Company Confidential Registration Management Committee (RMC) 1 How to Audit Risk Management Atlanta, GA July 22 & 23, 2010 Kimberly Maggie Ron Tarach QUAL-TECH,

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.
1
Chapter 7 System Models.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
1 Balloting/Handling Negative Votes September 22 nd and 24 th, 2009 ASTM Virtual Training Session Christine DeJong Joe Koury.
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
for Cabin Safety Inspectors
Objectives To introduce software project management and to describe its distinctive characteristics To discuss project planning and the planning process.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Module N° 9 – SMS operation
Create an Application Title 1A - Adult Chapter 3.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Modern Systems Analyst and as a Project Manager
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Part Three Markets and Consumer Behavior
1 According to PETROSAFE safety policy, the company is keen that: Introduction All Egyptian Petroleum companies and foreign companies working in A.R.E.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Week 2 The Object-Oriented Approach to Requirements
EMS Checklist (ISO model)
Chapter 5 – Enterprise Analysis
Turing Machines.
Effectively applying ISO9001:2000 clauses 6 and 7.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
PP Test Review Sections 6-1 to 6-6
Customer Service.
EU market situation for eggs and poultry Management Committee 20 October 2011.
EU Market Situation for Eggs and Poultry Management Committee 21 June 2012.
Bright Futures Guidelines Priorities and Screening Tables
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Chapter 3 Basic Logic Gates 1.
Checking & Corrective Action
Why Do You Want To Work For Us?
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
IT Project Management Puspandam katias Carol, et-all, Managing Information Technology, Pearson Prentice Hall, New Jersey,
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
Analyzing Genes and Genomes
Systems Analysis and Design in a Changing World, Fifth Edition
Setting Product Strategy
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
1 Phase III: Planning Action Developing Improvement Plans.
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Overall Audit Plan and Audit Program
Energy Generation in Mitochondria and Chlorplasts
Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.
Company Confidential Registration Management Committee 1 AS9110 Alignment to Federal Aviation Regulations (FARs) and Original Equipment Manufacturers(OEMs)
Implementing Strategy in Companies That Compete in a Single Industry
Aviation Management System 1 2  Silver Wings Aircraft Aviation Management System represents a functional “high – end” suite of integrated applications.
Chapter 14 Fraud Risk Assessment.

Quality Management Systems – Requirements
Presentation transcript:

Company Confidential Registration Management Committee (RMC) 1 How to Audit Risk Management Atlanta, GA July 22 & 23, 2010 Kimberly Maggie Ron Tarach QUAL-TECH, INC. Auditor Workshop Atlanta, GA July 22-23, 2010

Registration Management Committee (RMC) Atlanta, GA July 22-23, Agenda What is Risk? Risk Management Process Examples Risk Management Criteria Auditor perceptions of Risk Management Risk Management Tools –Auditor knowledge of tools and actions

Registration Management Committee (RMC) Atlanta, GA July 22-23, Agenda (continued) Audit Planning –Audit Planning Tools Activity 1 - Brainstorming session using Audit Planning Tool Conducting the Audit of Risk Management Process –Examples of areas to evaluate Activity 2 - Brainstorming session using Case Study and Failure Modes and Effects Analysis (FMEA)

Registration Management Committee (RMC) Atlanta, GA July 22-23, Ice Breaker!

Registration Management Committee (RMC) Atlanta, GA July 22-23, What is Risk? An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence. AS9100:2009, clause 3.1

Registration Management Committee (RMC) Atlanta, GA July 22-23, “Risk is inherent in all processes. Unfortunately, we don’t see the results of ineffective risk management methods until later”.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Process –Most organizations spend a great deal of time and manpower trying to document “Risks” but many times this data is decentralized and not easily accessible to the functions that need this information. –Process manufacturing can be so complex that “Risks” can be very subtle and if there is not a structured “Risk Management Process” that takes advantage of corporate knowledge, lessons learned an organization’s exposure to “Risk” can remain high.

