Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management With Customer Focus

Published byJared Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Management With Customer Focus"— Presentation transcript:

1 Risk Management With Customer Focus
Kevin Beard Risk Management With Customer Focus How Many In the Room Are Risk Experts More than you think We Encounter Risks Every Day We Manage Risks Every Day Travel – Getting places on Time Auditing – Value Added Perception By Customer Many Different Aspects On Risk Financial Natural Hazards Geopolitical Endless Discussions On Risk Type & Nature Scope Of Applicability Company Size

2 Introduction To Risk Discuss Risk/QMS Relationship Concepts
Introduction to Risk/QMS in AS9100c Additional & Sanctioned Training to Be Provided By OPMT Case Studies & Audience Participation

3 Introduction To Risk How Do We Currently View Risk In AS9100b
Customer Requirements Other Parts of Std.??? How Many Have Read AS9100c What Do We See As The Difference Structure?? New Individual Requirements?? Underlying Concept that Applies Across the Standard?? Why Are We Discussing Risk Today Complex Concept Difficult to Understand Difficult to Explain to Customers Therefore, Difficult to Audit AS9100b Risk Shows Up Only 1 Time (Section 7.2.2) How Many People Believe Risk is Applicable in other sections of the Standard? ISO 9001 Risk Does Not Show Up Anywhere How Many People Believe Risk is Applicable in ISO 9001? Need to get a head start on Risk Audience Interaction

4 What is Risk? A risk is a potential future event that could result in adverse and unplanned consequences. A risk is NOT a Problem, an Issue, or a Crisis! Risk is a measure of the potential inability to achieve overall program objectives within defined cost, schedule and technical constraints. (Reference: Risk Mgt Guide for DoD Acquisition, 4th Edition, June 2003)

5 What is Risk? Risk Management Processes Product & Technical Risks
Risk Mitigation Behaviors within a process

6 What is Risk? Risk Management Processes Product & Technical Risks
Risk Mitigation Behaviors within a process

7 Risk Management Processes
Risk Planning The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. Risk Identification The step of discovering and defining all risks inherent in your program or project. Risk Assessment The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. Risk Handling The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. Risk Monitoring The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process. Does This Look Familiar to Most Companies in the Room? Does This Have a Big Company Feel? Does This Have a Small Company Feel? How Does it Apply to Small Companies Similar Applicability Lesser Approach

8 The Risk Management Process
Risk Manmagement The Risk Management Process - Risk PDCA - Plan Identify Assess Handle Monitor Plan Do Check Act Notes: Copyright 2009 NQA USA All rights reserved 8

9 What is Risk? Risk Management Processes Product & Technical Risks
Risk Mitigation Behaviors within a process

10 Product & Technical Risks
Complexity of Design Criticality of Product for End Use New or Unproven Process or Technology Organizational Capability to Design or Build Product New or Unproven Process to Organization New Technology to Company Items or Requirements That are Candidates for Risk Management Processes Others??

11 What is Risk? Risk Management Processes Product & Technical Risks
Risk Mitigation Behaviors within a process

12 Risk Based Decisions & Behaviors
Identification Discovering and defining all risks inherent in your program, project, process, or task. Communication Communicating Risks to all Relevant Individuals and Processes Risk Understanding Understanding the Risks and How they affect your Function or Process Decision Making (Risk Based) Making Choices on application of ‘Individual Options’ and ‘Process Options’ Risk Behaviors Knowledge of Identified Risks Knowledge of Process Options Application of Identified Risk Topics to ‘Process Options’ Risk Process is not Limited to Individuals QMS Is Made up of a Collective Of individuals Similar to QMS Philosophies, How do Individuals Work Together In A Risk Management Process

13 Requirements & Risk Based Decisions
How Communicated Operational Options that Need Risk Oriented Decisions associated with Critical Requirements Design Approach V&V Approach Monitor & Insp. Approach Supplier Oversight Where Identified What Decisions RFQ Proposal Contract Design Manufact. Integrate Product Delivery Where Are Risks Identified? How Are they Communicated? Applicable to Both Big & Small Companies Monitoring and Inspection Activities Communication of Supplier Requirements -Key Characteristics- Purchasing Suppliers All Requirements are not created equal

14 AS 9100 – 3.1 Terms and Definitions
Risk - An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.

15 Variable Risk Application Approach
Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) Type Project Production Service Size Large Medium Small Product X Process People Risk Management Processes See SR/CI Discussions Makes Life Harder for Auditors Hopefully this discussion will give the auditors some insight to support discussions with & Auditing of your customers Audience Interaction How Does Risk Approach Vary? Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. Audit Approach & Questioning Will Need to Vary Also.

