Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay

Este es un artículo de acceso abierto distribuido bajo los términos de una licencia de uso y distribución CC BY 4.0. Para ver una

copia de esta licencia visite https://creativecommons.org/licenses/by/4.0/ 265

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay

Este es un artículo de acceso abierto distribuido bajo los términos de una licencia de uso y distribución CC BY 4.0.

Para ver una copia de esta licencia visite https://creativecommons.org/licenses/by/4.0/

Improving the Improvement

Mejorando la Mejora

Melhorando a Melhoria

Darío Alentorn

(*)

Recibido: 06/06/2024 Aceptado: 28/06/2024

Summary. - This work reflects on the benefits of applying risk-based thinking for improvement in a quality

management system.

Based on the crucial role of theory and on the belief that conceptual accuracy and clarity are the main key to an

effective practice, this work studies and analyzes the state-of-the-art core concepts of improvement and risk

management, through international and national standards, including ISO 9000, ISO 31000 and ANSI-PMI Standards,

among others. Consequently, reformulations of the main definitions about improvement are proposed, with the

contribution of risk-based thinking concepts, in order to provide a wider perspective of the knowledge platform that

has been built.

The structure of this paper consists of: Summary, Introduction, Framework, Analysis and Discussion, Conclusions

and References.

Keywords: Quality; Risk; Improvement; ISO 9001, ISO 31000.

(*) Corresponding Author

Structural Civil Engineer, PMP. Universidad de Montevideo, Uruguay, dalentorn@correo.um.edu.uy, ORCID iD: https://orcid.org/0009-0001-

7726-9396

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 266

Resumen. - El presente trabajo reflexiona sobre los beneficios de la aplicación del pensamiento basado en riesgos

para la mejora en un sistema de gestión de calidad.

Basado en el papel crucial de la teoría y en la creencia de que la precisión y claridad conceptual es la clave principal

para una práctica efectiva, este trabajo estudia y analiza los más recientes conceptos relativos a la mejora y la gestión

de riesgos, mediante la revisión de estándares internacionales y nacionales, incluyendo las Normas ISO 9000, ISO

31000 y ANSI-PMI, entre otras. En consecuencia, se propone la reformulación de las principales definiciones relativas

a la mejora, enriquecidas con el aporte del pensamiento basado en riesgos, permitiendo ver más allá y con mayor

perspectiva, la plataforma de conocimiento construida.

La estructura del trabajo consta de: Resumen, Introducción, Marco Conceptual, Análisis y Discusión, Conclusiones

y Referencias.

Palabras clave: Calidad; Riesgos; Mejora; ISO 9001, ISO 31000.

Resumo. - Este trabalho reflete sobre os benefícios da aplicação do pensamento baseado no risco para a melhoria de

um sistema de gestão da qualidade.

Baseado no papel crucial da teoria e na crença de que a precisão e a clareza conceptual são a chave principal para

uma prática eficaz, este trabalho estuda e analisa os conceitos mais recentes relacionados com a melhoria e a gestão

de riscos, através da revisão de normas internacionais e nacionais, incluindo a ISO 9000, ISO 31000 e ANSI-PMI,

entre outros. Consequentemente, propõe-se a reformulação das principais definições relacionadas com a melhoria,

enriquecida com o contributo do pensamento baseado no risco, permitindo-nos ver mais longe e com maior

perspectiva, a plataforma de conhecimento construída.

A estrutura do trabalho é composta por: Resumo, Introdução, Estrutura Conceitual, Análise e Discussão, Conclusões

e Referências.

Palavras-chave: Qualidade; Riscos; Melhoria; ISO 9001; ISO 31000.

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 267

1. Introduction. - Although the 2015 version of ISO 9001 [1] promotes the risk-based thinking approach, highlighting

its benefits, it is partially applied to the Improvement chapter.

Despite the close link between improvement and risk-based thinking, there is only one mention to risks in the 10.

Improvement chapter of ISO 9001 [1]. This mention is in 10.2 Nonconformity and corrective action part e): “When a

nonconformity occurs, including any arising from complaints, the organization shall:(…) e) update risks and

opportunities determined during planning, if necessary…”.

