Article 5 # 2'2022

© Mikhailo Bezrodnyi, Head of Quality Management and Management System Certification Department, e-mail:, ORCID: 0000-0002-9005-5624
© Ganna Shevchuk, lead engineer, ORCID: 0000-0002-9253-4119, e-mail:
SE “State Road Transport Research Institute”

Evaluation and minimization of risks associated with the certification bodies activities by using measurable indicators
DOI: 10.33868/0365-8392-2022-2-270-34-39

Abstract. Approaches for determination, analyzing, evaluating and identifying risks associated with the activities of certification bodies for products, services, processes and management systems are described. The risks that arise from certification activities are covered in particular the risks related to conflict of interests.
Risk management involves using certain methods in order to:
– identify sources of information for identifying, analyzing, evaluating and treating risk;
– monitor and analyze risks;
– properly report and document results.
Methods used in risk analysis can be qualitative, semi-quantitative and quantitative.
During risk assessment, quantitatively assessed risk levels are compared with previously defined criteria. Based on the results of the risk assessment, decisions are made on further actions, in particular, on the need for risk treating or the absence of such a need.
Risk management means the process of modifying risk, which may include, in particular, avoiding risk, taking risk in order to pursue an opportunity, removing the risk source, reducing the likelihood of risk, reducing of consequences, sharing the risk with another party or parties, retaining the risk by informed decision.
During the monitoring, risk-related data are identified and collected. Then they analyze risks again for evaluating the effectiveness of their control risk applied to update the results of the previous risk analysis.
SE “State Road Transport Research Institute” has developed a risk management process to identify on an ongoing basis, analyze and evaluate risks in its activities as a conformity assessment body. The results of the analysis and assessment such of risks were documented in the relevant risk matrix with binary assessment of the level risk identified. The disadvantage of this approach to risk assessment is that it does not allow to really evaluate the effectiveness (efficiency) of the control risk applied.
Since 2018 the Institute applies new methodology or risk evaluation by using measurable indicators. It reduces the probability of their occurrence and provides an opportunity to realistically evaluate the effectiveness (effectiveness) of the control risk applied, including actions proposed/implemented to minimize/eliminate risks or consequence.
Keywords: risk, risk management process, risk identification, risk analysis, risk evaluation, risk treatment, risk matrix, impartiality, certification body, management system, quality management system.

1. Gutarevich Serhiy, Bezrodnyi Mikhailo. (2011). Risk management in a Certification Body activity. Avtoshlyahovik Ukrayiny, 4, 7-9.
2. International Organization for Standardization. (2012). ISO/IEC 17065:2012 Conformity assessment. Requirements for bodies certifying products, processes and services. Retrieved from
3. International Organization for Standardization. (2015). ISO/IEC 17021-1:2015 Conformity assessment. Requirements for bodies providing audit and certification of management systems. Part 1. Requirements. Retrieved from
4. International Organization for Standardization. (2009). ISO Guide 73:2009 Risk management. Vocabulary. Retrieved from
5. International Standard. (2019). IEC 31010:2019 Risk management. Risk assessment techniques. Retrieved from
6. International Organization for Standardization. (2018). ISO 31000:2018 Risk management. Guidelines. Retrieved from
7. National Standards of Ukraine (2015). ДСТУ ISO 9001:2015 (ISO 9001:2015, IDT) Quality management systems. Requirements. Retrieved from