16 Theory Applied Risk Management Processes Product & Technical Risks
PDCA Indentify Assess Handle Monitor Risk Mitigation Behaviors within a process

17 AS 9100 – Risk Management The organization shall establish, implement and maintain a process for managing risk to the achievement of applicable requirements, that includes as appropriate to the organization and the product a) assignment of responsibilities for risk management, b) definition of risk criteria (e.g., likelihood, consequences, risk acceptance), c) identification, assessment and communication of risks throughout product realization, d) identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria, and e) acceptance of risks remaining after implementation of mitigating actions. Processes Behaviors Risk Process Defined in a-d Risk Behavior Focus from c & d 7.1.2.b How do Organizations address Consequence & Likelihood? Big & Small Companies Various Organizations within a company How do Organization's plan mitigation for identified items Tools FMEA Approach P-FMEA Approach

18 Risk Impacts – P.P.P. Product Process People Capability
7.1.2 Risk Management c) identification, assessment and communication of risks throughout product realization, d) identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria, Product Process People Capability Consequence & Likelihood FMEA Critical Safety Items Requirements Evaluation Process FMEA Process Requirements Evaluation Competency Levels Prod/Proc Proficiency Supplier Capabilities Communication Customer/User Needs IPTs Specification & Drawings Design Critical Items Key Characteristics CM Processes Task Specific Training Task Specific OJT Supplier Interaction Plan, Implement, Control Mandatory Insp. Points Design Review Inspection Approach Product Audits Production Planning Config Control Boards Process Audits Configuration Audits Job Assignments Metric Analysis Technical Audits Supplier Oversight Audience Interaction

19 AS 9100 – Risk Management 7.2.2 Review of requirements related to the product e) risks (e.g., new technology, short delivery time frame) have been identified (see 7.1.2). 7.4.1 Purchasing process f) determine and manage the risk when selecting and using suppliers (see 7.1.2). 8.5.3 Preventive action NOTE Examples of preventive action opportunities include risk management, error proofing, failure mode and effect analysis (FMEA), and information on product problems reported by external sources. 8.2.4 When the organization uses sampling inspection as a means of product acceptance, the sampling plan shall be justified on the basis of recognized statistical principles and appropriate for use (i.e., matching the sampling plan to the criticality of the product and to the process capability). Specific Use of Word ‘Risk” Risk As A Theme Permeates AS9100 in Many Ways

20 AS 9100 – Risk Management Does Risk Apply in Other Parts of the AS9100 Standard Explicit? Implied? How does this apply throughout the AS9100 standard Processes? Decisions/Behaviors? 4.1 General Management System Requirements 7.1 Product Realization Planning 7.3 Design & Development Lifecycle Processes 7.5 Production & Service Provision 8.1 Measurement, Analysis & Improvement Indirect Use of Work “Risk” “Where Appropriate” What does this mean to group Audience Interaction

21 Potential Impacts – Large Companies
Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) Prog/Proj Eng. Supplier Mgmt S&MA Individual Tasks Others Risk Resp. Assignment X Risk Definition ID, Assess, Comm. Implement & Management Acceptance Risk Management Processes Auditors Audit People Are These People We have Audited in the Past Do We Ask Them The Risk Based Questions Auditors Should Have A Line Of Questioning For Each Type of Function See SR/CI Discussions Audience Interaction How Do Risk Responsibilities Vary? Program – Cost, Schedule, Technical Engineering – Design, Technology Capability, Others Supplier Management – Supplier Capability, Cust/Supplier Interface, Others S&MA – Independent Oversight (Processes, Suppliers, Etc.), Others Individuals – Application of Risk to Option Decisions

22 Potential Impacts – Small Companies
Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) Sales, Contracts Prod. Planner Purch Manuf Inspector Other Risk Resp. Assignment X Risk Definition ID, Assess, Comm. Implement & Management Acceptance How Do Risk Responsibilities Vary? Sales & Contracts – Understanding of User Needs/Requirements & Comparison of User Needs To Organizational Capabilities Production Planner – Applying “Appropriate” Methods Associated with Risk to Meeting User Needs & Requirements Purchasing – Vendor Capability, Risk/Criticality Communication, Others Manufacturing – Applying “Appropriate” Methods Inspector – Independent Verification Individuals – Application of Risk to Option Decisions Risk Management Processes See SR/CI Discussions Audience Interaction

