LESSON 3 Quality Assurance Risk Assessment Lesson 4: Safety Stock

Definitions Risk Consequence (aka Risk Impact) - is driven by the requirements of the contract. It represents the consequence of an uncertain event or condition occurring. Risk consequence cannot be influenced by GCQA surveillance. So, unless the customer changes the requirement, the QAS cannot ever change the risk consequence. However, the scope of the surveillance must be based on the risk consequence. Risk Likelihood - is based on the supplier’s performance. It is perfectly acceptable to have a high-risk consequence and low- risk likelihood based on the supplier’s performance.

Lesson Introduction Given a contract technical data package, you will be able to complete a Quality Assurance (QA) risk assessment using the Risk Profile and Plan Tool.

Lesson Objectives Upon completion of this lesson, you should be able to: Explain the importance of QA risk assessment to Government Contract Quality Assurance (GCQA) surveillance planning. Outline the QA risk assessment process. Initiate a Risk Profile using the Risk Profile and Plan Tool. Develop a Facility Process List within the Risk Profile and Plan Tool. Assess the consequence of identified risks using the predefined conditions listed in the Risk Statement Generator of the Risk Profile and Plan Tool. Write a Risk Statement using the Risk Statement Generator in the Risk Profile and Plan Tool. Assess Performance Factors for all suppliers and those with higher-level requirements. Lesson 4: Safety Stock

Lesson Objectives (cont.) Upon completion of this lesson, you should be able to: Identify potential causes of an identified risk using the Facility Process List and the Performance Factors Assessment section of the Risk Profile and Plan Tool. Assess the likelihood that an identified risk cause will occur using the Likelihood Table in the Risk Profile and Plan Tool. Identify the Data Collection and Analysis (DC&A) tab, to include the data to collect, data source, and scheduling data analysis. Examine risk assessment results for use in GCQA surveillance planning. Lesson 4: Safety Stock

Lesson Topics During this lesson, you will complete the following topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a DC&A Plan Examining Risk Assessment Results

WIIFM? This lesson is important because as a QAS, you will be required to perform the risk assessment process to plan/update GCQA surveillance.

Importance of QA Risk Assessment Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 1: Importance of QA Risk Assessment Risk Assessment is the process used to identify, assess, and document risks to quality and technical performance of contracts that require GCQA surveillance. Lesson 4: Safety Stock

Why Risk Assessment Risk Assessment: Provides an effective means of determining the appropriate type and amount of GCQA. Helps sort through all of the contractual requirements and identify risk causes for GCQA surveillance planning. Captures the risks, the consequences of the risks, the potential causes, and the likelihood of the cause occurring through the use of the Defense Contract Management Agency (DCMA) Risk Profile and Plan.

The QA Risk Assessment Process Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 2: The QA Risk Assessment Process Risk assessment concept Risk statement Eight risk assessment process steps Risk Profile and Plan Tool Risk Assessment Consequence Assessment Risk Statement Potential Cause Assessment Likelihood Assessment Lesson 4: Safety Stock

QA Risk Assessment Concept Consequence Assessment Risk Statement Potential Cause Assessment Likelihood Assessment

Consequence Assessment Likelihood Assessment Risk Statements Risk Statement Consequence Assessment What would happen if the risk statement were to occur? Cause Assessment What process, product, or system failures would cause the risk statement to occur? Likelihood Assessment What is the likelihood that the cause or potential causes will occur?

Risk Assessment Process Steps 1: Initiate Risk Profile Steps 2: Develop/Update Facility Process List 3: Perform Risk Consequence Assessment 4: Generate Risk Statement(s) 5: Conduct Performance Factors Assessment 6: Identify Risk Cause(s) 7: Determine Likelihood 8: Complete Risk Profile

Question and Answer What is the first step in the Risk Assessment Process? Develop Performance Factors for All Suppliers Determine likelihood of risk cause Identify risk cause Initiate Risk Profile

Risk Profile & Plan Tool Spreadsheet Overview Individual sections of the Risk Profile and Plan Tool

Table of Contents

Tab 1: Facility Process List Lists all manufacturing and support processes associated with contract, program, or facility. This is not a list of surveillance requirements.