This point of view focuses on the planning process, coherently with ISO 9001 requirements related to risks (6.

Planning, 6.1 Actions to address risks). But the Improvement requirements can get much more benefits from a risk-

based thinking approach.

The objective of this work is to provide guidance for the best application of risk-based thinking to the continuous

improvement process as well as inputs for a future review of the ISO 9000 series standards. For this, definitions from

different sources are compiled and revised. An analysis of their strengths and weaknesses is also done. As a result of

the analysis carried out, a redefinition of the terms corrective action, preventive action and correction is proposed in

order to widen them, facilitating the application of risk-based thinking.

2. Framework: definition of key concepts for the analysis. -

2.1 Preventive action [2]

“action to eliminate the cause of a potential nonconformity or other potential undesirable situation.

Note 1 to entry: There can be more than one cause for a potential nonconformity. Note 2 to entry: Preventive action is

taken to prevent occurrence whereas corrective action is taken to prevent recurrence”.

2.2 Corrective action [2]

“action to eliminate the cause of a nonconformity and to prevent recurrence.

Note 1 to entry: There can be more than one cause for a nonconformity. Note 2 to entry: Corrective action is taken to

prevent recurrence whereas preventive action (3.12.1) is taken to prevent occurrence. “

2.3 Correction [2]

“action to eliminate a detected nonconformity.

Note 1 to entry: A correction can be made in advance of, in conjunction with or after a corrective action. Note 2 to

entry: A correction can be, for example, rework or regrade”.

2.4 Improvement [2]

“activity to enhance performance.

Note 1 to entry: The activity can be recurring or singular”.

2.5 Continual improvement [2]

“recurring activity to enhance performance.

Note 1 to entry: The process of establishing objectives and finding opportunities for improvement is a continual process

through the use of audit findings and audit conclusions, analysis of data, management reviews or other means and

generally leads to corrective action or preventive action.”

2.6 Performance [2]

“measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes, products, services, systems or

organizations”.

2.7 Risk-related terms.

2.7.1 Risk [2]

“effect of uncertainty.

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or

knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential events (as defined in ISO Guide 73:2009, 3.5.1.3)

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 268

and consequences (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes

in circumstances) and the associated likelihood (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.

Note 5 to entry: The word “risk” is sometimes used when there is the possibility of only negative consequences”.

2.7.1.1 Risk, Risk Source. [3]

Risk: “effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create

or result in opportunities and threats.

Note 2 to entry: Objectives can have different aspects and categories and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their

likelihood”.

Risk source: element which alone or in combination has the potential to give rise to risk.

2.7.2 Risk, Threat, Opportunity.

2.7.2.1 Approach according to PMI-PMBOK [4]

“Risk. An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project

objectives” [4] P. 248

“Threat. A risk that would have a negative effect on one or more project objectives” [4] P. 251

“Opportunity. A risk that would have a positive effect on one or more project objectives.” [4] P. 243

2.7.2.2 Approach according to ANSI/PMI 08-002-2024 [5]

“A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more program

objectives. Risks can have both positive and negative impacts on programs. Negative risks, often referred to as threats,

affect the implementation of programs and realization of benefits. Positive risks, usually referred to as opportunities

help foster effective, efficient program implementation and increased realization of benefits.”

2.7.2.3 Approach according to ANSI/PMI 99-001-2021 [6]

“A risk is an uncertain event or condition that, if it occurs, can have a positive or negative effect on one or more

objectives. Identified risks may or may not materialize in a project…Project teams seek to maximize positive risks

(opportunities) and decrease exposure to negative risks (threats)”.

2.7.3 Risk, Threat, Opportunity, Cause. [7]

Risk. “An individual risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or

more objectives.”

Opportunities. “Opportunities are risks that have a positive effect on one or more objectives”.

Threats. “Threats are risks that would have a negative effect on one or more objectives.”

Cause “events or circumstances that currently exist or are certain to exist in the future, which might give rise to risks”.

[7] Risk management in Organizations, P. 11

X6.2 As a result of cause, risk may occur, which would lead to effect” [7] Identify Risks, P. 129 (Appendix X6

Techniques for the Risk management framework.