Registration Management Committee (RMC) Atlanta, GA July 22-23,

Registration Management Committee (RMC) Atlanta, GA July 22-23, Examples of Risk Management Criteria »Understanding the types of risk that could come into a company. They could be related to Employees Process Design Manufacturing Equipment Environment Project Security

Registration Management Committee (RMC) Atlanta, GA July 22-23, Examples of Risk Management Criteria »Understanding the types of risk that could come into a company cont. External Contractor

Registration Management Committee (RMC) Atlanta, GA July 22-23, Examples of Risk Management Criteria (continued) –Employees – the organizations need to ensure the safety, training, and qualifications of employees. –Process – managing process variation. –Design – building quality into the product design from the start, including it’s affect on planning. –Manufacturing – ensuring that manufacturing is more efficient with streamlined quality planning.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Criteria for Risk Management Process (continued) –Equipment – ensuring that equipment can meet capabilities, current and future. –Environment – ensuring that the operations are not compromising the environment (adequate lighting, temperature control, noise, cleanliness, etc). –Security – managing the security needed by the facility. –Project – ensuring project risks are evaluated before beginning.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Criteria for Risk Management Process (continued) –External – developing plans to address the potential impact of weather, issues with transportation companies, city infrastructure (relating to construction, road closures). –Contractor – ensuring impact is considered for contractors working on the building, equipment, or with employees.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Auditor Perceptions of Risk Management That’s the way we identified and handled risk when I worked at Aviation Anywhere, Inc. When I audited a Original Equipment Manufacturer (OEM) last month they were using FMEAs. This little company only uses tool XYZ – they can’t be managing risk properly.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Auditor Perceptions of Risk Management (continued) “Remember, the design and implementation of an organization’s aerospace quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization.” AS9100:2009 General

Registration Management Committee (RMC) Atlanta, GA July 22-23, Auditor Perceptions of Risk Management (continued) Organizational application of Risk can vary based on situation, customer, product line. Audit approach & interviewing will need to be appropriate to the organization. Remember, what is “Appropriate” to the organization.

Registration Management Committee (RMC) Atlanta, GA July 22-23,

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools –FMEAs e.g. dFMEA, pFMEA, etc. –Fault Tree Analysis (FTA) –Probabilistic Risk Assessment (PRA) –Event Tree Analysis (ETA) –Event Sequence Diagram (ESD) –Master Logic Diagrams (MLD) –Reliability Block Diagram (RBD)

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools (continued) –Risk Assessment Matrix –Likeliness/Consequence Table –SWOT (Strength Weakness Opportunity Threat) –Business Continuity/Current Capability Matrix –Risk Map and Control Scale

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools (continued) –Auditor knowledge of tools and actions »No one auditor has experience with all the tools available in the industry and how they are used. »Familiarize your self with the various Risk Management Tools (self study).

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk controlled – or “Oh No”?

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools (FMEA)

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools (Influencer Analysis)

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools (Risk Consequence)

Registration Management Committee (RMC) Atlanta, GA July 22-23, Risk Management Tools

Registration Management Committee (RMC) Atlanta, GA July 22-23, Audit Planning –Selecting the right audit tool. –Identifying your audit criteria and any reference documents. –Identifying your audit scope, including identification of the organizational and functional units and processes to be audited. –Identifying an appropriate audit scope.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Audit Planning Tools –Process (Turtle) Tool –Process Map Tool –Supplier Input Process Output Customer (SIPOC) Form –Process Based Management (PBM) Process Flow

Registration Management Committee (RMC) Atlanta, GA July 22-23, Process (Turtle) Tool With What (Materials, Equipment, Facilities) With What (Materials, Equipment, Facilities) Inputs (information and material from other processes) Inputs (information and material from other processes) How? (Methods/Procedures/Techniques How? (Methods/Procedures/Techniques With Who? (Comp./Skills/Training) With Who? (Comp./Skills/Training) Outputs (information and Material to other processes Outputs (information and Material to other processes How Effective/Efficient? (Measurable Objective) How Effective/Efficient? (Measurable Objective) Process

Registration Management Committee (RMC) Atlanta, GA July 22-23, Process Map

Registration Management Committee (RMC) Atlanta, GA July 22-23, Supplier Input Process Output Customer (SIPOC) Form

Registration Management Committee (RMC) Atlanta, GA July 22-23, Process Based Management (PBM) Process Flow

Registration Management Committee (RMC) Atlanta, GA July 22-23, Activity 1 - Brainstorming session using Audit Planning Tool

