Risk Management - To what extent is Risk Management required by AS9100?

P

pearson114

Good morning folks!

I'm currently sprucing up my draft risk management procedure and preparing some FMEAs as part of our process to support risk management (audit for AS9100C in May).

During my FMEA prep, I've often found myself wondering, just how far do I take this? I'm trying to identify each and every possible risk for each process throughout our company, and such things as infrastructure (power cuts / fire / theft etc).

Do I really need to include such things as 'supplier transport catches fire on route to site destroying supplies' or 'Manager wins lottery and leaves with immediate effect', as examples. If you think hard enough there are potentially a million different events that could potentially happen for each process - and I'm not sure where to draw the line.

I want to be thorough, but at the same time I don't have days/weeks/months to spend on this one item.

Any help/advice would be greatly appreciated.

Thanks,
Mark
 
Q

qusys

Trusted Information Resource
The criteria to decide could be if the risk of a potential failure is or not under your control in terms of prevention and/or mitigation.
The things that you have mentioned could be more linked to contingency plans, in term of how your organization is able to assure the business continuity. To say this I am thinking about to some natural events like earthquake, floods , epidemy and staff like that.:bigwave:
 
J

Joy

pearson114 said:
Good morning folks!

Do I really need to include such things as 'supplier transport catches fire on route to site destroying supplies' or 'Manager wins lottery and leaves with immediate effect', as examples. If you think hard enough there are potentially a million different events that could potentially happen for each process - and I'm not sure where to draw the line.

Mark
Click to expand...

Only a dead lives in a risk free world:)
 
Richard Regalado

Richard Regalado

Trusted Information Resource
qusys said:
The criteria to decide could be if the risk of a potential failure is or not under your control in terms of prevention and/or mitigation.
The things that you have mentioned could be more linked to contingency plans, in term of how your organization is able to assure the business continuity. To say this I am thinking about to some natural events like earthquake, floods , epidemy and staff like that.:bigwave:
Click to expand...

One of the things mentioned - "manager winning the lottery and leaving with immediate effect" - is under an organization's risk landscape. Impact of resigning employees can be mitigated through simple activities such as:

1. having a cross-functional training programme
2. delegating an understudy for personnel performing key tasks
3. manpower pooling
4. documenting processes

Impacts will be felt but they will be lighter for the organization.

IMHO you need not state every reason (e.g. Manager winning the lottery, Supervisor getting hit by lightning, CEO going to jail, etc.). You may state as a potential failure "Manufacturing manager leaving the company" or "Delayed delivery of product X".
 
G

GrosChat

pearson114 said:
Good morning folks!

I'm currently sprucing up my draft risk management procedure and preparing some FMEAs as part of our process to support risk management (audit for AS9100C in May). <snip>
Click to expand...

Hello Mark,

I was in the same situation last year when our Quality Consultant asked me to insert some risk management, risk mitigation, etc.in our quality documentation!

I made a few amendments to our Quality Manual and Procedures and we passed the audit (AS9100, revision C) without a problem. The auditor was actually quite pleased with it! :)

I've added 3 appendices to QAP 04 "Contract Review" (see attached files below).
I also updated all our Risk Assessments and made them more specific to each area of our shopfloor (we are a precision engineering manufacturer).
I also amended some sections of the Quality Manual to emphasise the fact that we were always evaluating risks!

I hope this help :)
 

Attachments

  • Appendix I QAP 04 - Enquiry Process.doc
    86 KB · Views: 543
  • Appendix II QAP 04 - Order Receipt Process.doc
    87.5 KB · Views: 513
  • Appendix III QAP 04 - Risk Management.pdf
    416.9 KB · Views: 1,208
P

pldey42

I think you might identify classes of risk, perhaps, instead of enumerating every possible risk. As Richard hinted, perhaps "late delivery of supplies" which would cover a truck catching fire and other things; or "sudden loss of key people" which might cover someone winning the lottery, or getting run over by a truck on fire and out of control!