2.7.4 Threat, Opportunity

2.7.4.1 Threat, Opportunity according to IEC 31010 [8]

Threat: potential source of danger, harm, or another undesirable outcome

Note 1 to entry: A threat is a negative situation in which loss is likely and over which one has relatively little control.

Note 2 to entry: A threat to one party may pose an opportunity to another.

Opportunity: combination of circumstances expected to be favorable to objectives

Note 1 to entry: An opportunity is a positive situation in which gain is likely and over which one has a fair level of

control.

Note 2 to entry: An opportunity to one party may pose a threat to another.

Note 3 to entry: Taking or not taking an opportunity are both sources of risk.

2.7.4.2 Threat, Opportunity according to ISO Online browsing platform [14]

Opportunity: risk occurrence that would have a favorable impact

Threat: risk occurrence that would have a negative impact

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 269

3. Analysis and Discussion.

3.1 Prevention.

3.1.1 Relationship between preventive and corrective actions with risk-based thinking. - The ISO 9001:2015

Standard [1], Annex A, Clause A.4 Risk-based Thinking, establishes: “One of the key purposes of a quality

management system is to act as a preventive tool. Consequently, this International Standard does not have a separate

clause or subclause on preventive action. The concept of preventive action is expressed through the use of risk-based

thinking in formulating quality management system requirements.”

This shows prevention as associated with preventive actions, but it is then worth questioning whether corrective actions

are included in the concept of prevention.

Considering ISO definitions for preventive and corrective actions (see 2.1 and 2.2), it is concluded that preventive

actions are intended to prevent the occurrence of a nonconformity and corrective actions are, in turn, intended to

prevent the recurrence of a nonconformity . Therefore, the concept of prevention should include both. Likewise, from

the cited paragraph, preventive actions have been replaced by risk-based thinking, but it is restricted to "formulating

requirements for the quality management system." It should be noted that, by definition, preventive action not only

refers to this, but also to preventing the occurrence of any non-conformity, for example of a product or a process.

Suppose that a negative trend of a process is observed, which is below the minimum acceptable quality level, the

maintenance of the trend would result in a non-compliant value. A preventive action to solve this is not the formulation

“of quality management system requirements”, but it is a common type of preventive action.

Therefore, the current ISO concept of preventive action (see 2.1) is limiting and the same applies to corrective action,

since it has not been interpreted from a risk-based thinking perspective. According to its current definition, it would

be appropriate to do so as an action taken to eliminate the risk of recurrence of a nonconformity, just as preventive

action should be interpreted as an action taken to eliminate the risk of the occurrence of a nonconformity.

On the other hand, although a similar treatment is observed in the ISO definitions of preventive actions and corrective

actions, the concept of preventive action is more comprehensive than that of corrective action, as it includes not only

the elimination of a cause of nonconformity , but also that of “another potential undesirable situation.” This approach

is much more aligned with risk-based thinking and should be incorporated into the concept of corrective action, to

include the elimination of the cause of other real undesirable situations, for which there is a risk of recurrence.

3.1.2 Prevention and Improvement. - In Note 1 to the continual improvement definition (see 2.5), it is established

that “generally leads to corrective action or preventive action”. The word “generally” refers to other types of

improvement actions that are not corrective or preventive actions as defined by ISO (see 2.1 and 2.2). In fact, this is

where risk-based thinking again contributes to improving the improvement concepts, allowing to consider those actions

that, without eliminating the cause of real or potential non-conformities, reduce the risk associated with recurrence or

occurrence respectively.

Reviewing the meanings of prevention in English and Spanish languages, there are important differences. In English

[13] the main meaning is “the action of keeping from happening or making impossible an anticipated event or intended

act”. So, this concept is only related to negative effects, that is why the action is to make impossible the event. But in

Spanish [9] the main meaning is "to prepare, harness and arrange in advance what is needed for a purpose" . This

concept is more comprehensive in Spanish, because it could be related also to events with positive consequences on

the purpose. Thus, this kind of action should be included in the concept of preventive action, from the risk-based

thinking perspective, not only considering the negative effects on the objectives (undesirable situations or potential

non-conformities) but also the positive effects. Prevention and improvement are not only related to negative effects on

the objectives. Continuing with risk-based thinking, suppose an event or condition that, if it occurs, will have a positive

effect on the objectives. Suppose a strategy to increase its likelihood and/or its positive impacts. In this case, we would

be taking an action that does not respond to the prevention of the occurrence of a negative impact, but to the promotion

of the positive impacts.