23 Risk Case Studies What Have We Covered?
General Discussion on Risk Theories Relationship to AS9100c Standard Time to put your Auditor Hats Back On Case Studies Risk Associated With Product Risk Associated With Processes Risk Associated With People

24 Product Risk in Lower Tier Organizations
Process People What Are Risks & Impacts?? In Your Pre-Audit Planning, You Find that the Organization’s Customer provided the Organization with a PO on a very challenging task that includes providing a product that is more complicated than other products previously manufactured. What Additional Questions Would You Pursue in Pre-Audit Discussions Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) Area Where Risks Might Be Identified (7.1.2 c) Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) How Are Risks Communicated (7.1.2 c) What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) Onsite Audit Types of Questions You Would Pursue Types of Issues/Findings That May Develop Where Are Risks Identified? How Are they Communicated? Applicable to Both Big & Small Companies What Are the Potential Risks? How & Where Do You Determine the Risks? How Do You Communicate the Risks? What Are the Mitigation Approaches? How is this Risk Management Approach Defined in Your QMS? How are these Risk Actions Documented in Your QMS Records? Audience Interaction

25 Process Risk in Lower Tier Organizations
Product Process People What Are Risks & Impacts?? In Your Pre-Audit Planning, You Find that the Organization’s Customer provides the organization with a PO that includes a task that you do not have the capability for. You outsource this task to a vendor that you have never used before. What Additional Questions Would You Pursue in Pre-Audit Discussions Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) Area Where Risks Might Be Identified (7.1.2 c) Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) How Are Risks Communicated (7.1.2 c) What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) Onsite Audit Types of Questions You Would Pursue Types of Issues/Findings That May Develop Where Are Risks Identified? How Are they Communicated? Applicable to Both Big & Small Companies What Are the Potential Risks? How & Where Do You Determine the Risks? How Do You Communicate the Risks? What Are the Mitigation Approaches? How is this Risk Management Approach Defined in Your QMS? How are these Risk Actions Documented in Your QMS Records? Audience Interaction

26 People Risk in Lower Tier Organizations
Product Process People What Are Risks & Impacts?? In Your Pre-Audit Planning, You Find that the Organization’s Customer transferred a large contract to this organization. The organization had to increase your workforce by 20% and add shift work. In your last audit your recall that the Organization was Working at/near capacity. What Additional Questions Would You Pursue in Pre-Audit Discussions Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) Area Where Risks Might Be Identified (7.1.2 c) Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) How Are Risks Communicated (7.1.2 c) What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) Onsite Audit Types of Questions You Would Pursue Types of Issues/Findings That May Develop Where Are Risks Identified? How Are they Communicated? Applicable to Both Big & Small Companies What Are the Potential Risks? How & Where Do You Determine the Risks? How Do You Communicate the Risks? What Are the Mitigation Approaches? How is this Risk Management Approach Defined in Your QMS? How are these Risk Actions Documented in Your QMS Records? Audience Interaction

27 Theory Applied Risk Management Processes Product & Technical Risks
Risk Mitigation Behaviors within a process

28 Special What??? Characteristic Key Critical Items Special Requirement
How Many have followed the various drafts of the AS 9100 Rewrite Critical > Essential > Special Most Hotly Discussed Topic for the Rewrite Why Different Business Models in Different Sectors Desire to Recognize Changing Role of Design in the Supply Chain Not All Industries Have A Reliance on Complex Engineering Processes Internally or in Their Supply Chain Less Applicable to Lower Tiers in the Supply Chain Therefore It is somewhat of a Foreign Concept to Some Quality Professionals

29 3 Terms and Definitions 3.2 Special requirements
Those requirements identified by the customer, or determined by the organization, which have high risks to being achieved thus, requiring their inclusion in the risk management process. Factors used in the determination of special requirements include product or process complexity, past experience and product or process maturity. Examples of special requirements include performance requirements imposed by the customer that are at the limit of the industry’s capability, or requirements determined by the organization to be at the limit of their technical or process capabilities.