Tab 2: Risk Statement Generator Identify risk consequence based on a predefined conditions and questions list to generate risk statements.

Tab 3: Performance Factors (All Suppliers) Identifies potential causes of the risk statements based on the supplier’s current and past performance. Applicable to all suppliers [Federal Acquisition Regulation (FAR) 52.246-2 and -11].

Tab 4: Performance Factors (Higher Level) Identifies additional potential causes of the risk statements based on the supplier’s current and past performance. Applicable to FAR 52.246-11 suppliers.

Tab 5: Risk Profile & Plan Risk Profile and Plan Provides the minimum documentation of the applicability of specific risk factors and documents the relationship between risk factors and planned GCQA surveillance.

Tab 6: Sample Risk Profile Plan Sample RPP Examples and explanatory notes.

Tab 7: Update Log RP&P Update Log Record of RPP updates, revisions ……. RPP configuration management.

Tab 8: DC&A Plan DC&A Plan Results of data collection and analysis are used as a key component for the Performance Factor Assessment.

Tab 9: Risk Cause Likelihood Used to assess the likelihood that the identified risk cause will occur.

Question and Answer Which tabs are used to identify the causes of risk statements based on the supplier’s current and past 12 months’ performance? (Select all that apply.) Risk Statement Generator Performance Factors (All Suppliers) Performance Factors (Higher Level) Risk Profile

Initiating a Risk Profile Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 3: Initiating a Risk Profile Risk profile header information Minimum requirements Exceptions Lesson 4: Safety Stock

Initiate Risk Profile Header Supplier Risk Profile Last Risk Evaluation Performed:   Latest Change/Update RP&P update Log Supplier Name: CAGE Code Address: QA Specialist Name: Plan Type Supplier POC Contract Number Supplier POC Phone Program: Highest Level Quality Requirement: Risk Statements (Use risk statements generated from Risk statement generator tab) Consequence of Risk Statement Occuring Risk Causes (Supplier Processes or Controls) Likelihood of Risk Cause Occurring (See Consequence Indicators on RSG) (See Performance Factors) Consequence RR #### Likelihood RR High Moderate Low Minimum documentation required Basic supplier information Plan Type (program, contract, or facility) Quality Management System (QMS) requirement

Exceptions A Risk Profile may not be required for subcontract Letters of Delegation (LODs) received to verify or witness specific tasks Activities in the delegation serve as the surveillance plan LOD Select graphic for a sample LOD

QALI Exceptions (cont.) Specific mandatory requirements in Quality Assurance Letters of Instruction (QALIs) or LODs do not require a risk assessment DCMA QA responsibility for prime contracts are not limited to the QALI requirements Specific requirements shall be identified in the surveillance plan QALI Select graphic for a sample QALI

Exercise 1: Risk Profile and Plan Header Students work in pairs to complete the Risk Profile and Plan Header information in the Risk Profile & Plan tab. One student open the Blank_Risk_Profile_and_Plan.xlsx file to record the information. One student open: Completed Contract Technical Review (CTR) results (pdf) file from Module 3, Lesson 1 ValleyForgings_Contract.pdf Use the Contractor and Government Entity Code (CAGE) entered in the Module 1, Lesson 1 CTR Exercise Save Risk Profile and Plan with a new name for use in later exercises Time: 10 minutes

Developing a Facility Process List Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 4: Developing a Facility Process List Facility Process List identifies processes suppliers use to: Design Produce Deliver Facility Process List is a tab on the Risk Profile and Plan Tool Supplier Process In-House/ Subcontracted (Make or Buy) Notes: Include comments, Vendor or Facility Location, etc. as applicable Control of Purchases In-house Purchasing Department, Bldg 35 Calibration Calibration lab, Bldg 6 Welding Subcontracted Joe Welding, Inc. Milling Machine shop Heat Treat Snell House of Heat Treating Inc. Eddy Current Test/Inspection lab Document Control QMS process Leakage Test Environmental Test Lab, Bldg 12 Electrochemical Machining Acme Plating Co. Painting Paint shop Lesson 4: Safety Stock