3.2 Improvement and Cost of Quality. - The Prevention-Appraisal-Failure (PAF) quality cost model is defined [10]

as “a methodology that allows an organization to determine the extent to which its resources are used for activities that

prevent poor quality, that appraise the quality of the organization’s products or services, and that result from internal

and external failures.” This methodology considers conformance costs (prevention and appraisal) and nonconformance

costs (internal and external failures).

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 270

Internal and external failure costs are considered poor quality costs, which means a loss for the organization. They

include the costs of correction, rework or rectification. On the other hand, prevention and appraisal costs are considered

costs of good quality, meaning investment, due to their contribution to profits. The first ones because they avoid the

appearance of non-conformities and the second ones, because they reduce poor quality costs, avoiding or reducing the

non-conformities delivered to clients.

“Quality improvement is synonymous with a reduction in the cost of poor quality” [11]. Prevention costs are incurred

to prevent or avoid quality problems and they include the costs for preventive and corrective actions (improvement).

“The Prevention category is defined as the experience gained from the identification and elimination of specific causes

of failure cost to prevent the recurrence of the same or similar failures in other products or services” [11]. “Internal

failure costs have been defined to include basically all costs required to evaluate, dispose of, and either correct or

replace nonconforming products or services prior to delivery to the customer ...” [11].

The Note to subclause 10.1 Generalities in clause 10. Improvement of ISO 9001 [1] establishes that:

“Examples of improvement can include correction, corrective action, continual improvement, breakthrough change,

innovation and re-organization”.

But, based on the PAF model’s main concepts summarized before, correction (see 2.3) should not be considered an

example of improvement, because it leads to poor quality costs (loss), and it should not be considered an investment

(improvement costs). From the quality point of view, the common instruction is “get it right first time, every time” but

correction seeks to eliminate a detected nonconformity, whenever the minimum acceptable quality level is not reached.

The ISO definition of preventive action (see 2.1) considers the ideal situation for managing a potential nonconformity

or a potential unfavorable situation, which is to eliminate its cause to avoid its occurrence. From the quality costs’

point of view, this is also the ideal situation, with an entirely effective action that leads the cost of future losses to zero.

Unfortunately, the definition does not consider the actions aiming at reducing the effects of the nonconformity and/or

the likelihood of its occurrence, even though both paths lead to reduce the costs that the nonconformity would generate

in case of occurrence (losses), which should also be considered prevention.

The ISO 9000 corrective action’s definition (see 2.2) emphasizes the importance of searching for the root cause of an

existing nonconformity in order to prevent recurrence. Similarly, this concept does not contemplate the cases in which

neither the cause, nor the actions to avoid recurrence can be found. In these cases, actions can be taken to reduce the

effects of the nonconformity and/or the likelihood of its recurrence. Both paths lead to reducing the costs that the non-

conformity would generate in case of recurrence, and that is why they should be included in the definition of corrective

action to make it more comprehensive (see 3.3.3).

3.3 Improvement and Risk-based thinking. -

3.3.1 PMI Risk management concepts. - The PMI Standard for Risk Management (see 2.7.3) recommends describing

each risk using a three-part statement which includes cause-risk effect. This approach facilitates the relationship with

the traditional quality management point of view of corrective and preventive actions. In fact, studying the risk

associated with the occurrence or recurrence of a nonconformity implies the identification of the cause in order to

eliminate it. This kind of risk response is called “avoid” in this standard, and it consists of eliminating a threat or

protecting an activity from its impact. So preventive and corrective actions correspond to the avoid strategy of risk-

based thinking.

But there are other kinds of responses as “Mitigate” which consist of actions taken to reduce the probability of

occurrence and/or impact of a threat. Once again, risk-based thinking feeds the Improvement classical concepts of

preventive and corrective actions, widening them, by the consideration of these type of actions that, while not

eliminating the cause, may reduce the risk. This concept is aligned with the Cost of Quality methodology, as shown in

3.2.

