. In the core of this process and operations model lies ISO 31000.

Do you follow your quality statement, as set out in ISO 9001? The only way to know if you really follow it is to go through the process of are going to find out is if you go through the processes of ISO 31000. What are the operational objectives and what is the extent of their implementation?

The idea is to create strategic processes that are continually monitoring and assessing risks as they form part of an integrated system. This way the data you have captured becomes something you can use to identify trends, and that’s why from the point of view of what we do with IsoMetrix. You have all the data you have captured, and that data becomes something that you can use as a business intelligence tool. Why do you need that? For a simple reason really: you can’t make decisions on anything without the correct information.

Business excellence

Well known International Business Excellence frameworks, such as the EFQM Model, Baldrige Model, and the South African Model, focus on the process of assessing businesses to determine their current level of excellence. The Modified Business Excellence Framework (see figure) creates a holistic view of Business Excellence by including culture, values and communication. This creates a new dynamic, which takes a more detailed account of strategy, and communicates it better.

ISO 9001 closely aligns with Business excellence because Quality, Safety and Health etc are all business excellence. More often than not, the data needed to report on sustainability comes from SHEQ, because these areas are connected and should be integrated. To bring it all together we need to strive for a culture of excellence. If an assessment is taken across the whole business, does excellence permeate? Business Excellence is inseparable from Quality; it is the striving to be the very best you can be in your business endeavors.

To achieve business excellence, and quality, businesses can use this to their own advantage, because the model aligns so closely with ISO 9001 and the Plan, Do, Check and Act process, and ISO 9001 is the foundational standard for quality management.


Every part of your business informs every other part. Thus, an organization’s vision and mission, policies and objectives are vitally important, because they permeate to every part of your organization. A mission statement, or promise of quality is pointless if it is just something stuck up on a wall? Do you know your mission statement? Are you aware of it? Do you follow it? Do you have values and do you follow them? These things form the foundation on which quality is built, however you define it.