Facility Process List List is part of the Risk Profile and Plan Tool spreadsheet QMS may be listed as a single process or individual clauses Based on flow of product/data through the supplier’s facility Begin at packaging/shipping Work backward through all manufacturing and/or support processes Develop a Flow Chart (Recommended) Supplier Process In-House/ Subcontracted (Make or Buy) Notes: Include comments, Vendor or Facility Location, etc. As applicable Control of Purchases In-house Purchasing Department, Bldg 35 Calibration Calibration lab, Bldg 6 Welding Subcontracted Joe Welding, Inc. Milling Machine shop Heat Treat Snell House of Heat Treating Inc. Eddy Current Test/Inspection lab Document Control QMS process Leakage Test Environmental Test Lab, Bldg 12 Electrochemical Machining Acme Plating Co. Painting Paint shop

Facility Process List - Support Processes Support processes are: Supplier processes that support some or all of the manufacturing processes required for product realization The output of support processes do not result in product characteristics Examples of process include: Control of purchases Material Inspection Receiving Report (MIRR) preparation Other similar support processes Wide Area Workflow (WAWF) or DD-250

Facility Process List - Special Processes Special processes are any processes where the resulting output cannot be verified by subsequent measurement. Examples of process include: Shot peening Nondestructive Testing (NDT) Liquid penetrant Magnetic particle Ultrasonic Radiography

Facility Process List - Stryker Armored Vehicle Example Supplier Process In-House/ Subcontracted (Make or Buy) Notes: Include comments, Vendor or Facility Location, etc. as applicable Control of Purchases In-house Purchasing Department, Bldg 35 Calibration Calibration lab, Bldg 6 Welding Subcontracted Joe Welding, Inc. Milling Machine shop Heat Treat Snell House of Heat Treating Inc. Eddy Current Test/Inspection lab Document Control QMS process Leakage Test Environmental Test Lab, Bldg 12 Electrochemical Machining Acme Plating Co. Painting Paint shop

Exercise 2: Develop Facility Process List Pair with previous partner to develop the Facility Process List in the Facility Process List tab. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. One student open: Completed CTR results (pdf) file from Module 3, Lesson 1 ValleyForgings_ManufacturingFlowChart.pdf ValleyForgings_Traveler.pdf Save the Risk Profile and Plan Time: 15 minutes

Risk CONSEQUENCE Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 5: Risk Consequence Assess risk consequence by using the Risk Statement Generator tab in the Risk Profile and Plan tool.

Assess Risk Consequence Risk Statement Generator tool Contains the indicators for high and moderate risk consequence Low risk consequence is the result with no high or moderate conditions

Determine the applicability of each indicator to the contract, facility, and/or product/service

Assess Risk Consequence (cont.) Contract Technical Review provides basis for identifying risks    Contract or purchase order Key or critical characteristics or processes Memorandum of Agreement (MOA), QALI, or LOD Drawings and specifications Risk consequence assessment need not be repeated for each contract, unless additional requirements add an additional risk statements CTR eTool Manual

Exercise 3: Complete a Risk Consequence Assessment Pair with previous partner to assess Risk Consequence in the Risk Statement Generator tab. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. One student open: Completed CTR results (pdf) file from Module 3, Lesson 1 ValleyForgings_ManufacturingFlowChart.pdf ValleyForgings_Traveler.pdf Save the Risk Profile and Plan. Time: 15 minutes

Writing Risk Statements Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 6: Writing Risk Statements Risks statements describe what the QAS wants to avoid. Risk Assessment What might go wrong? What are we afraid could happen? What are we trying to prevent?

Example: Risk Statement Generator (1 of 3) Stryker Armored Vehicle Example Automatic High Risk Impact Indicators High NA For each "yes" answer, write a Risk Statement or revise the Risk Statement to answer the question: “What do we want to make sure doesn’t happen?” 1. Is the product identified as a Aviation or Ship Critical Safety Item? Yes No 2. Is the product a Non-Aviation or Non-Ship CSI? E.g. Life Support, Body Armor, Vehicle Armor, etc.   3. Is the contract subject to Agency Level Memorandum of Agreement (MOA), Delegation of Authority (DOA) that include commitments associated with a high risk characteristic or process, e.g. Space & Missile MCI, Ammunition?    4. Do the product specifications identify critical characteristics or processes? Supplier fails to control processes impacting ballistic capability. Supplier fails to control critical characteristics/processes.