Registration Management Committee (RMC) Atlanta, GA July 22-23, Process (Turtle) Tool (Design) With What Risk Management Software Forms Documents With What Risk Management Software Forms Documents Inputs Customer, Internal Organization, Regulatory, Statutory Special Requirements (e.g. product or process complexity) Critical Items (functions, parts, software, characteristics, processes) Inputs Customer, Internal Organization, Regulatory, Statutory Special Requirements (e.g. product or process complexity) Critical Items (functions, parts, software, characteristics, processes) How? AS9100, AS9110 and AS9120 Standards Quality Manual Standard Operating Procedure for Contracts FMEA Risk Assessment Matrix How? AS9100, AS9110 and AS9120 Standards Quality Manual Standard Operating Procedure for Contracts FMEA Risk Assessment Matrix With Who? Sales Engineering Production Quality With Who? Sales Engineering Production Quality Outputs Design Planning Production Purchasing Suppliers Shipping Outputs Design Planning Production Purchasing Suppliers Shipping How Effective/Efficient? Customer complaints In process/final rejection Design verification/validation How Effective/Efficient? Customer complaints In process/final rejection Design verification/validation Process Contract Review - Risk Management Process Contract Review - Risk Management Outputs Drawing/Spec Travelers Routers Work Orders Inspection Reports Outputs Drawing/Spec Travelers Routers Work Orders Inspection Reports

Registration Management Committee (RMC) Atlanta, GA July 22-23, Process (Turtle) Tool (Design Excluded) With What Risk Management Software Forms Documents With What Risk Management Software Forms Documents Inputs Customer, Internal Organization, Regulatory, Statutory Special Requirements (e.g. product or process complexity) Critical Items (functions, parts, software, characteristics, processes) Inputs Customer, Internal Organization, Regulatory, Statutory Special Requirements (e.g. product or process complexity) Critical Items (functions, parts, software, characteristics, processes) How? AS9100, AS9110 and AS9120 Standards Quality Manual Standard Operating Procedure for Contracts FMEA Risk Assessment Matrix How? AS9100, AS9110 and AS9120 Standards Quality Manual Standard Operating Procedure for Contracts FMEA Risk Assessment Matrix With Who? Sales Engineering Production Quality With Who? Sales Engineering Production Quality Outputs Planning Production Purchasing Suppliers Shipping Outputs Planning Production Purchasing Suppliers Shipping How Effective/Efficient? Customer complaints In process rejection Final rejection How Effective/Efficient? Customer complaints In process rejection Final rejection Process Contract Review - Risk Management Process Contract Review - Risk Management Outputs Travelers Routers Work Orders Inspection Reports Outputs Travelers Routers Work Orders Inspection Reports

Registration Management Committee (RMC) Atlanta, GA July 22-23, Conducting the Audit of Risk Management Process –Examples of areas to evaluate »Are all “Risk” identified during the RFQ and Contract Review Process e.g. special requirements, critical requirements. »Ensure Top management clearly understands what “Risks” they have and what they are doing to ensure they are mitigating those “Risk”. »Evaluate the selected Risk Management Tool for effectiveness. »How are “Risks” communicated and managed throughout the organization e.g. Design, Planning, Purchasing, Suppliers, Manufacturing, Inspection, Delivery and Post Delivery. »Design inputs, Design FMEAs, Design Verification and Validation.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Conducting the Audit of Risk Management Process –Examples of areas to evaluate continued »Critical characteristics across the quality lifecycle, ensuring the Process FMEAs and Control Plans are linked. »Processes in place for capturing leading and lagging indicators related to Design Quality Performance. »Evaluate whether the organization has closed loop Continual Improvement Processes that captures and sustains Product and Process Quality. »Organization is using Lessons Learned and Best Practices.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Conducting the Audit of Risk Management Process –Examples of areas to evaluate continued »Ensure organization’s Change Management Process involves the right people at the right time with the right process. »Ensure integration of Change Management with assessments to ensure correct consideration of “Risk”. »Ensure “Risk Assessment” tracked, recommended controls to completion and ensured that “Risk” were mitigated as prescribed. »Ensure controls are in place for “Risk” that still remain after mitigation actions.

Registration Management Committee (RMC) Atlanta, GA July 22-23, Activity 2 - Brainstorming session using Case Study and FMEA

Registration Management Committee (RMC) Atlanta, GA July 22-23, Closing!

Registration Management Committee (RMC) Atlanta, GA July 22-23, Questions!

Registration Management Committee (RMC) Atlanta, GA July 22-23, References 1.AS9100: ISO FAA Risk Management Handbook NASA