riskbarkerBecause ISO 9001 is ISO’s most famous standard, when something strange goes on with 9001, people pay attention. At least in the quality profession, since no one else even knows what the hell ISO 9001 is.

So when ISO announced that the new 9001 standard would have something called “risk based thinking” in it, the buzz in the quality profession turned to risk management. Unfortunately, there’s another troubling aspect to this new dynamic.

Quality has always been a profession lacking in unity and vision. With rare exceptions, few rock stars have emerged to drive quality forward, and nearly none since the retirements of Crosby and Juran. Lacking humans to lead, we seek out avatars, in the form of cool-sounding “methods.” We have watched our profession waft from fence post to fence post, pausing only temporarily on “the next big thing,” such as quality circles, Lean, Six Sigma, and ISO 9001. Nowadays, the loudest salesman is often the only voice left in quality.

So it’s not a surprise that ISO caved to the newest, loudest salesman: the risk sellers. When I say “risk-seller” I mean to differentiate them from actual risk managers, because the risk-sellers usually have few to no peer-reviewed publications, and fewer still verifiable credentials. They will claim to have solved incredibly difficult problems for huge companies, but provide not a single, actual reference. When pressed, you discover they know how to throw around words, but actually don’t understand the definitions or how to use them in context.

robitailleAnd, as usual, the quality professionals rolled over when the risk sellers came to town. Sensing “risk” was the new “Six Sigma,” the usual suspects began telling us that risk had been there all along. In that ever-reliable journal of junk science Quality Digest, US TAG member Denise Robitaille sounded the alarm back in 2011, trying desperately to convince us that ISO 9001 has always been about risk. Sure …, if you think feet and penises are the same thing, because they are both attached to legs. This is salesmanship and nothing more, with Ms. Robitaille dutifully carrying the water of the ISO TMB to prep her readers into believing something that is utter and complete nonsense.

But it’s a disastrously bad move, because now the risk-sellers are just going to push quality professionals like Ms. Robitaille aside entirely, as they threaten to take over the profession. Before you say that sounds ludicrous, you may want to revisit how they managed to convince ISO to add their language into every management system standard ever.

01-sutherlandInvasion of the Logic Snatchers

So unarmed with any knowledge whatsoever about quality, the risk-sellers are invading the profession, insisting that they know how to run the store better than we ever did.

Greg Hutchins of the CERM Academy – an unaccredited provider of “certified risk manager” credentials – has actually trademarked the phrase “The Future of Quality: Risk” and boasts about how that term is now trending on Google, thanks to his ingenuity. I don’t know about you, but when I read that sentence, it doesn’t inspire me… it creeps me out.

Hutchins in (guess) Quality Digest:

Have you noticed that there’s a seismic shift going on in quality? Interest in risk management is growing and, according to some, approaching the level of quality management. What facts support this contention? Some global quality management system (QMS) registrars are placing their certification activities under the risk management umbrella. More quality conferences have risk management tracks. What’s going on?

The article goes on to present exactly zero “facts” and a whole lot of evidence-free speculation (“risk management is an obvious extension to the registrars’ auditing, compliance, and assurance activities“)  bobbleheaded, vague talking points loaded with hot-button phrases (“risks represented by imported products and food are now issues of public safety and homeland security“), and outright falsehoods (“ISO 9001 registrations in North America are flat“), the typical trademarks of a Hutchins piece. According to Hutchins, the modern world is more risky because of technology, presumably because those cavemen had no risks at all running from plague-infested sabretooth jackalopes, or whatever.

Why, Tookay?

It’s been a mantra of Hutchins for nearly a decade and a half. Coming off the Y2K debacle (seriously, read these dread-dripping cover notes from a 1999 book on Y2K), risk-sellers had to do something to repair the bludgeoning their profession took, so they started poking around quality. Here’s Hutchins making the same argument in ASQ’s Quality Progress, back in 2000:

There’s a lot of talk about the future of quality and quality management. First let me put your fears to rest. Quality is alive and well. It won’t disappear. It’ll just morph into something that reflects market needs.

Hutchins goes on to literally cite Murphy’s Law as a real scientific principle, even as he misquotes the thing entirely. Who believes this stuff? Quality magazine editors, I guess.

He doesn’t stop at claiming euphemisms as mathematical constructs, he attacks the quality profession head on, slapping Deming in the face and spitting on his grave. Hutchins is horrifically anti-Lean, anti-JIT and anti-anything-remotely-appearing-like-a-post-WWII-quality-management-principle. From a recent newsletter:


First of all, there’s no “we” unless he has a mouse in his pocket or counts his shadow as a sentient being. Secondly, and as usual, he doesn’t present a single fact to prove his inane, pre-industrial revolution position that “lean inventories result in risk.” And third, well hell, he’s just spending other people’s money like water, like most risk-sellers.

Now we see the likes of Alex Dali of G31000, who conveniently also sells unaccredited risk manager credentials, writing similar fluff pieces announcing the merger or risk and quality. Hutchins acolyte Dan T. Nelson announces “Risk-Based thinking? No problem!” But perhaps one of the most glaring examples comes from Greg Carroll, a risk management software peddler from Australia, who all but declares the entire legacy of quality dead, in “PDCA is NOT Best Practice

Well do you realise the PDCA concept was first develop [sic] in the 1920’s by Walter Shewhart.  Yes it’s near [sic] 100 years old, and the business world has moved on considerably since the 1920’s.

Yes, he just dissed PDCA, the cornerstone of the quality profession, and a concept so innocent it barely ever contradicts anything, and nearly everything can work alongside it. It’s like denouncing round dinner plates in favor of trains; it only makes sense if you’re selling trains.


This is the real future of quality: the risk that risk-sellers will overtake the profession, tell us all that Deming and Shewhart and Juran were idiots, and that some half-educated, dumbed-down form of risk management is the way to go. And they will do this without any facts, any evidence, and armed only with confusing blurbs and complete confidence.

Oh, and lots and lots of fear-mongering:


Sure. That worked so well for them during Y2K. Risk sellers are quick to invoke Deepwater Horizon, Ebola, 9-11, Hurricane Katrina and the Fukishima disaster, but never have an answer as to how they failed so spectacularly, resulting in Deepwater Horizon, Ebola, 9-11, Hurricane Katrina and the Fukishima disaster.

(See? I can monger fear, too.)

The truth is, risk management can exist very nicely with quality management, thank you. One doesn’t need to supplant the other. They are brothers, and we don’t need to merge them in some kind of messy human centipede. Doing so dumbs down both professions, cripples both disciplines, and will lead to no improvements at all.

So, risk-sellers: get the hell back to your circus barker day jobs. We can run our profession without your interference.

Image credit: Zack Rock.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation