Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site)

#1
I am over a warehouse operation that serves as a remote site to several manufacturing locations. We recently received a NCR for clause 6.1.1. The auditor stated on the report "The process for risk assessment for interested parties is not fully effective. There was no objective evidence that a risk analysis was performed for interested parties". We have a PFMEA (fairly detailed from order paperwork thru order pulling and staging), process maps with risks noted, contingency plan...not really sure what the expectation is here. We technically only have two processes: warehousing and production control. Has anyone else had this same NCR?
 

pziemlewicz

Involved In Discussions
#2
Have you done a context of the organization (COTO) exercise that identified your interested parties? Do they include supplier, customer, OEM, consumer, and regulatory authorities?

Usually PFMEA only addresses process risks within your facility, and not up/down the supply chain. While it's a piece of the requirement, it isn't the whole thing. This AIAG presentation might help:
https://aama.memberclicks.net/assets/docs/risk based thinking in iatf 16949.pdf
 
#3
Pziemlewicz...thank you for the reply. I have been looking into it but can't seem to find where we, as a company, did one. I have been here a short time while the company is roughly 70 years old. I can recreate one but our QMS is massive and I thought (incorrectly obviously) that it had everything mostly covered. Our scope is clear, our management review covers every KPI you can think of (all of which are listed in the QMS), and risks analysis both internal and external are listed in the process maps. I'm confused why the auditor wrote it for interested parties and specifically called out our employees verbally. We list labor shortages for weather, sickness, etc in the contingency plan. I will continue to look into the COTO. Again, I appreciate your response. I am fairly new to elsmar and will be an active participant. If you think of anything else, please let me know.
 

pziemlewicz

Involved In Discussions
#4
Pziemlewicz...thank you for the reply. I have been looking into it but can't seem to find where we, as a company, did one. I have been here a short time while the company is roughly 70 years old.
COTO and organizational risk didn't appear until the 2015 version of ISO. The company likely missed it when upgrading, but I'm surprised their auditor didn't write it up then.
 
Last edited:
#5
My plan is to include a "needs and expectations of interested parties" section within the QMS which will include the language "issues are determined through an analysis of risks facing (our company)" and define that those are identified within the annual planning documents and Process Maps. Probably complete a SWOT or similar (COTO) as a backup document (hopefully management will at least assist). I'm hoping this will satisfy the auditor. I will post in a few weeks what the result is. Any thoughts on this path?
 
Top Bottom