Example: Risk Statement Generator (2 of 3) Stryker Armored Vehicle Example Indicators the Influence level of Risk Impact NA Mod For each "yes" answer, write a Risk Statement or revise the Risk Statement to answer the question: “What do we want to make sure doesn’t happen?” 5. Have special surveillance instructions or risks been identified/documented in a customer QALI, MOA or LOD, which conforms with DFARS PGI 266.103 Yes No 6. Have special surveillance instructions or risks been identified/documented by a Non-DoD customer (NASA, Coast Guard, etc.) in a MOA or LOD?   7. Has the product been designated as a Critical Application Item (CAI) by the procuring activity?    8. Is product complexity (inability to evaluate important characteristics at end item) considered a risk? Supplier delivers product that prevents weapons platform from meeting mission needs. Supplier fails to control major characteristics/ processes. Yes No 9. Do the product specifications identify major characteristics or processes? Yes No 10. Are there special methods, manpower, material, equipment, testing, or environmental requirements involved in manufacturing or producing the product (Special Processes)?

Example: Risk Statement Generator (3 of 3) Stryker Armored Vehicle Example For each "yes" answer, write a Risk Statement or revise the Risk Statement to answer the question: Indicators the Influence level of Risk Impact NA Mod NA “What do we want to make sure doesn’t happen?” 11. Are critical or major components, assemblies or processes performed at the subcontractor level, e.g., electronic parts such as, microcircuits? Yes No 12. Is there first article inspection or testing requirements? Yes No 13. Would product replacement, because of failure, be affected by long lead times? Yes No 14. Are there special data, reviews, activities, deliverable plans, or reporting requirements?     Yes No 15. Is there a Higher Level Quality Requirement (52.246-11)? If yes, identify QMS Standard (ISO 9001:2008, AS9100C, etc.) Yes No NOTE: If all questions above are answered as “No” apply the general risk statement and identify the risk as “Low” for impact. Low General Risk Statement: “Supplier fails to deliver conforming items.”    If all questions are answered “NO,” then the RISK is LOW. Use the General Risk Statement.

Example: Risk Profile and Plan Risk Cause Occurring LOD Required? Remarks & location of records All records filed on the P-Drive at p:/central/DCMA Huntsville/ Quality/Surveillance Records Location of LOD Note vendor & Remarks. Records in Transfer the information from the Risk Statement Generator tab to the Risk Profile & Plan tab.

Exercise 4: Write Risk Statements Pair with previous partner to write risk statements in the in the Risk Statement Generator tab. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. One student open: Completed CTR results (pdf) file from Module 3, Lesson 1 ValleyForgings_ManufacturingFlowChart.pdf ValleyForgings_PerformanceHistory.pdf Write Risk Statements for each question answered “Yes” in Exercise 3. Transfer Risk Statements and impact levels to the Risk Profile & Plan tab. Save the Risk Profile and Plan. Time: 20 minutes

Identifying Potential Causes of Risks Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 7: Identifying Potential Causes of Risks Risk Profile and Plan Tool Performance Factors tabs All suppliers Higher Level Facility Process tab Inspection processes Testing processes Any special processes Lesson 4: Safety Stock

Performance Factors Tabs

Performance Factors Assessment Review identified factors Determine applicability to supplier within the last 12 months Identify “Yes,” “No,” “Unknown” (UNK), or “N/A” Data analysis is a key component

Performance Factors Assessment (cont.) All Suppliers Higher Level Suppliers -11 quality requirements Contain minimum risk indicators that need to be addressed Dornier Aircraft Assembly Facility In Germany www.photos.com

Performance Factors All Suppliers Tab (1 of 5)

Performance Factors All Suppliers Tab (2 of 5)

