Over the last couple of weeks I've been discussing why you need to understand the context of your organization (COTO): this means the collection of people who want things from you (your interested parties), the things they want (their requirements and expectations), and any external issues that might affect your ability to get your work done (war, famine, pestilence, zoning regulations, or anything else).
And it would be fair for you to ask, "What's the big deal? Don't we already know this stuff? If I don't know what licenses and permits I need, I'm not going to stay in business long. If I don't know what my customers want, I won't have any. Isn't the simple fact that I have customers and I've kept my doors open proof that all this stuff is covered? Why do I need anything more?"As I say, it's a fair question, and the answer depends on what you are trying to do. If your only purpose is to set up a Quality Management System so that you can get control of your business, you can afford to leave the COTO analysis for later. One day it will be useful, in identifying a list of business risks or in clarifying the exact scope of your system. But those aren't urgent needs. If all you want is to get control of your operations, then yes, the fact that your doors are still open is pretty good evidence prima facie that you can save this topic for later.
But if you are trying to get or keep ISO 9001 certification, then you have to remember that all these topics are now auditable. While the actual documentation requirements are (as I noted earlier) embarrassingly thin, you have to convince an auditor that you know who your interested parties are, what they want out of you, and all the rest of it. It helps to have something in writing. This requirement was introduced in the 2015 edition of the ISO 9001 standard, and when it came out I went to the General Manager of the organization where I worked at the time.
"Do you have what you need to be able to answer questions about these things?"
"Well I know what the answers are, but I don't know how I could prove it. The evidence is probably scattered through a dozen emails, some meeting minutes, and maybe a few Post-It notes that I scribbled during phone calls."
So he and I worked with the rest of the management team to set up a way that we could capture evidence of what we were already doing. I had to call a couple of brainstorming meetings to get everyone in the room at the same time. (My budget that year had several entries for pizza.) But the overall impact to the organization was much lower—and the level of acceptance by the organization was far higher—than either would have been if I had announced "There's a brand-new requirement in the ISO standard and we have to start complying with it!"
Yes, in a sense you more or less already know most of your COTO intuitively. But when you have a chance, take a little time to work through it systematically to cross-check what you think you already know. When we went through the exercise (along with all that pizza) we found that we had already covered most of our stakeholder expectations—all but one. And after we looked around the room in shock for a minute trying to figure out how we had missed it, one of the team offered, "Let me take that one. It's the kind of thing I like to do, and it fits in with the rest of what I'm doing anyway." Perfect.