Full disclosure: I am aware that I’m at the center of the controversy surrounding the author of this book, William A. Levinson, and that he is currently engaged in a fairly nasty social media campaign against me. Nevertheless, this review puts all of that aside and examines it solely based on its content.

Risk-Based Thinking Handbook: The Perfect Companion to ISO 9001:2015 is published by the American Quality Institute, that plucky group of private consultants who mostly, and coincidentally, worked to ensure ISO 9001 was so confusing, you’d have to hire them and buy their books to decipher it. The author of this book, William A. Levinson, was not on that committee, so that accusation can’t be laid at his feet. While that’s good, this book shows the lack of insight Levinson has for ISO 9001, and how he has to reach into historical contexts and sources outside of ISO 9001 in order to build enough content for the book.

The book is an agonizing slog into the personal and dated interests of its author, framed as a book on ISO 9001, but which offers little useful advice for users, instead treading in exhausted and debunked concepts of risk management as peddled by someone who seems to know little about the subject. To be clear: like so many of his ISO 9001 consultant peers, Levinson has no formal degree in risk management, and no demonstrable evidence of having worked in a professional risk management capacity (e.g., as a RM department staffer or manager) in his previous employment history. He has worked as an engineer for IBM and Fairchild, according to his LinkedIn profile, and then as a private consultant since the early 2000’s. So he comes to the risk game late, but this is a truism in which he is joined by the authors of ISO 9001 itself, none of whom have any such experience either.

The book starts off with one dramatic flaw, making one wonder if the author did any “risk-based thinking” in its preparation. Levinson claims the ISO 9001: 2015 definition of risk is “the effect of uncertainty on an expected result,” but Levinson’s definition comes from the early “DIS” draft of ISO 9001, circulated in 2014 and later revised — twice — before publication of the final version in late 2015. This means Levinson’s book is based on a version of ISO 9001 that was never even published. It’s not confidence inspiring if the author gets the definition of his key concept wrong right at the start. Since the book was published in October 2015, it’s clear that Levinson had been writing it before the standard was actually published (in September), so it’s clearly based on material he dreamed up, rather than what appeared in the actual final standard.

Levinson then conflates the implementation of Failure Mode Effects Analysis (FMEA) with his faulty definition, by placing them next to each other in the same paragraph. He uses this to say that “risk is essentially the product of likelihood and the consequences,” invoking the FMEA mathematical calculation that is not adopted universally within the risk management profession, and which was soundly debunked. FMEA fails because it is based on a mathematical fallacy: it relies on applying multiplication to concepts ranked by ordinal-scale data, when the process requires ratio-scale data in order to get the math to actually work. Mathematician Dennis Wheeler famously wrote, in Quality Digest, “This is why any attempt to use [risk priority number] values is an exercise in absurdity. Their use in the same room with a mathematician will tend to produce a spontaneous explosion. They are utter and complete non­sense.” As I wrote in my book, RPN is simply the assignment of numbers to Tarot cards, in order to give divination the appearance of science. Yet Levinson bases his entire concept of Risk-Based Thinking on RPN, occasionally quoting a US Army handbook in order to justify it.

It gets worse. Levinson continues to borrow the worst memes and oft-repeated clunkers of the profession. He literally writes, “‘Say what you do, and do what you say.’ This is the foundation of ISO 9001,” invoking the ancient — and utterly derided — quote that led so many to criticize ISO 9001 in the 1990’s. It was this false meme that led to the mythology that said ISO 9001 certified companies could manufacture “cement life vests” and which led to the dramatic reboot that ISO 9001 underwent in its 2000 edition.  In truth, it’s always been “ISO says what to do, and you do it.” Those — like Levinson — repeating the meme only display a gross misunderstanding of how standards work.

If you manage a national military organization, like an army, you might get value from this book. Levinson’s obsession with military applications, military hardware and quoting military officials is on full display. He quotes Sun Tzu, General Patton, and includes photos of weapons, as if every user of ISO 9001 is involved in some great imaginary war effort funded by war bonds. He quotes the Army’s risk management document ATP 5-19 quite a lot, and helps spread the erroneous claim that ATP 5-19 is “synergistic with ISO 31000,” ISO’s standard on risk management. The truth is that ATP 5-19 actually and totally contradicts ISO 31000, and never actually mentions it once. The myth that ATP 5-19 is somehow a cousin of ISO 31000 has been spread by many ISO 31000 consultants, who seek to reassure their clients by misleading them into thinking the Army has embraced the ISO standard; one such consultant is even quoted in Levinson’s book a few times.

Next, despite ISO 9001 clearly titling it’s clause on risk-based thinking “Actions to Address Risks and Opportunities,” Levinson misses the latter half nearly entirely. “Opportunity” under RBT is the opposite side of the coin: the pursuit of potentially beneficial effects of uncertainty. In Levinson’s book, opportunity is simply a reframing of negative risk, the occasional side effect of reducing a risk, such as the reduction of waste (muda). Levinson discusses not at all the pursuit of pure opportunities, unrelated to negative risk, such as pursuing new contracts, expanding business into new markets, pursuing customer referrals. The term “opportunity” appears only occasionally in the book, and nearly always framed as a means of reducing the negative risk of muda. He, like so many other sudden risk-based thinking experts, is stuck in a reactive mode, scrambling to find ways to reduce scrap, while ignoring an entire constellation of possibilities under the pursuit of “pure opportunity.” It’s the natural environment for a low level engineer, but it alienates utterly any upper manager that might read the book.

The most egregious sin Levinson commits, however is his unending and often exhausting tendency to quote people and invoke historical scenarios that nearly never have anything to do with the subject. It’s clear that Levinson likes military history, and wants you to know he’s a student of this subject. However, many of his quotes appear lifted from Bartlett’s or Google, since they aren’t accompanied by any personal or deep interpretation, and they nearly never provide a useful context for his target audience, the users of ISO 9001. He also name-drops, incessantly, his chief obsession, Henry Ford. The book, therefore, appears to have been written in some time-twisted era between 1900 and 1950, but might equally be useful for anyone still struggling with the same problems faced by widget-makers during the Industrial Revolution. We’re supposed to think Ford is still relevant, and that somehow when ISO 9001’s authors invented “risk based thinking” over a weekend in 2013, they were invoking Ford. That’s ludicrous.

This egotistical self-satisfying approach results in a book that is decidedly backwards-facing, constantly invoking an ancient past, without providing meaning or context for those living in a post-1950 world. It’s thus not useful for those of us in the 21st century, facing a reality that is far different than what Levinson sees on The History Channel on Sunday afternoons.

In short, the book is an exploration of Levinson’s particular hobbies, using “risk-based thinking” as a means to an end to discuss those interests, but failing entirely to address the subject named on the cover. Worse, when RBT is discussed, it’s done so in an overly complicated manner that is utterly out of context with what could be useful to a modern ISO 9001 user, and is mired in off-topic military history. For the average machine shop, they will come away thinking ISO 9001 is advanced particle physics combined with science fiction rocketry; for the average service provider who doesn’t do manufacturing at all, the book offers nothing at all in the way of advice.

If you run an army, though, you might get some use out of it.


    About Christopher Paris

    Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015, which can be purchased here.