Risk Management Compliance - Implementing AS9100:2009

[Randy]

Yeah...We only "think" risk management is new because it has a proper name, but it fact we use it one way or another in all aspects of our lives.

 

[John Graham]

Hello Sidney,

I was just finishing the upgrades to my business management system and saw the discussion about Risk Management. I purchased a copy of the ISO 31000 FDIS and spent considerable time going over it. I have to agree with you that it is extreamly broad in nature and overkill for most contract manufacturers. However, it does serve to help give some direction to developing a risk management program that will fit this group of companies.

Since you posted this comment earlly this year, have you had a chance to review the ISO 31000 standard or the ARP for managing supply chain risk?

Regards,

John

 

[Sidney Vianna]

Since you posted this comment earlly this year, have you had a chance to review the ISO 31000 standard or the ARP for managing supply chain risk?

Hi John, glad to see you here.

Yes. And I still think that ISO 31000 is way too broad for what AS9100 rev. C aims at and the ARP 9134 focuses on supplier risks.

If we had an aviation, space & defense equivalent to ISO 14971 for medical devices, it would be an elegant solution, in my opinion. I am still very concerned with the possibility of the IAQG not clearly defining the expectations for risk management in the A,S&D supply chain, and I dread the scenario when a CB auditor "mandates" the same sophisticated risk management protocols that would apply to a NASA tier one supplier, to a small, build-to-print machine shop.

I hope the upcoming IAQG sanctioned training package that will be used to "qualify" all CB auditors for 9100 Rev. C sets proper guidance for this aspect of the standard.

I would be interested to know what the people who already developed material for AS9100 Rev. C are telling their customers about that paragraph.

 

[John Graham]

Hello Sidney,

Thanks for your feedback. I share your concerns with the auditor training on risk management. The topic of the our next AS9100 Users Group Meeting is Risk Management. I will let you know if anything interesting comes out of that discussion next week. Also I will see if Alan from Boeing can join us and explain the proposed training for this subject.

Regards,

John

 

[Koala]

John,
I look forward to hearing about your Users Group Meeting (if anything is of interest).
Thank you,
Koala.

 

[Frank T.]

IMO, the NASA document (NPR 8000.4A) contains some useful information, it can be found here.

I have also attached a copy of it.

 

[John Graham]

We had about 12 people in the AS9100 Users Group Meeting representing small to medium sized suppliers. After reviewing the requirements in AS9100 we reviewed ISO 31000. A sample flowcharted procedure was used to review how ISO 31000 could be used for small and medium suppliers.

The general concensus of the group was that ISO 31000 could be used as a guideline for developing a risk management process but it must be carefully tailored to the company size and product type.

Attached is the meeting agenda with notes from the meeting.

 

[Koala]

Thank you John for your meeting notes.
Koala.

 

[Q4Aero]

Hello Sidney/ John - it is good to have you both in the fray. One of the open posts, "The Evolution of Risk Management: Just Do It" by John Shortreed at 2008 International Risk Management Conference in Toronto is that the Standard is Not Certifiable, and along with definitions currently in ISO Guide 73, provides a format for assessing and managing the effect of uncertainty on objectives, aka planned arrangements.
Business owners and managers practice risk analysis on a daily basis and the question is, or will be, how will clients demonstrate a structured model in sufficient detail to satisfy a registrar without creating unworkable layers and processes?
The actual process of quantification while subjective is relatively straight forward, actually quite similar to FMEA and self assessment for ISO 14001.
Viewed from the Customer, small and build-to-print shops are key supply links in a Lean - reduced inventory, dock-to-stock scenario who should generally limit their focus to the risk of failing to deliver or that of delivering incorrect or nonconforming product. This likely leads to assessing supplier risks and internal processes; and it could address business continuance issues such as disaster recovery and financial stability as well as labor and staffing.
Large organization, particularly those who include design, must expand the scope and their task is a good deal more robust.
Hopefully the AS9104 and AS9101 committees get the message and provide appropriate guidance for suppliers and registrars.
Chuck Doland

 

[Sidney Vianna]

Business owners and managers practice risk analysis on a daily basis and the question is, or will be, how will clients demonstrate a structured model in sufficient detail to satisfy a registrar without creating unworkable layers and processes?

Excellent way of phrasing it, Chuck. As I have been saying for a while, now, it is CRITICAL that the IAQG makes it very clear what the expectations are for implementers and auditors, as part of the 9101C roll out process. Otherwise, we will end up with extreme disparity on the range of acceptable solutions for the risk management challenge.

Please note that some of the additional 9100C deployment material*, recently posted at the IAQG website contains reference to risk management expectations.

While I agree with you that business owners and managers practice risk management on a daily basis, some do a lousy job of it. So, we need to remember that risk management will also be subjected to an assessment in terms of effectiveness, as part of the 9101D methodology.

*

Deployment Support Materials

• 9100 - Quality Managmenet Systems: Aviation, Space and Defense Organizations'
  • 9100 Press Release
  • Changes Presentation
  • FAQ
  • Clarifications (coming soon)
  • 9100 Changes and Rationale
  • Article "Revised AS&D Standards Take Flight"
    (Reprinted with permission from Quality Progress
    ©2009 American Society for Quality
    No further distribution allowed without permission)