30 3 Terms and Definitions 3.3 Critical items
Those items (e.g., functions, parts, software, characteristics, processes) having significant effect on the product realization and use of the product; including safety, performance, form, fit, function, producibility, service life, etc.; that require specific actions to ensure they are adequately managed. Examples of critical items include safety critical items, fracture critical items, mission critical items, key characteristics, etc.

31 3 Terms and Definitions 3.4 Key characteristic An attribute or feature whose variation has a significant effect on product fit, form, function, performance, service life or producibility, that requires specific actions for the purpose of controlling variation. NOTE Special requirements and critical items are new terms and, along with key characteristics, are interrelated. Special requirements are identified when determining requirements related to the product (see 7.2.1). Special requirements may then require the identification of critical items. Design output (see 7.3.3) may then include identification of critical items that require specific actions to ensure they are adequately managed. Some critical items will be further classified as key characteristics because their variation needs to be controlled.

32 Special Requirements, Critical Items & Key Characteristics
Key Characteristics Simplified Communication of Criticality Between Engineering & Production In House Production or Outsourced Production Special Requirements & Critical Items Simplified Communication of Criticality Between Customer & Organization (SR) Engineering & Engineering (CI) In House Engineering or Outsourced Engineering Common Expectations Consideration for Use of More Rigorous Controls in Process Risk Based Approach to Identification, Analysis and Communication of Customer and Product Requirements

33 Special Requirements, Critical Items & Key Characteristics
Communication & Understanding of Risks Risk Based Decisions and Actions in Individual Processes Operational Options that Need Risk Oriented Decisions associated with Special Requirements Design Approach V&V Approach Monitor & Insp. Approach Supplier Oversight Identification of Critical Items & Key Characteristics Identification of Special Requirements RFQ Proposal Contract Design Manufact. Integrate Product Delivery Monitoring and Inspection Activities Communication of Supplier Requirements -Key Characteristics- Purchasing Suppliers All Requirements are not created equal

34 7.1 Planning of Product Realization
The organization shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the quality management system (see 4.1). In planning product realization, the organization shall determine the following, as appropriate: a) quality objectives and requirements for the product; NOTE Quality objectives and requirements for the product include consideration of aspects such as − product and personal safety, − reliability, availability and maintainability, − producibility and inspectability, − suitability of parts and materials used in the product, − selection and development of the software that contributes to the function of the product, and − recycling or final disposal of the product at the end of its life. f) configuration management appropriate to the product, its context and environment; g) the identification of resources to support the use and maintenance of product. The output of this planning shall be in a form suitable for the organization's method of operations. Identification & Communication Identification Communication Risk Understanding Decision Making What are Quality Objectives/Requirements for Product

35 7.2.2 Review of Requirements Related to Product
7.2.1 Determination of requirements related to the product The organization shall determine a) requirements specified by the customer……. b) requirements not stated by the customer but necessary for specified or intended use, where known, c) statutory and regulatory requirements applicable to the product, and d) any additional requirements considered necessary by the organization. NOTE Requirements related to the product can include Special Requirements 7.2.2 Review of requirements related to the product The organization shall review the requirements related to the product. This review shall be conducted prior to the organization's commitment to supply a product to the customer …… and shall ensure that a) product requirements are defined, c) the organization has the ability to meet the defined requirements, d) special requirements of the product are determined, and e) risks (e.g., new technology, short delivery time frame) have been identified (see 7.1.2). Under- standing Identification & Communication

36 7.3.1 Design and Development Planning
Where appropriate, the organization shall divide the design and development effort into distinct activities and, for each activity, define the tasks, necessary resources, responsibilities, design content, input and output data and planning constraints. The different design and development tasks to be carried out shall be based on the safety and functional objectives of the product in accordance with customer, statutory and regulatory requirements. Under- standing Does not Say SR/CI Is this Statement Applicable to Risk?? To SR/CI?? How is it applicable (7.2.1 a-d)

37 Design and Development Outputs & Verification/Validation
The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release. Design and development outputs shall e) specify, as applicable, any critical items, including any key characteristics, and specific actions to be taken for these items. 7.3.6 Design and development validation Design and development validation shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, where known. Design and/or development verification and validation documentation At the completion of design and/or development, the organization shall ensure that reports, calculations, test results, etc., demonstrate that the product definition meets the specification requirements for all identified operational conditions. (7.1.2.e – Acceptance of Risk) Identification & Communication Decision Decision

