Risk Management - Where to begin?

[Jane27]

My understanding is that there needs to be objective evidence that risk has been considered with each new sales order/ contract. This does not necessarily mean that a full risk assesment needs to be performed on each new job. Currently we assess feasibility and risk during the quote phase but we don't use risk priority numbers etc. We DO put together a FMEA for automotive jobs, but this represents only about 15-20% of the business.

I am looking for suggestions on how to comply with the standard in the simplest fashion possible for the 80% of our business which we do not perform FMEA's for. The company is a precison machine shop that manufactures to blue print for aerospace, automotive, military, telecom & commercial. We are certified to AS 9100.
Thanks

 

[dkusleika]

Re: Risk Management- Where to begin?

We use a sign-off during the work order creation process. When the sales order is reviewed and a work order is created, the first sign off is that risks have been considered. In our procedure, we list the risks that the reviewer considers (ability to meet deadlines, COTS modifications, obsolete parts) with the obligatory "not limited to" language. If risks are identified that are outside of the normal business process, there is a spot on the work order for the reviewer to note them. It may say "do not acknowledge order until lead time of part x is established" or something like that.

In short, we use a simple sign off as "objective evidence" that risks were assessed on orders.

 

[Jane27]

Re: Risk Management- Where to begin?

Thanks, that is very helpful. Do you ever generate anything more intensive than that...and if so do you use a form?

We use a sign-off during the work order creation process. When the sales order is reviewed and a work order is created, the first sign off is that risks have been considered. In our procedure, we list the risks that the reviewer considers (ability to meet deadlines, COTS modifications, obsolete parts) with the obligatory "not limited to" language. If risks are identified that are outside of the normal business process, there is a spot on the work order for the reviewer to note them. It may say "do not acknowledge order until lead time of part x is established" or something like that.

In short, we use a simple sign off as "objective evidence" that risks were assessed on orders.

 

[dkusleika]

Re: Risk Management- Where to begin?

Not really. Sometimes the risk notes on the work order are long and intensive, but it's just free form text - whatever the reviewer wants to write. Our risks are pretty predictable, but I wouldn't be opposed to doing a quick and dirty FMEA on an order that was particularly onerous. It just hasn't come up.

I find the vast majority of our order risks can mitigated at the time of the review. If there's a tight schedule, we get production to agree to it before we acknowledge. If there's a new product or feature, we get engineering to confirm that it will be complete. If there's an obsolete part, we get purchasing to get a lead time from the supplier.

 

[Jane27]

Re: Risk Management- Where to begin?

Excellent...total common sense!

 

[rickpaul01]

Re: Risk Management- Where to begin?

There are so many different kinds of risks that I found the thought of a simple one-size-fits-all sign-off form impractical. Remember, risk is not new, it has always been in AS9100. For example, we always perform Feasibility Review on all new parts, and it has it’s own sign-off. A purchase order has it’s own sign-off. We did not have to create these to meet Rev C, they already existed. I simply documented what type of risk management tools we are already using and declared that the process results in acceptable risk.

 

[Jane27]

Re: Risk Management- Where to begin?

@ rickpaul01, great feedback. Thanks.

 

[Wes Bucey]

Re: Risk Management- Where to begin?

My understanding is that there needs to be objective evidence that risk has been considered with each new sales order/ contract. This does not necessarily mean that a full risk assesment needs to be performed on each new job. Currently we assess feasibility and risk during the quote phase but we don't use risk priority numbers etc. We DO put together a FMEA for automotive jobs, but this represents only about 15-20% of the business.

I am looking for suggestions on how to comply with the standard in the simplest fashion possible for the 80% of our business which we do not perform FMEA's for. The company is a precison machine shop that manufactures to blue print for aerospace, automotive, military, telecom & commercial. We are certified to AS 9100.
Thanks

There are so many different kinds of risks that I found the thought of a simple one-size-fits-all sign-off form impractical. Remember, risk is not new, it has always been in AS9100. For example, we always perform Feasibility Review on all new parts, and it has it’s own sign-off. A purchase order has it’s own sign-off. We did not have to create these to meet Rev C, they already existed. I simply documented what type of risk management tools we are already using and declared that the process results in acceptable risk.

@ rickpaul01, great feedback. Thanks.

The point is that it is just good business practice to perform a type of FMEA (Failure Mode & Effects Analysis) or Risk Assessment on each new order - essentially, we ALL ask ourselves, "What if?" The difference is that compliance with a Standard requires documenting the question and answer together with measures taken to avoid the risk or ameliorate the effect by assuring nonconforming material does not reach the customer.

Obviously, especially in a precision machining environment, there are some risks common to every job (material shortage, tooling breakage, machine malfunction, misreading or misinterpreting engineering drawings, etc.) and some that may be unique to a particular order, such as requiring a special inspection process, instrument, or jig.

The point in using any form is to be sure to make allowance for those special risks on one form (perhaps with a blank space or an added page?), rather than separate forms. The idea of NOT performing FMEA or risk analysis

for the 80% of our business which we do not perform FMEA's for. The company is a precison machine shop that manufactures to blue print for aerospace, automotive, military, telecom & commercial. We are certified to AS 9100.

is NOT consistent with compliance to AS9100.

 

[Jason PCSwitches]

Re: Risk Management- Where to begin?

I just upgraded a company to rev. c and this was a topic that was well debated.

1st off, IMHO, the standard is way to general in this aspect. It is not taking into consideration the small machine shop compared to the large organization that assembles the panel or engine. It's a much different animal dependent on the function.

That being said, the standard does not require risk to be assessed on EACH project/order; only that it is defined/identified, communicated & managed. If an organization is specialized, risk can be defined in general terms and easily documented.

I'm sure (again IMHO) that this part of the standard will be revised when the committee considers the insurmountable amount of feedback that it is going to receive because it's an open door for those "less knowledgeable" auditors to write away on when it comes to small business. Not productive in that aspect at all. There is a value to this but it needs to be amended.

 

[Jane27]

Re: Risk Management- Where to begin?

I phrased that incorrectly, of course we analyze risk for all of our jobs, I just meant that we don't draft a formal FMEA for every job. Jobs that present too much risk aren’t quoted if the risk isn't manageable. My goal is to comply with the standard in a way that is beneficial to my company/ supports a lean environment & doesn't add a bunch of impressive looking documentation for the sake of merely complying.

Thanks for your feedback.