Risk Management during Contract Review

[SBraddyQMR]

Hi there! This is only my 2nd post on the forum, however, I lean heavily on this site for AS9100 guidance - simply wouldn't know how to do my job without y'alls help for which I'm very grateful! A little about me -- I had a 30 year career in the Human Resources field, ending up as VP, that is until the recession took hold, then I'm in the unemployment line with millions of others. Not old enough to retire <<<sigh>>> a friend asked me to come on board as his Quality Manager --- knowing full well I had NO AS9100 knowledge at all! I'm still here after 3 years and have earned a lot more gray hair as a result!

My question to you is.... If risks on continuous repeat (blanket) orders have been mitigated during contract review, and/or no action is required; are we still required to list the risks on each and every order they submit?

Thank you in advance! Sharon

 

[J0anne]

You need to communicate residual risk.

 

[Marc]

I looked here: https://en.wikipedia.org/wiki/Residual_risk

How would that be calculated during contract review with regard to AS9100? What would be taken into consideration?

 

[SBraddyQMR]

You need to communicate residual risk.

Thank you Joanne for your response. We manufacture wire rope and have some governmental agencies as customers. How would residual risk factor in here?

 

[dsanabria]

Hi there! This is only my 2nd post on the forum, however, I lean heavily on this site for AS9100 guidance - simply wouldn't know how to do my job without y'alls help for which I'm very grateful! A little about me -- I had a 30 year career in the Human Resources field, ending up as VP, that is until the recession took hold, then I'm in the unemployment line with millions of others. Not old enough to retire <<<sigh>>> a friend asked me to come on board as his Quality Manager --- knowing full well I had NO AS9100 knowledge at all! I'm still here after 3 years and have earned a lot more gray hair as a result!

My question to you is.... If risks on continuous repeat (blanket) orders have been mitigated during contract review, and/or no action is required; are we still required to list the risks on each and every order they submit?

Thank you in advance! Sharon

Here is what the standard says

7.1.2 Risk Management

"The organization shall establish, implement and maintain a process for managing risk to the achievement of applicable requirements, that includes as appropriate to the organization and the product."

So, while there is no requirement to perform a risk assessment, if it is not applicable or appropriate, it will be a good point to quickly verify that any previous risk are continue to be properly mitigated.

NOTE: the upcoming changes to the requirements is involving risk approach to other areas of production - start thinking mitigation for internal processes as well.

 

[dsanabria]

You need to communicate residual risk.

Could not find "residual risk" in the AS9100 standard

 

[J0anne]

Product liability law - if you do not communicate residual risk, you are still liable for any consequences. Standards are voluntary and law is not.

 

[dsanabria]

Product liability law - if you do not communicate residual risk, you are still liable for any consequences. Standards are voluntary and law is not.

While I follow you - please explain to the Aerospace folks in this forum how is it implemented without legalize. If it is not in the standard - auditors can not audit to it or write it up.

Residual risk or liability are flown down to everyone via a document call "Terms and Condition" - Not audited to the standard but reviewed by attorneys and owner.

The original question wanted to know if the risk assessment of the process needed to be re-evaluated every single time.

 

[SBraddyQMR]

While I follow you - please explain to the Aerospace folks in this forum how is it implemented without legalize. If it is not in the standard - auditors can not audit to it or write it up.

Residual risk or liability are flown down to everyone via a document call "Terms and Condition" - Not audited to the standard but reviewed by attorneys and owner.

The original question wanted to know if the risk assessment of the process needed to be re-evaluated every single time.

EXACTLY!! Thank you DSanabria! I was getting lost with terms I could not locate in the standard!

 

[gpainter]

From a liability perspective I believe only if something has changed does a RA need to be done. Regardless, I believe that you should do a review every three years. One never knows what has changed or what is new that could reduce the risk. You will get sued, you will more than likely have to pay and it is just the question of "How Much?" Good RA will help keep the amounts down. If your Customer wants you to do it-then you have your answer!