Bookmark this post, because in about a year, it will become a very important one.
Back in the late 2000s and early 2010s, ISO was hoodwinked by Australia’s Kevin Knight to add “risk” to all its standards. ISO saw dollar signs and did so. For ISO 9001, however, there was a concern that adding “risk management” would hurt sales if people thought they had to hire a risk manager to comply with the standard. So Nigel Croft came up with the name “risk-based thinking” as a workaround. It invoked risk without invoking risk management.
(When the world turned against RBT, he later denied it, but prior to that, he had personally asserted to me that, yes, he was the creator of that term. He was either lying then or is lying now. You pick.)
The problem is that risk-based thinking never existed and was invented out of thin air just to sell standards.
To prove it, I did an experiment. I ran date-filtered Google searches on the term “risk-based thinking” and proved that prior to the publication of ISO 9001:2015 drafts, the phrase never appeared in any quality management publications ever. It was used once in passing in a pharmaceutical paper, but only because the phrases “risk-based” and “thinking” happened to appear next to each other rin a sentence. As a thing in and of itself, “tisk-based thinking” didnt’ exist until Croft and TC 176 willed it into existence.
Now, I want you to do the same with ISO 9001:2026’s proposed “opportunity-based thinking,” which I am pretty sure was cooked up by Croft’s contemporary, Sam Somerville. She is a private consultant who operates under the name Jigsaw Quality Management, which is either hilariously accurate or painfully non-self-aware. Consultants like Somerville make money by making quality management more complicated, not less, so turning it into a jigsaw puzzle makes sense. Or maybe a horror movie, I don’t know.
I am timestamping this. Right now, it is Sunday, 26 January 2025. It is 9:20 AM Eastern US time. I will search for “opportunity-based thinking” in Google using quotation marks. Let’s see how many hits I get, ignoring any AI-generated slop.
We find very little. The primary usage of the term comes from a book on sales strategy called the Blue Ocean Strategy. This has nothing at all to do with quality management and uses the phrase only in terms of pursuing sales opportunities. It’s just a coincidence.
Relevant to quality management, we only find only a handful of consultants who saw ISO 9001:2015’s “risk-based thinking” and then tried to reframe it a bit for kicks. For example, we find a single PowerPoint slide deck by consultant Angelo Scangas from 2019, but he’s just musing on reframing risk-based thinking. We find another random paper by consultant Dragoljub Šarovićh, this one from 2020. And more from consultants such as TapRoot, CQI, or DQS.
As of right now, I count about 100 usages of the term when filtering out the Blue Ocean stuff. Google doesn’t report total search hits, so I am guessing.
Date filtering it prior to 2013 results in a single result. This, however, is not an accurate result, however, as the page in question presents a quality policy that was developed after the release of the 2015 version of ISO 9001, so would not have been published in 2012 as indicated. This is just a search engine glitch.
Meaning that there are ZERO findings on the phrase “opportunity-based thinking” prior to some people musing about it after ISO 9001:2015 was published.
Testing with Microsoft’s Edge browser, which uses Bing, it does report total hits, and “opportunity-based thinking” comes in at over 42,000. But Bing ignores the quotation marks, so it is reporting every instance of “risk-based thinking” that also includes the term “opportunity” and not the exact phrase “opportunity-based thinking.” So the real number is much, much lower.
Alternative search engine Duck Duck Go, meanwhile, shows even less. An article I wrote on ISO 9001:2026 CD2, which first referenced “opportunity-based thinking” comes up on the first page, for example.
No matter what search engine you use, you can’t find usages of the term that are any older than few years ago, other than the Blue Ocean stuff. What we see instead is simply users and consultants playing around with the wording of risk-based thinking to muse about a possible alternative. In short, as it stands right now, “opportunity-based thinking” is not yet a thing. There is no consensus over it, and it certainly has not been widely validated throughout the quality management profession as has, say, the process approach or statistical process control.
I want you to keep this in mind, because once ISO 9001:2026 is published, there will be an entire cottage industry that bursts out overnight related to this subject. The search engine hits will become impossible to count (much as “risk-based thinking” is now impossible to track.) Worse, consultants will insist that they have been experts in “opportunity-based thinking” all along, even though the evidence shows that nearly no one was talking about it.