Performance Factors All Suppliers Tab (3 of 5) Use DCMA Counterfeit Detection & Avoidance System Checklist

Performance Factors All Suppliers Tab (4 of 5)

Performance Factors All Suppliers Tab (5 of 5) Supplier Risk System (SRS) shall be reviewed for current risk indicators

Performance Factors –Higher Level Tab (1 of 3)

Performance Factors –Higher Level Tab (2 of 3)

Performance Factors –Higher Level Tab (3 of 3)

Exercise 5: Develop Performance Factors Pair with previous partner to answer Performance Factor questions in the in the Performance Factors All Suppliers and Higher Level tabs. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. One student open: ValleyForgings_PerformanceHistory.pdf Supplier Risk System (SRS) Save Risk Profile and Plan Time: 20 minutes

Identify Potential Risk Causes Document an explanation when negative performance exists. Review explanations against each applicable risk statement to identify relationships.

Identify Potential Risk Causes (cont.) Potential reasons why a risk statement will occur: Inspection or test process Product characteristic QMS clause Other contractual requirement  

Identify Potential Risk Causes Performance Factors Tab

Document Risk Profile and Plan Risk Cause Occurring Partial Audit Schedule & Interval Remarks & location of records All records filed on the P-Drive at p:/central/DCMA Huntsville/ Quality/Surveillance Records Document potential Risk Causes determined from evaluation of Performance Factors Assessment and Facility Process List on the Risk Profile and Plan Tool. Mandatory Available for GCQA Plan

Identify Risk Causes Using the Facility Process List Use the Facility Process List to identify processes that if uncontrolled would result in the risk statement occurring. Supplier Process In-House/ Subcontracted (Make or Buy) Notes: Include comments, Vendor or Facility Location, etc. as applicable Control of Purchases In-house Purchasing Department, Bldg 35 Calibration Calibration lab, Bldg 6 Welding Subcontracted Joe Welding, Inc. Milling Machine shop Heat Treat Snell House of Heat Treating Inc. Eddy Current Test/Inspection lab Document Control QMS process Leakage Test Environmental Test Lab, Bldg 12 Electrochemical Machining Acme Plating Co. Painting Paint shop

Identify Risk Causes Using the Facility Process List (cont.) In Standard Inspection (-2) contracts, with the default risk statement and no negative performance factors, the risk causes will include, as a minimum, the supplier’s: Inspection processes Testing processes Any special processes Supplier Process In-House/ Subcontracted (Make or Buy) Notes: Include comments, Vendor or Facility Location, etc. as applicable Control of Purchases In-house Purchasing Department, Bldg 35 Calibration Calibration lab, Bldg 6 Welding Subcontracted Joe Welding, Inc. Milling Machine shop Heat Treat Snell House of Heat Treating Inc. Eddy Current Test/Inspection lab Document Control QMS process Leakage Test Environmental Test Lab, Bldg 12 Electrochemical Machining Acme Plating Co. Painting Paint shop

Document Risk Profile and Plan Partial Audit Schedule & Interval Risk Cause Occurring Remarks & location of records All records filed on the P-Drive at p:/central/DCMA Huntsville/ Quality/Surveillance Records Performance Factor Welding Facility Process List Mandatory Available for GCQA Plan

Exercise 6: Risk Cause Identification Pair with previous partner to identify potential causes that could make the risk statements occur. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. One student open ValleyForgings_PerformanceHistory.pdf. Record the risk causes in the Risk Profile & Plan tab, Risk Causes column. Save Risk Profile and Plan. Time: 20 minutes

Assessing Risk Occurrence Likelihood Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 8: Assessing Risk Likelihood Likelihood Table in the Risk Profile and Plan Tool explains risk ratings: High Moderate Low Document likelihood ratings in the Risk Profile and Plan Tool. Lesson 4: Safety Stock

Risk Cause Likelihood Tab Facility Process List Risk Statement Generator Perf. Factors -11 Perf. Factors All Suppliers Risk Profile & Plan DC&A Plan Risk Cause Likelihood Table of Content

Risk Likelihood Assessment Determine the likelihood of occurrence for each risk cause identified. The more likely the risk cause is to occur, the more likely the risk statement will occur.