38 7.5.1 Control of Production and Service Provision
7.4.2 Purchasing information Purchasing information shall describe the product to be purchased, including where appropriate e) requirements for design, test, inspection, verification, use of statistical techniques for product acceptance, and related instructions for acceptance by the organization, and as applicable critical items including key characteristics, 7.5.1 Control of production and service provision Planning shall consider, as appropriate − establishing, implementing and maintaining appropriate processes to manage critical items, including process controls where key characteristics have been identified, 8.2.4 Monitoring and measurement of product When critical items, including key characteristics, have been identified the organization shall ensure they are controlled and monitored in accordance with the established processes. Identification & Communication Decision Decision

39 SR/CI Case Studies What Have We Covered?
General Discussion on SR/CI Theories Relationship to AS9100c Standard Time to put your Auditor Hats Back On Case Study SR/CI - Space Audience Interaction

40 Risk Areas Of Risk Focus Product Process Behaviors Processes Products
Program plans Structured Independence Processes Mission Assurance Plan (MAP) Defining of risk controls Products Product Meets Requirements Reliability program requirements Critical items control & management Mission/Product Assurance Processing induced hazards Behaviors Risk Identification Analysis & Prioritization Elevation of risk (communication) Mitigation Decision Making Human factors skill / training AS9100 Standard Realization Process Risk Planning Contracts Design Procurement Manufacturing Inspection Areas Of Risk Focus Product Process Behaviors

41 Risk Management Processes
To Much QMS Focus on Compliance To QMS Requirements Cost & Schedule Need Additional Focus on Risk & Risk Based Decisions Process Product Why do we think this change to the standard was made?

42 Potential Impacts To Organizations
Processes Program Management Engineering Purchasing Supplier Management S&MA Others Procedures Project & Design Lifecycles Procurement S&MA, SR&QA, Product Assurance, Etc. People Identification and Communication of Risk Understanding Options Within Processes, and Associated Decision Options Application of Risk in Decision Making Process

43 Challenges (i.e. Implementation Risks)
CBs & Auditors Understanding the Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle Educate Yourselves on the Broadness of Risk Applicability in a QMS Develop Sensible But Meaningful Approaches to Auditing Risk Plan for a Successful Role out of a Risk Audit Approach Communicate with Audit Staff & Other Affected Parties Communicate with Your Customers on Applicability of Risk within their QMS Balanced Application of Cost, Schedule & Risk within an Organizations QMS. Ensuring Processes Identify and Communicate Risks & Appropriated Decisions are Made to Ensure that Risks are Handled Ensure Consistency to Mitigate Confusion Not Covered in This Presentation Risk & Project Management Risk & Configuration Management

44 Questions ?? Characteristic Key Critical Items Special Risk
Requirement Items Special How Many have followed the various drafts of the AS 9100 Rewrite Critical > Essential > Special Most Hotly Discussed Topic for the Rewrite Why Different Business Models in Different Sectors Desire to Recognize Changing Role of Design in the Supply Chain Not All Industries Have A Reliance on Complex Engineering Processes Internally or in Their Supply Chain Less Applicable to Lower Tiers in the Supply Chain Therefore It is somewhat of a Foreign Concept to Some OEM Quality Professionals Risk

Download ppt "Risk Management With Customer Focus"

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
ISO 9001:2000 Documentation Requirements

ISO 9001:2000 Documentation Requirements
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Transition from Q1- 8th to Q1- 9th edition

Transition from Q1- 8th to Q1- 9th edition
Environmental Management System (EMS)

Environmental Management System (EMS)
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
ISO 9001 : 2000.

ISO 9001 : 2000.
EPSON STAMPING ISO 9000 1 REV 1 2/10/2000.

EPSON STAMPING ISO REV 1 2/10/2000.
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
Purpose of the Standards

Purpose of the Standards
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.

Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
ISO 9001:2000 Intro Presented By: Brad D. Agenda Overview of QMS Fundamentals ISO 9001:2000 Overview & Requirements.

ISO 9001:2000 Intro Presented By: Brad D. Agenda Overview of QMS Fundamentals ISO 9001:2000 Overview & Requirements.
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
4. Quality Management System (QMS)

4. Quality Management System (QMS)
4. Quality Management System (QMS)

4. Quality Management System (QMS)
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan
Huzairy Hassan School of Bioprocess Engineering UniMAP.

Huzairy Hassan School of Bioprocess Engineering UniMAP.
Fundamentals of ISO.

Fundamentals of ISO.

Similar presentations

Ads by Google