If I understand it correctly, AS 9100 requires management of risks to product and to process. I imagine the answer to "how far do I take it?" might be something like, "Would you fly on a plane fitted with your product?" and "If it's delivered late, and if penalty clauses are invoked, can you demonstrate that risk management was reasonable enough protect your job?"
 
R

rickpaul01

Involved in HankyPanky
pearson114 said:
Good morning folks!

I'm currently sprucing up my draft risk management procedure and preparing some FMEAs as part of our process to support risk management (audit for AS9100C in May).

During my FMEA prep, I've often found myself wondering, just how far do I take this? I'm trying to identify each and every possible risk for each process throughout our company, and such things as infastructure (power cuts / fire / theft etc).

Do I really need to include such things as 'supplier transport catches fire on route to site destroying supplies' or 'Manager wins lottery and leaves with immediate effect', as examples. If you think hard enough there are potentially a million different events that could potentially happen for each process - and I'm not sure where to draw the line.

I want to be thorough, but at the same time I don't have days/weeks/months to spend on this one item.

Any help/advice would be greatly appreciated.

Thanks,
Mark
Click to expand...

I establish an “acceptable” risk level first, anything less “risky” I just ignore. Sometimes it bites me in the you-know-what, but that’s life.
 
G

gbcqc

Please help,

I have a question about the risk AS9100 Rev. C 7.1.2 C). Identification, assessment and communication of risks throughout product realization,

Our Procedure includes that the RPN is stamped on the Process sheet. The RPN is scored 1-5 with 1 very low and 5 flight critical. Now we have a new employee that says we can flow down to the floor by training them that management will make the decisions on risk and midigate any risk so they can just build the parts to the MPS. This is not what my understanding or mis-understanding was in the trainings I sat through. And the president like this and says now the new procedure meets the standard and he is happy with it.

Is this correct or will this cause a problem at our next audit.

Thanks for any help.

Greg
 
Last edited by a moderator:
B

Big Jim

Admin
gbcqc said:
Please help,

I have a question about the risk AS9100 Rev. C 7.1.2 C). Identification, assessment and communication of risks throughout product realization,

Our Procedure includes that the RPN is stamped on the Process sheet. The RPN is scored 1-5 with 1 very low and 5 flight critical. Now we have a new employee that says we can flow down to the floor by training them that management will make the decisions on risk and midigate any risk so they can just build the parts to the MPS. This is not what my understanding or mis-understanding was in the trainings I sat through. And the president like this and says now the new procedure meets the standard and he is happy with it.

Is this correct or will this cause a problem at our next audit.

Thanks for any help.

Greg
Click to expand...

I'm not sure I completely understand just what you are doing, but if I read it correctly, risk is identified and assessed before production planning. Production planning includes flowing down how the risk is addressed in the form of instructions on you production documents. The workers then follow those instructions.

If that is what you are doing, I don't see a problem.

I'm aware that many training classes teach that a full blown FEMA is required to meet 7.1.2, and I agree it could be done that way, but I don't see it as a requirement. If that is how you were trained, it is time to take the blinders off, read the standard for yourself, and realize that there is more than one way to skin that cat. Step away and put down the glass of FEMA Cool-Aid.
 
G

gbcqc

Originally that is what we were doing, flowing down the risk to the floor.

Now the new re-write is to tell the floor employees that they have no risk to worry about, it is all taken care of at the quote stage. Just to build the parts.

My stance was that there are always some risk.

Thanks
 
You must log in or register to reply here.

Similar threads

C
AS9100 Rev D 8.1.1 & APQP - Operational risk management process
Replies
3
Views
4K
FuzzyQual
F
T
How do you define your Hazards? <a Risk Management discussion>
2
Replies
16
Views
4K
Bill Hansen
Bill Hansen
J
3 Questions about Management Review - ISO 9001 and IATF 16949
Replies
4
Views
7K
AMIT BALLAL
A
K
Understanding Risk Management Requirements according to AS9100
2
Replies
11
Views
7K
kmalysiak
K
A
Lean and ERP software
Replies
0
Views
693
Andy Pratico
A
Top Bottom