Risk Likelihood Assessment (cont.) Use the Risk Likelihood Table to rate the risk causes; ratings must be supported by data analysis The Likelihood Ratings shall be documented in the Risk Profile and Plan Risk Likelihood Table

Risk Cause Likelihood Table Performance data shows evidence of an inability to meet the contractual requirements No data available to show the Supplier’s ability to meet contractual requirements Performance data shows evidence that the contractual requirements will be met

Exercise 7: Risk Cause Likelihood Assessment Pair with previous partner to assess the likelihood of each potential risk cause occurring and document in the Risk Profile & Plan tab. One student open the saved Risk Profile and Plan Tool (xlsx) file to record the information. Use Risk Cause Likelihood table categories. Base likelihood on previously identified/reviewed information in other spreadsheet tabs. Save Risk Profile and Plan. Time: 20 minutes

Developing a Data Collection & Analysis Plan Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 9: Developing a Data Collection & Analysis Plan Document data in the DC&A Plan tab of the Risk Profile and Plan Tool to include: Data to collect Source of collected data Data analysis schedule Lesson 4: Safety Stock

Data Collection and Analysis Tab Facility Process List Risk Statement Generator Perf. Factors -11 Perf. Factors All Suppliers Risk Profile & Plan DC&A Plan Risk Cause Likelihood Table of Content

Data Collection & Analysis Plan The results of data analysis are a key component of likelihood rating.

Examining Risk Assessment Results Lesson Topics: Importance of QA Risk Assessment The QA Risk Assessment Process Initiating a Risk Profile Developing a Facility Process List Risk Consequence Writing Risk Statements Identifying Potential Causes of Risks Assessing Risk Likelihood Developing a Data Collection & Analysis Plan Examining Risk Assessment Results

Topic 10: Examining Risk Assessment Results Determine surveillance methods using completed Risk Profile and Plan Tool to include: Risk Statements Potential Risk Causes Document surveillance and update profile as necessary Lesson 4: Safety Stock

Examining Risk Assessment Results Supplier Risk Profile   GCQA Surveillance Schedule Last Risk Evaluation Performed: Latest Change/Update If the Risk Profile headings are properly filled out and this GCQA surveillance schedule is used as a component of the Risk Profile, then no additional headings are required for the GCQA Surveillance schedule. RP&P update Log Supplier Name: CAGE Code TABLE of CONTENTS DC&A Plan Address: QA Specialist Name: Facility Process List Plan Type Supplier POC Risk Statement Generator Contract Number Supplier POC Phone Perf Factors All suppliers Program: Highest Level Quality Requirement: Perf Factors Higher Level Sample Risk Profile Plan Surveillance Event Risk Statements (Use risk statements generated from Risk statement generator tab) Consequence of Risk Statement Occuring Risk Causes (Supplier Processes or Controls) Likelihood of Risk Cause Occurring Product Examination Process Review System Audit LOD Required? Remarks (See Consequence Indicators on RSG) (See Performance Factors) Frequency Intensity (AQL/Verification Level) Incremental or Single Event (Full) Interval Schedule QMS Baseline Completed Date (Procedures are Adequate) QMS Risk Based Start Date (QMS Deemed Compliant) QMS Element Review Frequency QMS Element Review Schedule Annual QMS Risk Assessment Date Document the vendor & location of LOD records in Remarks. Consequence RR #### Likelihood RR High Moderate Low Surveillance Plan Portion Mandatory Available for GCQA Plan

Risk Results Feed Surveillance Risk Statement Supplier fails to control processes impacting ballistic capability: Risk Impact Rating – High Potential Risk Cause Purchasing: Likelihood Rating - High

Example: Risk Statement Generator Automatic High Risk Impact Indicators High NA For each "yes" answer, write a Risk Statement or revise the Risk Statement to answer the question: “What do we want to make sure doesn’t happen?” 1. Is the product identified as a Aviation or Ship Critical Safety Item (CSI)? Yes No 2. Is the product a Non-Aviation or Non-Ship CSI? E.g. Life Support, Body Armor, Vehicle Armor, etc. 3.   Is the contract subject to Agency Level Memorandum of Agreement (MOA), Delegation of Authority (DOA) that include commitments associated with a high risk characteristic or process, e.g. Space & Missile MCI, Ammunition? 4.    Do the product specifications identify critical characteristics or processes? Supplier fails to control processes impacting ballistic capability. Supplier fails to control critical characteristics/processes.