It is really frustrating that while other professions are advancing their approaches and battle-testing them in industry, the quality profession is led by slow-witted, lazy consultants who can’t be bothered to validate anything. They just make shit up, and the rest of the world nods their heads like bobblehead dogs on a truck dashboard.
As I said, bookmark this post.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
Hi Chris
I have always followed and enjoyed your “straight-from-the-hip” critiques and “sharp biting wit”.
I strongly agree with another of your posts critising the use of the term “positive risk”. Risk is always associated with a negative outcome or result. I also recommend against use of the insurance-inspired use of “upside risk”. All risks have a “downside” character !
Regarding “Opportunity Based Thinking” I disagree with your quote below & the general tone of this article. It implies that lack of wide-spread current usage of any terminology proves that it is automatically not meanful or useful to consider.
Quote above – “Meaning that there are ZERO findings on the phrase “opportunity-based thinking” prior to some people musing about it after ISO 9001:2015 was published” – End-of-Quote
FYI – I have been using since 2018 in training and consultancy the term R&OBT or ROBT – Risk & Opportunity Thinking and Risk & Opportunity Thinker.
An over-arching principle of my approach is that –
“you cannot exploit/pursue an opportunity without co-existing concurrent or emergent risks”
and
“you should not manage a risk without being alert to any co-existing concurrent or emergent opportunity”
My operational definitions of relevant terminology and how a ROBT should think and do are shown below. They can be applied beneficially across any Management System.
# 3 elements of a risk or opportunity
https://www.dropbox.com/t/7N6eQMklLKtPqaDc
# Everyday Operational Definitions of Risk & Opportunity https://www.dropbox.com/t/0CCXpFpMIbzv8gmb
# ROBT (Risk & Opportunity Based THINKER)
https://www.dropbox.com/t/ob5ZVQsUHKJgSCzv
# Risk Based Thinking is universal
http://riskbasedthinking.blogspot.com/
Keep up your vigilant “call-out crap & shonky bahaviours” posts
Regards Jim Whiting
Thanks, Jim, an dI know you have been a long-time reader and a great supporter. So I appreciate your comments!
You said you began using the term “opportunity-based thinking” in 2018. That was my point. Prior to 2015, no one was using any “XYX-based thinking” phrase. Croft made it up, ISO published it, and it fell into the zeitgeist AFTERWARD. It was inevitable that some folks might see “risk-bsaed thinking” and come up with “opportunity-based thinking.” It wasn’t a leap.
Compare this to the process approach. Deming began beating this drum in the 1950s. By the time ISO adopted it in 2000, it had been firmly rooted in the quality profession, vetted, validated, and fully established. It made sense that ISO would incorporate it into a standard, because it was already a normative practice. Ditto for other concepts like quality objectives, corrective action, preventive action, management reviews. Many of these elements appeared in MIL-Q-9858 from the late 50s.
“Risk-based thinking” was entirely made up specifically FOR the new ISO 9001:2015 standard. It was never vetted or validated because it never existed. Croft made up the term to soften the idea of “risk management” so that ISO 9001’s sales were not impacted. It was a marketing gimmick done to dumb down risk management for the worst actors in the quality profession. It should have been ejected from the standard, since it did NOT represent an existing tool or approach, but by 2015 the private consultants had taken over ISO and so it was allowed. We now see this getting worse with the inclusion of “opportunity-based thinking” which is much, much worse.
Yes, you and a few others might have used the term. that does not make it equivalent to the half-century of validation that concepts like the process approach or management review had prior to them being added to ISO 9001.
Furthermore, by saying that quality management now requires people to think about risk AND opportunity, we take people’s eyes off the actual ball: to ensure products and services meet requirements. Instead, people will run around trying to satisfy some nebulous, made-up consulting terms that have no validated history or data to support their overnight invention.
“RBT” and (gasp, this will be the first time I type this) “OBT” are fine for 9004 or consultant opinion pieces. They can be optional approaches pursued by companies if they like. They have no place in a standard that is supposed to represent the world’s consensus on proven, validated, existing best practices.