Tag: preventative action

By Paul Harbath, Quality Management Consultant

In AS9100D “Risk Based Thinking” is considered a basic principle of an effective quality system. In the part 1 and part 2, we discussed how to identify potential risks and how to quantify the risks in your quality management system. In this final tip for risk based thinking we will discuss how to mitigate and control unacceptable risk.

To meet the “Risk Based Thinking” requirement your quality system must retain documented evidence that the following happens regularly:

• Identify potential risks in your quality management system
• Analyze and evaluate the risks
• Mitigate, control and monitor unacceptable risk

Last week we talked about using the FMEA process to quantify risk. The RPN (Risk Priority Number) represents the level of risk. If the RPN number is larger than 100 we need to consider taking action. The actual RPN number for action is up to you but usually 100 is a good starting point.

In the visual above the RPN numbers for how scheduling affects on-time delivery is above our acceptable risk level therefore we need to consider taking action.

First we might evaluate the current state of our scheduling system then create a plan to make changes. After implementing the plan we check the performance to see if it has improved. If it has we put controls in place to assure our new process stays in place. If not we repeat the process until our scheduling system no longer causes late orders.

It is important that you retain the documented information in your system to show evidence that action was considered for high risk items. I usually recommend that this risk evaluation process be part of your regular management review.

Risk analysis can seem complicated at first. Take the time to learn the process it is one of the most valuable processes in your business management toolkit.

Paul Harbath is an industry expert with over 30 years of hands on experience in helping small manufacturers understand/implement quality management systems and lean/6-Sigma. Paul has a demonstrated ability to connect with the value adding employees by simplifying complex technical issues. Connect with him on LinkedIn.

By Paul Harbath, Quality Management Consultant

In AS9100D “Risk Based Thinking” is considered a basic principle of an effective quality system. Last week we discussed how to identify potential risks in your quality management system.

To meet the “Risk Based Thinking” requirement your quality system must retain documented evidence that the following happens regularly:

• Identify potential risks in your quality management system
• Analyze and evaluate the risks
• Mitigate, control and monitor unacceptable risk

This week we will discuss how to “analyze and evaluate” the potential risks you have identified.

There are two broad types of risk assessment/evaluation:

• Qualitative risk analysis
• Quantitative risk analysis

Qualitative risk analysis is the process of prioritizing risks for further analysis by assessing the probability of occurrence and potential impact of each risk. There are simple diagrams like probability/impact matrix, balanced scorecard, expected value and others that can be used to determine the qualitative risk.

Quantitative risk analysis is the process of numerically analyzing the effect of potential risks. Even though there are other methods to create the numerical value of quantitative risk the primary tool is FMEA.

Failure Mode Effects Analysis (FMEA) is a tool that uses the 3 categories to create a numerical value for the potential risk.

The three categories are:

• Severity – If the risk were to happen how severe would it be for you or your stakeholders?
• Occurrence – How often does your team think the risk could potentially happen?
• Detection – How confident are you in your systems ability to “detect and control” the risk if it were to occur?

Each of these three categories are rated using a value from 1-10. The ratings are defined in tables like the one below.

After rating each of the three categories the values are multiplied together to get an RPN (Risk Priority Number) that represents the significance of the risk. In the example below two of the potential risks of not meeting our customers’ on-time delivery expectations are above the acceptable RPN value.

The calculated RPN value represents the numerical value of the significance of the risk. You will define an RPN value that requires mitigation of the risk. In the case above we have defined an RPN value greater than 100 requires evaluation of action to reduce the risk.

The process above can seem complicated but after you have done it once you will find the process relatively easy.

There are many great references on risk management. One of my favorites is the “Risk Management – Memory Jogger”. These references can help you create a formal method for meeting the “Risk Based Thinking” requirements of AS9100D.

In part 3 of AS9100D tips on risk based thinking we will discuss how to mitigate, control and monitor unacceptable risk.

Paul Harbath is an industry expert with over 30 years of hands on experience in helping small manufacturers understand/implement quality management systems and lean/6-Sigma. Paul has a demonstrated ability to connect with the value adding employees by simplifying complex technical issues. Connect with him on LinkedIn.

By Paul Harbath, Quality Management Consultant

In a AS9100D “Risk Based Thinking” is considered a basic principle of an effective quality system. The concept of “preventive action” has been eliminated in AS9100D and replaced with “Risk Based Thinking”.

To meet this requirement your quality system must have evidence that the following happens regularly:

• Identify potential risks in your quality management system
• Analyze and evaluate the risks
• Mitigate, control and monitor unacceptable risk

First let’s talk about ways to identify potential risks. Standard SWOT analysis, cause and effect diagram, affinity diagram or other brainstorming processes are all effective methods to identify potential risks. The key to identification is to consider your customers’ expectations and the potential risk of not meeting these requirements.

Let’s use a cause and effect diagram as an example. In the box on the right of the cause and effect diagram the effect is written. In our case the effect would be: “Not meeting our customer expectations”. Here’s an example of what the diagram might look like.

Remember that risk identification should include the key people in the organization. The leadership and possibly some of the key shop members should be part of the brainstorming. Also be sure that this evaluation is “retained as documented evidence” of your quality system. In most cases I would recommend that you make it part of your regular AS9100D management review.

There are many great references on risk management. One of my favorites is the “Risk Management – Memory Jogger”. These references can help you create a formal method for meeting the “Risk Based Thinking” requirements of AS9100D.

Paul Harbath is an industry expert with over 30 years of hands on experience in helping small manufacturers understand/implement quality management systems and lean/6-Sigma. Paul has a demonstrated ability to connect with the value adding employees by simplifying complex technical issues. Connect with him on LinkedIn.