Document Risk Profile and Plan Partial Audit Schedule & Interval Risk Cause Occurring Remarks & location of records All records filed on the P-Drive at p:/central/DCMA Huntsville/ Quality/Surveillance Records Performance Factor Welding Facility Process List Mandatory Available for GCQA Plan

Completed Risk Profile and Plan Partial Audit Schedule & Interval Surveillance Plan Portion Purchasing X Welding X Mandatory Available for GCQA Plan

Risk Results Feed Surveillance (cont.) Surveillance Methods System audit: Partial - Annually Process review: Purchase Orders (POs) - Full - Quarterly Product exam: Monthly sampling of POs, Acceptable Quality Level (AQL) 1.0

Completed Risk Profile and Plan Partial Audit Interval Schedule & Remarks & location of records All records filed on the P-Drive at p:/central/DCMA Huntsville/Quality/Surveillance Records Monthly sampling of POs AQL 1.0 X M Q A Welding X Mandatory Available for GCQA Plan

Reevaluate and Update Reevaluate consequence and likelihood ratings Changes in contract requirements Risk events or changes in performance Customer complaints, Corrective Action Requests (CARs), or data analysis Risk profile update Keep the profile current As applicable and annually as a minimum

Summary Having completed this lesson, you should now be able to: Explain the importance of QA risk assessment to GCQA surveillance planning. Outline the QA risk assessment process. Initiate a Risk Profile using the Risk Profile and Plan Tool. Develop a Facility Process List within the Risk Profile and Plan Tool. Assess the consequence of identified risks using the predefined conditions listed in the Risk Statement Generator of the Risk Profile and Plan Tool. Write a Risk Statement using the Risk Statement Generator in the Risk Profile and Plan Tool. Lesson 4: Safety Stock

Summary (cont.) Having completed this lesson, you should now be able to: Assess Performance Factors for all suppliers and those with higher-level requirements. Identify potential causes of an identified risk using the Facility Process List and the Performance Factors Assessment section of the Risk Profile and Plan Tool. Assess the likelihood that an identified risk cause will occur using the Likelihood Table in the Risk Profile and Plan Tool. Identify the DC&A tab, to include the data to collect, data source, and scheduling data analysis. Examine risk assessment results for use in GCQA surveillance planning. Lesson 4: Safety Stock

Questions

Review Question 1 What does a risk statement ask? The causes of uncontrolled processes The likelihood that a nonconforming product/service will be distributed The impact of providing a nonconforming product/service What the QAS wants to avoid

Review Question 2 Treat the product/service as a high risk During a risk consequence assessment, the QAS answers “No” to all questions on the Risk Statement Generator tab in the Risk Profile and Plan tool. What significance will this have with regard to surveillance planning? Treat the product/service as a high risk Treat the product/service as a low risk It has no risk consequence as all other questions are “Yes” Treat the product/service as high risk and write special surveillance instructions

Review Question 3 Why is the QA risk assessment important to GCQA surveillance planning? It helps sort through all the contract requirements and identify risk causes for GCQA surveillance It helps the QAS conduct data analysis Provides an effective means of determining the appropriate type and amount of GCQA Both A and C

Review Question 4 (Select all that apply.) Potential Risk causes are determined using the _____________________. Performance Factors Facility Process List Risk Likelihood Risk Statements

Case Study: Part 1 Contract Review and Assessment Students work in pairs to resolve Case Study Situation(s). Use the Case Study: Part 1 – Contract Review and Assessment document (CMQ101_M3_CaseStudy.pdf). Class review/discussion upon completion. Time: 30 minutes