AS9100:2016 is floating around in draft. I have read it and it doesn’t keep me awake at night. Risk assessment and management are still flavours of the month.
Tackling risk assessment and management can be intimidating, but if we can keep our heads when all around are losing theirs we shall not waste time and money. We should not lose sight of the business processes which are familiar to us and which we assess every day for their integrity and customer satisfaction.
I believe that we are looking at this horse from the wrong angle. Instead of treating risk assessment and management as a sort of cloudy project from which anything could appear to frighten us, why not start with the following from my Qualidoc Internal Audit Checklist which is based on the AS100C standard combined with ISO9001:2008 (2015)? There are 14 sets of questions covering all sections of the standards.The set below is for auditing Resource Management. If you use the responses to these questions as markers for your risk assessment and management you will have a good grasp of the requirements. I have left three numbered blank spaces at the end of each set of questions to allow the auditor’s mind to consider additional questions. IMH is short for I.M. Happy Company.
|Have training needs been identified for all personnel whose job activities affect the quality system?|
|Have personnel been trained in processes identified in the Quality Assurance Procedures?|
|Have training and certification records been maintained for personnel involved with quality control, purchasing and production?|
|Are personnel aware of the importance of their activities, and their effect on the quality system and company quality objectives?|
|Are resources available to implement, maintain and continually improve the quality management system?|
|Are personnel competent on the basis of appropriate education, training, skills and experience?|
|Has the necessary competence been established at a suitably early stage for personnel performing work affecting product conformance, especially critical parts and customer special requirements?|
|Has the appropriate infrastructure been determined, provided and maintained to achieve product requirements, including (as applicable):|
|Has the working environment been assessed to determine the environment needed to achieve product conformity; e.g., noise level, temperature, humidity, lighting or weather?|
|Is the corporate risk management strategy known to all personnel?|
|Has the Audit Plan been updated to reflect persistent nonconformances?|
|Do the results from this section affect any other sections of the Quality System Audit Checklist?|
|Have the RISKS associated with the above questions been assessed and risk management assigned to the appropriate IMH responsibility and authority?|
For example, if the answer to “Has the Audit Plan been updated to reflect persist nonconformances” is “No”, then what are the risks attached to this omission? We are simply looking at consequences for our behaviour. Once you consider the answers to these questions, they will open up risks and once we think of risk assessment and management in these terms, they are not so intimidating. Also it does not depend on numbers but on the judgement of experienced people.
There are risks inherent in every business process, but if you start with the questions I have put together, from which you can establish the integrity of your quality system, you will be able to face an assessors’ questions with equanimity.