Presented By: Daniel J. Brown, CQA Risk Management Presented By: Daniel J. Brown, CQA Copyright 2010 DB Performance Solutions, LLC

Risk Impact Examples 2

Risk Analysis & Mitigation Matters Risk Impacts Everyone Reduce the Probability of Lawsuits Reduce Liability Insurance Costs Improve Customer Relationships Improve Supplier Relationships Reduce Direct and Indirect Costs

What is Risk? A risk is a potential future event that could result in adverse and unplanned consequences A risk is NOT a problem, an issue or a crisis! Risk is also a measure of the potential inability to achieve overall program objectives within defined cost, schedule and technical constraints* *Reference: Risk Mgt Guide for DoD Acquisition, 4th Edition, June 2003

Risk and Standards Many standards require risk management: AS 9100 ISO 13485 ISO 22000 & SQF TS 16949 ISO 9001 ISO 9004 (guidance)

ISO 9001:2008 0.1 General The adoption of a quality management system should be a strategic decision of an organization The design and implementation of an organization’s quality management system is influenced by: Its organizational environment, changes in that environment, and the risks associated with that environment

ISO 9004:2009 4.2 Sustained Success…to achieve sustained success top management should Identify associated short and long-term risks and deploy an overall strategy…to mitigate them

ISO 9004:2009 Continued Also referenced at: 4.3 Organizational Environment 5.3.1 Strategy 6.1 Resource Management 6.5 Infrastructure 6.7.4 Technology 7.2 Process Planning and Control 8.3.1 Measurement 8.3.3 Internal Audit 8.4 Analysis 8.5 Information Review 9.3.5 Innovation Risks

Where to Look for Risk Processes Products Program plans Consider Change Control Process Processes Program plans Structured Independence Processes Mission Assurance Plan (MAP) Defining of risk controls Equipment Products Product Meets Requirements Reliability program requirements Critical items control & management Mission/Product Assurance Processing induced hazards Standards & Regulations Realization Process Risk Planning Contracts Design Procurement Manufacturing Inspection Approvals Behaviors Risk Identification Analysis & Prioritization Elevation of risk (communication) Mitigation Decision Making Human factors skill / training Defined Competency Areas Of Risk Focus Product Process Behaviors

Risk Management (per ISO 31000) Create value Be an integral part of organizational processes Be part of decision making Explicitly address uncertainty Be systematic and structured Be based on the best available information

Risk Management (per ISO 31000) Be tailored Take into account human factors Be transparent and inclusive Be dynamic, iterative and responsive to change Be capable of continual improvement and enhancement Copyright 2010 DB Performance Solutions, LLC 11/13/2018

Measurement & Feedback Risk Management Risk Management encompasses: Identification Prioritization Measurement & Feedback Mitigation Each applies equally to PROCESS and PRODUCT associated risks!

Things Gone Wrong/Things Gone Right FEEDBACK MECHANISMS Make certain that RISK IDENTIFICATION includes past experience from related products: Things Gone Wrong/Things Gone Right Corrective Actions Adverse Event Reports Previous Complaints Customer Feedback

Common Risk Identification Tools FMEA HACCP Cause/Effect Diagram 5 Whys Preliminary Hazard Analysis Fault Tree Analysis

Common Risk Prioritization Tools FMEA HACCP Impact/Effort Matrix Severity / Frequency Matrix Pareto Analysis

Common Risk Mitigation Tools Strategic Planning Control Plans Team Based Problem Solving (8-D) Error-Proofing Training/Awareness Guarding/E-stops/Seals On Site Supplier Audits Design for: Reliability Maintainability Manufacturability

Risk Considerations Consider how risk responsibilities vary? Program: Cost, schedule, technical Sales & Contracts: Understanding of user needs/ requirements, comparison of user needs to organizational capabilities Production Planning: Applying “appropriate” methods Consider how risk increases between processes? Potential failure while “baton” is passed Risk Management Processes Auditors Audit People Are These People We have Audited in the Past Do We Ask Them The Risk Based Questions Auditors Should Have A Line Of Questioning For Each Type of Function See SR/CI Discussions Audience Interaction 17

Risk vs. Company Size Varying Applicability to Different Functions Risk Processes…..appropriate to the product and the organization Risk Management Processes Auditors Audit People Are These People We have Audited in the Past Do We Ask Them The Risk Based Questions Auditors Should Have A Line Of Questioning For Each Type of Function See SR/CI Discussions Audience Interaction

Risk vs. Company Size Continued… Engineering: Design, technology capability Supplier Management: Supplier capability, interface, etc. Purchasing: Vendor capability, risk/criticality communication, others Manufacturing: Applying “appropriate” methods Inspection: Independent verification Individuals: Application of risk to option decisions Risk Management Processes Auditors Audit People Are These People We have Audited in the Past Do We Ask Them The Risk Based Questions Auditors Should Have A Line Of Questioning For Each Type of Function See SR/CI Discussions Audience Interaction 19

Product and Technical Risk Considerations Complexity of design Criticality of product for end use New or unproven process or technology Organizational capability to design or build New or unproven process to organization New technology to company New or unproved subcontractor Items or requirements that have potential risk

Personnel Risk Considerations (Human Factors) Risk Behaviors (Employees, Customers) Knowledge of identified risks Knowledge of process options Application of identified risk topics to process options Risk Considerations Preventing deliberate actions Preventing accidental actions Risk Process is not Limited to Individuals QMS Is Made up of a Collective Of individuals Similar to QMS Philosophies, How do Individuals Work Together In A Risk Management Process 21

Risk Management & Preventive Action Many companies struggle with Preventive Actions ALL ACTIONS TAKEN AS A RESULT OF RISK ANALYSIS QUALIFY AS PREVENTIVE ACTION! Improves the client’s bottom line, compliance, and corporate liability

Evaluating Risk Effectiveness CAPA System Internal Audit Returns/Warranties/Complaints Internal Failures

Risk & Management Review [Management] review shall include assessing opportunities for improvement and the need for changes to the quality management system… Does this not meet the expectations of Risk Management as well? With this understanding, we can change the context of the review to become a “Risk Management Review”

Risk Management Review What are the results of the Key Metrics? What risks does this bring? What risks have been reduced due to Internal Audits? What risks were identified in External Audits? What risks were detected by our CAPA System?

Risk Management Review What risks escaped detection and caused complaints/rework/warranty? Have the risk management plans been updated accordingly? What external changes can impact our risk? What additional or transferred resources are required to minimize risks?

Risk Management Reduces Liability Share (elements of) the Risk Management Plans with those who share your liability: Bank(s) Insurers Shareholders Key Customers Liability costs should go down since overall liability is reduced

DB Performance Solutions, LLC Questions? Contact Dan Brown DB Performance Solutions, LLC 312-615-3530 www.dbpsllc.us danbrown@dbpsllc.us