Risk Based Internal Audit Management in PHP

This article discusses aspects of the new thinking founded on a risk-based ISO 9001:2015. It is noted that risk-based thinking is an effective tool for creating, auditing and improving quality management systems. Shows several practical examples of the implementation of the risk management process for the phase “Plan” PDCA-cycle, proposed a new model of the ISM, which contains all the basic entity for performance audits (criteria, object, audit observation) and allows to generate the level of security assessment. Additionally an approach is presented to determine the characteristics of technological devices for the healthcare industry.