What ISO audit data reveals about risk and opportunity management

Effective risk management starts with good planning, but for many organisations, this remains one of the weakest links in their management systems.

According to recent insights from DNV’s Lumina database, which aggregates findings from more than 25,000 companies and 250,000 audit results globally, over half of all organisations audited between 2023 and 2025 received non-conformities related to Chapter 6 of ISO 9001 - the Planning chapter.

The findings reveal that many organisations still struggle to turn their intentions into systematic, measurable action.

A common challenge, turning plans into action

Within Chapter 6, the single most frequent issue identified was Clause 6.1 – Actions to address risks and opportunities, representing 35.4% of all planning-related findings.

This means that even though most companies recognise the need to identify risks and opportunities, they often lack the structure or follow-up mechanisms to manage them effectively.

The next most common area of concern was Quality objectives and planning to achieve them (28.8%), followed by Planning of changes (6.1%) and general planning processes (1%). Together, these figures paint a clear picture: many organisations find it easier to define risks than to plan how to address them in a consistent, auditable way.

Why this matters

Clause 6 of ISO 9001 is not just about compliance, it’s about direction and control. It requires organisations to plan how risks and opportunities will be addressed to achieve intended outcomes, prevent or reduce undesired effects, and drive continual improvement.

When this process is weak, it often reflects a deeper issue: fragmented information, unclear ownership of actions, and limited visibility for top management.

The result is a gap between awareness and action, plans that exist on paper but are not systematically followed up.

What the data tells us

The fact that Clause 6.1 findings are the second most common non-conformity across all ISO 9001 audits highlights a widespread need for better tools and methods.

Organisations often rely on static spreadsheets or disconnected risk registers, making it difficult to track the lifecycle of a risk from identification to mitigation. Without clear linkage between risks, actions, and responsible owners, it becomes harder to demonstrate effectiveness during audits - and even harder to sustain improvement over time.

Insights from Lumina make these challenges visible across industries, showing where planning processes most often fall short. They also help organisations benchmark their performance against global data to identify improvement areas.

Bridging the gap

Closing this planning gap requires both process clarity and digital capability. A structured approach ensures that risks and opportunities are not only identified but also translated into concrete, accountable actions that can be monitored and reviewed.

Digital solutions such as Synergi Life MyRisks can support this transition by providing a single place to record risks, plan actions, and monitor progress. By linking risks directly to improvement measures and responsibilities, such tools help create the traceability and accountability auditors look for, while also strengthening day-to-day decision-making.

Moving forward

The Lumina findings remind us that strong planning is at the heart of effective management systems. Strengthening how organisations identify and act on risks and opportunities is not only about avoiding non-conformities, but it’s about building resilience and enabling continuous improvement.

For organisations seeking to move from audit findings to measurable improvement, combining data-driven insight from tools like Lumina with digital execution through platforms such as MyRisks offers a practical way forward - turning one of the most common weaknesses into a long-term strength.

Discover how Synergi Life My Risk can support your organisation

Enable proactive risk management with Synergi Life My Risks. Achieve ISO compliance, improve management system performance, and drive informed decisions.