According to a seminar I attended with QMI-SAI Global, they are:
1. Risk management is not implemented across process, contracts, supply chain, planning, production etc.
2. There are no defined risk management tools or methodologies in place.
3. Lack of mitigation plans and review of actions.
4. Lack of risk management for critical items.
These are based on the first six months of the AS9100C audits they conducted.
Hope that helps.