Consulting With a Personal Touch|Call Us: 832-326-9796

Risky Business: Let’s Put It In Context

Posted by Victoria Ontiveros in Blog, Home Page 27 Mar 2020


Anticipating and preparing for the impacts of organizational risks can be difficult, especially with quickly changing business environments. The coronavirus (COVID-19) pandemic has forced organizations in both the public and private sector, including schools, hospitals and even restaurants, to rush to develop creative responses to the impacts of the virus. This tragic crisis has also exposed the vulnerability of our business environments and supply chains. How can organizations better prepare for a future crisis and issues? Management systems, such as ISO 9001:2015, require organizations to determine the context of their organization. This includes being aware of their business environment and considering internal and external factors that have an effect on their products, services and interested parties. But how can identifying these factors help organizations anticipate and prevent a crisis? This article will provide an overview of how utilizing a management system, such as ISO 9001, to define the context of an organization can prevent the negative impact of internal and external issues.


ISO 9001:2015 and the Context of the Organization

The context of the organization is defined as the combination of internal and external factors and conditions that can have an effect on an organization’s approach to its products, services and investments and interested parties. Let’s take a look at the ISO 9001:2015 requirement for the context of the organization.  Per ISO 9001, clause 4.1 Understanding the organization and its context states:


The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.


We see that the requirement starts off with determining the external and internal issues that are relevant to the purpose of your organization. When working with clients, it’s common for them to identify employees as internal issues and suppliers as an external issue. It can be difficult to push past these everyday issues we encounter, and identify those such as the economy or even the outbreak of a global disease. If we take a step back and really invest time in understanding the purpose of our organization and our strategic direction we can dig deeper into identifying these issues.


What is the Context of Your Organization?

The process of defining the context of your organization and assessing internal and external issues should start with answering the following questions:


1. What is the purpose of your organization? Formally understanding the aims and mission of your company can help you understand the purpose of your organization. This is typically an organization’s mission statement.

2. What is your current strategic direction? Both internal and external issues can influence the future strategic plans of an organization. If your organization does not understand the current strategic direction, how can you make changes moving forward? Consider performing a Strengths, Weaknesses, Opportunities, Threats and Trends (SWOTT) analysis as a tool.

3. What are the intended results of your quality management system? Maybe you implemented your management system to attract new customer, or maybe your customer’s were requiring certification. Whatever your reason may be, ensure you have a clear understanding of the why the management system was implemented.

Once you have a clear understanding of your organization’s purpose, strategic direction and the intended result(s) of its quality management system we can start identifying internal and external issues.


Identifying Internal and External Issues

There are several internal and external issues that can have an impact on your organization. Issues can have both negative and positive impacts. As previously mentioned, many organizations stop assessing internal and external issues when  they get to the employee and customer level, but there are far more to consider. First, let’s define what an internal issue is. Internal issues relate to an organization’s internal environment. These may issues related to products or services for example, or regulatory requirements. Let’s identify a few internal issues surrounding current events:


• Internal Resources – Consider the impact COVID-19 has had on your internal resources, such as your workforce.

• Accounts Payable and Collections – In the current economic climate, consider the impact oil prices are having for those in the oil and gas industry. If business and their customers are experiencing a negative cash flow, this directly impacts their ability to pay, or collect.

• Company Culture – Tragic events such as the virus and layoffs being discussed 24/7 can have major impacts on employees. Less motivated, over worked or stressed employees can impact your organization.


What is an external issue? External issues are outside of your organization, and typically out of our control. They influence how we respond within our organization. These can definitely include customers and suppliers, but there are so much more. Let’s identify a few external issues surrounding current events, which go beyond customers and suppliers:


• Travel Restrictions and Social Distancing – With many countries and states issuing travel restrictions, consider if your organization has the ability to provide remote services.

• Broken Supply Chains – COVID-19 has led to shortages in our global supply chains.

• Cyber attacks – With remote working becoming a necessity, if the devices your employees are utilizing are not protected your organization could be more vulnerable to cyber attacks. It is important understand how cyber attacks can have an impact on your strategic direction.

As we can see, we are drilling down to the specific issues. By properly identifying the internal and external issues that can impact an organization, we improve our ability to better assess and mitigate risks.



Defining and documenting the context of your organization is critical to ensuring you capture internal and external issues, beyond just the customer, employee and supplier level. Organizations that have a deeper understanding of the potential issues have the ability to adapt and survive in their rapidly changing business environments. Once issues are properly identified, organizations have the ability to conduct more thorough risk assessments and establish proper controls. From global pandemics to local ordinances, defining the context of your organization will assist with proactively addressing business challenges and risks. Interested in implementing a management system? Contact us to how we can help you achieve your organization’s goals. Click here to watch our webinar to learn more about the context of your organization.



3 tips for preparing your team to undergo a certification body audit.

Victoria Ontiveros | Project & Office Coordinator 

Victoria focuses on creating quality educational content that provides value to current and potential clients. By collaborating with members of leadership and sales, she is able to develop informative articles that answer common questions and connect with current trends.

Victoria earned her Bachelor of Science in Sociology with an emphasis in communications from Texas A&M University.

Post a comment

Show Buttons
Hide Buttons