All PMI Standards (see 2.7.2 and 2.7.3) classify risks based on their effects. If they are positive, they are called

opportunities and if they are negative, they are called threats. Risk management seeks “to maximize positive risks

(opportunities) and decrease exposure to negative risks (threats)”.

3.3.2 ISO Risk-based thinking. - The ISO Risk Management Standard defines risk, but its expression (see 2.7.1.1,

Note 3) does not mention the cause of the risk (as PMI Standards do), but the source of the risk. Thus, in ISO

31000:2018 [3] “6.5.2 Selection of risk treatment options” one of them is eliminating the risk source, and others are

changing the likelihood or consequences. These concepts are very similar to the ones described before, in 3.3.1.

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 271

Opportunities and threats are mentioned in Note 1 to the risk definition, though they are not defined in this standard

[3] but linked (see 2.7.4.1).

In ISO 9001:2015 [1] “risks and opportunities” are mentioned systematically, but if the risk concept includes the

positive effects on the objectives, it is not clear the reason for the explicit reference to opportunities. This may be

caused by the association of the word risk only to negative effects, against its own definition.

In the same standard [1], Note 2 to 6.1.2 (6.1 Actions to address risks and opportunities) establishes that: “Actions to

address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source,

changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision”. Thus, the “Actions

to address risks” are similar to the “Risk response” in PMI standards.

3.3.3 The failure mode and effects analysis (FMEA). - This classic quality management tool provides a method to

calculate the risk associated with the occurrence or recurrence of non-conformities (replacing the failure concept). It

helps to identify potential failure modes in a system as well as their causes and effects. The potential failures are

prioritized according to how serious their consequences are (S), how frequently they occur (O), and how difficult it is

to detect failure before the user becomes aware (D). The purpose of the FMEA is to take actions to eliminate or reduce

failures, starting with the top-priority ones.

There is a risk for each potential failure, and this is calculated by the Risk Priority Number (RPN), as a product of

three previously mentioned factors Severity, Occurrence, and Detection (RPN = SxOxD). Each of these three factors

goes from 1 to 10. Eliminating the cause would be equivalent to obtaining a probability of occurrence of 1 (which, for

example, could be associated with 1 in 1.500.000) [12].

This tool is especially helpful to understand the mitigation actions to address risks, because the actions to be taken

should decrease the RPN. In fact, it emphasizes the importance of considering actions that do not eliminate the cause

of the nonconformity but reduce the probability of occurrence or recurrence and/or their impact. Subclause 5.3.7.1 of

IEC 60812:2018 [15] establishes: “Understanding how the failure occurs is useful in order to identify the best way to

reduce the likelihood of failure or its consequences.”. This leads to a reinforcement of the concept of preventive and

corrective actions that should not be limited to eliminating the cause of non-conformities, but that also includes those

that mitigate the risk of occurrence or recurrence.

4. Conclusions. - The main characteristics that the definitions of the terms related to improvement should be included

were compiled and reformulated.

As in ISO 9000 [2], the criterium to establish a definition is describing only those characteristics that are crucial to

identify the concept. Information concerning the concept which is important but not essential to its description is put

in one or more notes to the definition.

Based on the above, a reformulation of improvement core concepts is proposed, ending up in a formulation of an

Improvement Principle.

Preventive action,

action to eliminate the cause of a potential nonconformity or other undesirable potential situation (threat), or else to

reduce the probability and/or the negative effects of its occurrence or to increase the likelihood and/or the positive

impacts of an opportunity.

Note 1: The treatment of the risk of occurrence of a potential nonconformity or other potential undesirable situation,

as well as that of a potential desirable situation, are equivalent to taking a preventive action.

Note 2: The greatest effectiveness of a preventive action is obtained when the risk of occurrence is eliminated, whereas

that of corrective action is obtained by eliminating the risk of recurrence.

Note 3: When the cause cannot be identified, or actions to eliminate it cannot be visualized, the risk can be mitigated

by reducing the likelihood and/or negative effects of its occurrence.

Note 4: There can be more than one cause for a potential nonconformity.

Note 5: Preventive action is an improvement action.

