How do you see the "Risk Analysis" issue in the ISO 9001 context?

[Henriqued]

How do you see the "Risk Analysis" issue in the ISO 9001 context?

In Quality ISO related discussions with the client, when it comes to defining the business processes, I am noticing that the risk analysis (e.g., risk assessment, risk management and policy relating to risk) is one of the matters that the customer identifies as being of importance.

Therefore, it appears to be appropriate, in most cases, to include it as a process or at least a sub process of the core business processes.
But, in this case, what could be the inputs, outputs, objectives, and indicators of this process?

As anyone dealt with this matter and how do you consider the inclusion (or not) of risk analysis within the concept and implementation of the QMS in a service company, let's say, a building/infrastructure construction/maintenance company or a consulting services company?

Your views would be most wellcomed.
Thanks in advance,
Henrique

 

[Andrej]

Enrique,


The risk analysis has a basic purpose to answer four questions:

What can go wrong?
What is the probability of that to happen?
What are the consequences?
How to avoid or minimize the probability that things can go wrong?

The closest to this are requirements for preventive actions. In ISO 9001:2000 - 8.5.3 Preventive action requirements are:

a) determining potential nonconformities and their causes, (Determine what can go wrong?)

b) evaluating the need for action to prevent occurrence of nonconformities, (Determine the probability that something can go wrong and evaluate the consequences.)

c) determining and implementing action needed, (Carry out actions to avoid probability that things can go wrong.)

d) records of results of action taken (see 4.2.4), and

e) reviewing preventive action taken.

Each process is comprised of one or more consecutive steps. For each step there is probability that something can go wrong. Performing PFMEA (not just for production but for any process) or HACCP (in food or pharmaceutical related industry) analysis will be sufficient. Therefore there is no need for additional process in QMS.

Regards,

Andrej

 

[JodiB]

Maybe I'm off track, but are you referring to the type of risk analysis that may take place for each individual job? For meeting the terms of each contract? Like, for this job what can go wrong and what would be the financial and scheduling implications if it were to happen?

I agree that it is a function similar to a generic Preventive Action program for the business, but it is also a vital part of the commercial process and is addressed early on in proposal generation and contract review. In my mind's eye, I see you showing a Preventive Action process that describes your principles of action, and shows these initial risk analysis being fed into the larger PA cycle. It is a component of your PA, but is not the entire PA. I also see it as part of the original bid process where it originates and then is spun off to the PA process.

Make sense?

 

[Henriqued]

Risk analysis into QMS

Lucinda and Andrej,

The purpose of this issue, as I said, is to discuss the different ways of dealing with the issue of “Risk Analysis” into the scope of the QMS.
In this sense, I welcome your comments and think that you are both right.

In short, it appears that what could be advised to a company implementing a QMS is a risk analysis associated with each key-process, to be dealt with by the process owner in terms of identification of possible risks and taking the considered appropriate preventive measures.
The business commercial process, being one of the key processes, may well suffer the same approach.

On the other hand, the idea of feeding the risk analysis in the PA process/procedure as one of its components appears to be also a good one.

Thank you for your views on this thread.
Best regards,
Henrique

 

[M Greenaway]

FMEA in other words ??

 

[Andrej]

FMEA is one of possible tool for risk prediction and evaluation. There are other interesting tools available. One of them is Anticipatory failure determination.

AFD™ is a method that is a disciplined, rigorous process by which the user can:
- thoroughly analyze given failure mechanisms
- obtain an exhaustive set of potential failure "scenarios"
- develop "inventive" solutions to prevent, counteract, or minimize the impact of the failure scenarios

What is the difference between AFD™ and other conventional failure prevention techniques?

The principle difference between AFD™ and conventional techniques such as Failure Mode and Effects Analysis and Hazard and Operability Analysis is the perspective from which potential failures are determined.

See http://www.triz-journal.com/archives/1999/10/a/index.htm for details.

Regards,

Andrej

 

[Manoj Mathur]

In TS 16949:2002 The risk analysis is clearly mentioned while In ISO 9001:2000 it is not very exclusively covered.

According to ISO/TS 16949:2002 Clause 7.2.2.2, “The organization shall investigate, confirm and document the manufacturing feasibility of the proposed products in the contract review process, including risk analysis” During Risk analysis we need to formulate the risk associated with Organisation's nonconformity to customer specification may be time schedule or any rejection including field failure. Organisation must find out commercial liability in case of non-compliances.

There was a good leangth discussion by TUV auditors while TS 16949:2002 auditing while doing auditing of Contract Review.