2669 2669 A REVIEW OF OPERATIONAL RISK MANAGEMENT DECISION SUPPORT TOOL Hood Atan Lead Auditor/Principal Consultant Exergy Management Consultant PLT, Malaysia hood.atan@yahoo.com Edly F. Ramly Certification Director EFR Certification Sdn Bhd, Malaysia e.ramly@efrcertification Musli Mohammad, Mohd Shahir Yahya Department of Manufacturing and Industrial Engineering, Faculty of Mechanical and Manufacturing Engineering, Universiti Tun Hussein Onn Malaysia (UTHM), Batu Pahat, Johor mmusli@uthm.edu.my , shahir@uthm.edu.my Abstract The new requirements of ISO 9001: 2015 quality management system standard clause 0.3.3 required the organization to implement a risk based thinking for achieving an affective quality management system. The definition of risk as stated in the standard is “the effect of uncertainty’ which could be positive or negative. Thus, ISO 9001 certified organization requires to demonstrate objective evidence of the implementation of risk based thinking such risk analysis and risk mitigation plan not only to satisfy the need of ISO 9001:2015 standard, but also widely accepted that organization requires risk management activities to stay competitive. However, there many initiative, tools and approach for the operational risk management activities have been subjected to little research and are not well understood. This paper reviewed and discussed the available literatures on operational risk management decision support tools. Based on an extensive literature review, the issues relevant to operational risk management support tools are examined, and discussed the several issues to identify the decision support tools to satisfy the intended requirements of the ISO 9001:2015 standard. Keywords: ISO 9001:2015, Risk Management, Risk Assessment, Risk Analysis, Decision support tools, 1. INTRODUCTION The latest updates to the ISO 9001: 2015 (Technical Committee ISO/TC176, 2015a) Quality management system standard are not all about the requirements. Although they establish the framework to enable the organization to map their business process, the standard outlines a different approach in how such organization should satisfy requirements. ISO 9001:2015 includes a component of risk-based thinking, and it involves the people and leaders within the organization. The standard does not include a specific requirement for a quality management representative, or even a quality manual. Instead, ISO 9001:2015 focuses on a companywide commitment to quality that is championed and brought about by leaders. (Wilson & Campbell, 2016) Managing risks is a strategic challenge for organizations, which must face threats increasingly complex and diverse. Introduced in 2009, the ISO 31000 standard is intended to help organizations to manage in a systematic and comprehensive manner diverse types of risk by offering a universal framework ‘to assist the organization to