AS9100C Risk Management Procedure Example

[bsathyanarayanarao]

Re: AS9100C Risk Management Procedure Example wanted

I was so excited to see someone had the same question I did about a Risk Management procedure - but deflated when I did not have access to the reply. I just had my Stage 1 audit for AS9100 Rev C and that was one of the areas I fell short (and Configuration Management but there is a lot of info I have obtained in my search). Can someone help me with a generic procedure or flowchart for Risk Management?

Dear Sir,

Please sent whatever you have the documentation, data, procedure related to 9100 Rev. "c". for this I will be thankful to you for ever.

Thanking you in anticipation.
B.S. Rao

 

[m.andito]

Hello, I am Andito from Indonesia (Engine Maintenance, Aviation). I'd like to ask about Risk Management.

After getting preliminary assessment for AS9110, the auditor still come with this finding: [FONT=&quot]The Key document (KMR KB01-009 Risk Management Review) is still in Indonesian and needs to be redrafted to highlight in English how the process is managed. This document is managed by the company for overall to the company. However, a concern is the Roles & Responsibilities for Risk Management for Engine Maintenance has yet to be defined.
[/FONT][FONT=&quot]

[/FONT]About the language, agreed. Probably we shall translate it to the English. Regarding to the concern, what about if our company structure is like this?

__________ (Father Company) __________
| | |
Line Maintenance Base Maintenance Engine Maintenance



We already have Risk Management system in placed in the father company. We already explain to the auditor that the Risk Management is controlled by Father Company. And all the managers in Engine Maintenance already create and control the Risk Assessment in their area.
example:
01 Risk Assessment Assy-Disassy
02 Risk Assessment Material Planning
03 Risk Assessment Welding
04 Risk Assessment Thermal Spray
05 Risk Assessment Form Test Cell
06 Risk Assessment Marketing Sales
07 Risk Assessment Warehouse
08 Risk Assessment Planning Engineering
09 Risk Assessment NDT
10 Risk Assessment Bench Inspection
11 Risk Assessment Engine APU Field Engineer
12 Risk Assessment Purchasing
13 Risk Assessment Part Repair Production Control
14 Risk Assessment Tool Crib
15 Risk Assessment Engine - APU PPC
16 Risk Assessment Forecasting and Scheduling

Herewith I attach the sample of our Risk Assessment (Purchasing)

How to deal with this? Do you have suggestions? Thanks



[FONT=&quot] [/FONT]

 

[Jimtop]

]Hello, I am also somewhat new to AS9100. Our customers have required us to upgrade from ISO 9001:2008. We are a small company 6 people. Any help with risk assessment procedure or flow chart would be appreciated. We do assembly no design.

 

[Big Jim]

]Hello, I am also somewhat new to AS9100. Our customers have required us to upgrade from ISO 9001:2008. We are a small company 6 people. Any help with risk assessment procedure or flow chart would be appreciated. We do assembly no design.

ISO 9001:2008 does not have a requirement for addressing risk. AS9011C does.

 

[m.andito]

]Hello, I am also somewhat new to AS9100. Our customers have required us to upgrade from ISO 9001:2008. We are a small company 6 people. Any help with risk assessment procedure or flow chart would be appreciated. We do assembly no design.

ISO 9001:2008 does not have a requirement for addressing risk. AS9011C does.

@BigJim: I think, Jimtop will upgrade from ISO 9001:2008 to AS9100. That's why his company need risk assessment

@Jimtop: Regarding AS9100 procedures, you can search it in google with keyword risk assessment procedures.

www(dot)dit(dot)ie/media/healthandsafety/documents/Risk%20Assessment%20Procedure.pdf
www(dot)hse(dot)gov(dot)uk/pubns/indg163.pdf
www(dot)docstoc(dot)com/docs/9078239/PROCEDURE-ON-COMPETION-OF-RISK-ASSESSMENT-FORMS

change (dot) with .

or any other web address that have risk assessment on it.

Based on our experience, the auditor will ask:
1. Show me your procedure
2. When you have a client, do you create risk assessment for each? (plus few question: when you have supplier, do you create risk assessment for them? Risk at assembly-disassembly process; man power capacity, overtime work, light, noise, etc)
3. How to mitigate the risk?
4. How do you know that your risk assessment is effective?

Oh yeah, and we still have a concern (not NCR) regarding: how you make sure that your risk assessment is effective. We shall fix that one

*sorry for my bad English -not native speaker-
I hope you understand

 

[Jimtop]

We are now ISO 9001:2008. Upgrading to AS9100.

 

[rreplayy]

Re: AS9100C Risk Management Procedure Example wanted

Hello, Could you help me, as9100 Risk Assesment problem,
I am really in bad situation because of our audit?
Can anyone send me an extra as9100 document?
I appreciate for your help.

 

[Doug]

Re: AS9100C Risk Management Procedure Example wanted

If your QMS is mature, you should have a good idea of the risk associated with various process/activities within your organization. A good example is OTD, on-time delivery, which you should already be tracking.

I use a simplified PFMEA to assess each of my risk. What failure modes effect on-time delivery? They could be material arriving late from a customer, bad weather, an inaccurate sales quote, process capability failure, etc. Then I create an action plan for those risk that are within my power to mitigate. Thse items then need to be tracked for compliance to my action plan.

Best of luck,
Doug

 

[Buckyb]

The concern for needing a procedure is not required by AS9100C. Currently only six procedures are required for compliance: control of documents; records; internal audit; control of nonconforming product; corrective and preventive action. The Standard states that risk is a "process" under 7.1 and that "the organization shall establish, implement and maintain a process". How the process is managed is up to the organization as long as 7.1.2 is satisfied as well as the requirements in 7.2.2e.

 

[Mike_H]

The concern for needing a procedure is not required by AS9100C. Currently only six procedures are required for compliance: control of documents; records; internal audit; control of nonconforming product; corrective and preventive action. The Standard states that risk is a "process" under 7.1 and that "the organization shall establish, implement and maintain a process". How the process is managed is up to the organization as long as 7.1.2 is satisfied as well as the requirements in 7.2.2e.

I agree 100%, but often *procedure* gets confused with *process* in questioning, lost in the translation possibly. When that happens, I'm guessing people want to read through the documented process (aka procedure) to help visualize it somewhat.

If you can demonstrate you are able to consistently meet all requirements with your undocumented process that runs like clockwork and everyone understands ---> no procedure.
If you want to establish more control because you think it's of benefit and there are indications people are departing from it, or some confusion over the tools to use etc...(if you're "herding cats") ---> document your process and whether you call it a procedure of simply your flowchart that's your call.