Note 6: From the quality cost’s point of view, the costs to take preventive action are considered an investment.

Corrective action,

action to eliminate the cause of a detected nonconformity or other undesirable situation, or else to reduce or mitigate

the likelihood and/or the negative effects of its recurrence.

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 272

Note 1: The treatment of the risk of recurrence of a nonconformity or other potential undesirable situation is equivalent

to taking a corrective action.

Note 2: The greatest effectiveness of a corrective action is obtained when the risk of recurrence is eliminated, whereas

that of preventive action is obtained by eliminating the risk of its occurrence.

Note 3: When the cause cannot be identified, or actions to eliminate it cannot be visualized, the risk can be mitigated

by reducing the likelihood and/or negative effects of its occurrence.

Note 4: There can be more than one cause for a detected nonconformity.

Note 5: Corrective action is an improvement action.

Note 6: From the quality cost’s point of view, the costs to take corrective action are considered an investment.

Correction,

action to eliminate a detected nonconformity or other undesirable situation.

Note 1: Correction is not an improvement action.

Note 2: From the quality cost’s point of view, the correction costs are considered loss.

Note 3: A correction can be made in conjunction with a corrective action.

Note 4: A correction can be, for example, to rework or regrade.

The new definitions of corrective and preventive actions include all the possibilities for avoiding causes or reducing

likelihood or effects of undesirable events, besides considering positive risks, their causes, probability of occurrence

and impact. This includes all the possibilities related to negative or positive risks, allowing to formulate the following

Improvement Principle:

Any improvement action can be interpreted as a preventive or a corrective action.

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 273

References

[1] ISO 9001:2015, Quality management systems - Requirements, 2015, Edition 5.

[2] ISO 9000:2015, Quality management systems - Fundamentals and vocabulary, 2015, Edition 4.

[3] ISO 31000:2018, Risk management - Guidelines, 2018, Edition 2.

[4] ANSI-PMI Combined Glossary for the Standard of Project Management and A Guide for the Project Management

Body of Knowledge (PMBOK Guide) – 2021, Seventh Edition.

[5] ANSI/PMI 08-002-2024, The Standard for Program Management, 2024, Fifth Edition. 2 Program Management

Principles - 2.7 Risk, p. 58

[6] ANSI/PMI 99-001-2021, The Standard for Project Management, 2021, Seventh Edition. 3 Project Management

Principles – 3.10 Optimize Risks Responses, p. 53

[7] PMI The Standard for Risk Management in Portfolios, Programs, and Projects, 2019.

[8] IEC 31010:2019, Risk management - Risk assessment techniques, 2019, Edition 2.

[9] Real Academia Española, Diccionario de la Lengua Española. Available: https://dle.rae.es [Accessed June 5, 2024].

[10] American Society for Quality (ASQ), Cost of Quality. Available: https://asq.org/quality-resources/cost-of-quality

[Accessed June 5, 2024].

[11] Besterfield, D. Quality Control, 2001, Sixth Edition. Prentice Hall

[12] Besterfield, D. Total Quality Control, 2003, Third Edition. Prentice Hall

[13] Oxford University, Oxford English Dictionary. Available: https://www.oed.com/.

[Accessed June 5, 2024].

[14] ISO Online browsing platform. Available https://www.iso.org/obp/ui, from ISO 21500:2021. [Accessed June 5,

2024].

[15] IEC 60812:2018, Failure modes and effects analysis (FMEA and FMECA), 2018, Edition 3.0.

D. Alentorn

Memoria Investigaciones en Ingeniería, núm. 26 (2024). pp. 265-274

https://doi.org/10.36561/ING.26.16

ISSN 2301-1092 • ISSN (en línea) 2301-1106 – Universidad de Montevideo, Uruguay 274

Nota contribución de los autores:

1. Concepción y diseño del estudio

2. Adquisición de datos

3. Análisis de datos

4. Discusión de los resultados

5. Redacción del manuscrito

6. Aprobación de la versión final del manuscrito

DA ha contribuido en: 1, 2, 3, 4, 5 y 6.

Nota de aceptación: Este artículo fue aprobado por los editores de la revista Dr. Rafael Sotelo y Mag. Ing. Fernando

A. Hernández Gobertti.