What is risk? : Risk of something happening that will have an effect on objectives; measured in terms of consequences and likelihood (AS/NZS 4360:1999—“Risk Management,”)
What is risk management? : It is the culture, processes, and structures that are directed toward the effective management of potential opportunities and adverse effects.
Examples of risk managementCompetition forces companies to develop products faster as markets become specialized and customers demand more. Companies realize that they can’t keep pace with customer demands, so they rely on suppliers to design new marketplace offerings to improve their products. Collaborations become more critical, and product-timing risks increase. If products reach the market too early, there is insufficient demand; if too late, the crucial buy window is missed.
Much like The Boeing Co., which adopted a business model that emphasizes outsourcing and supply management. The model is: Design the core product, outsource the core assembly (up to 85% of manufacturing dollars), assemble the complete product, test the product to ensure compliance, and then manage the Boeing brand. But Boeing didn’t anticipate the risks involving its fastener supplier, which delayed the 787’s market introduction by many months.
U.S. Homeland Security would like womb-to-tomb traceability of shipments based on source and product risks. Incoming shipments can be a terrorist vector or delivery mechanism for chemical, biological, high-explosive, radiological, and nuclear terrorism. The federal government is moving rapidly toward supply chain security using Customs-Trade Partnership Against Terrorism compliance audits, 100-percent container inspection, radio frequency tagging of containers, issuance of biometric IDs to port workers, supplier profiling, and fewer “less than truckload” shipments. These change the just-in-time supply chain model to a ‘just-in-case’ risk model.
Product development is a global activity. Automobiles may be designed in Los Angeles and assembled in Ohio from parts manufactured throughout the world. Managing worldwide, disparate suppliers requires project risk management. It is the ability to anticipate project problems and obstacles that may hinder the project from achieving objectives within cost, schedule, and quality constraints.
The risks represented by imported products and food are now issues of public safety and homeland security. It is proposed to improve the safety of imported products by focusing on preventing nonconformances and controlling risks. You can’t inspect all incoming goods to protect consumers from possible harm. One system is, the government would collect the data, identify safety hazards along the entire life cycle of imported products, and manage risks proactively and preventively. The change from an inspection-focused strategy to a risk-based approach emphasizes prevention with verification and validation.
Risk management standards and modelsISO is developing ISO/DIS 31000--”Risk management--Principles and guidelines on implementation.” The critical elements of the standard are:
• Risk identification. Identifies the sources of risk, risk events, and their potential consequences
• Risk analysis. Analyzes the causes and source of the risks and the likelihood that they will occur
• Risk evaluation. Determines whether risks need to be addressed and treated
• Risk treatment. Determines strategies and tactics to mitigate or control risks
ASME ITI has developed Risk Analyses and Management for Critical Asset Protection (RAMCAP) for the U.S. Homeland Security as a guidance document for assessing risk analysis and risk management for critical infrastructure assets.
Advantages of risk-based decision makingAn interesting management phenomenon occurred during the last decade. Approximately 10 years ago, quality was the critical filter in high-level management decision-making. Then it evolved to price, which led to the global rush to find offshore suppliers and eventually to massive outsourcing. Price evolved into the total cost of ownership, and quality became a less compelling issue to senior management.
So, what’s the primary filter for senior management decision making now? Risk management. Why is risk management so critical these days? Four reasons:
• Risk is inherent in globalization and outsourcing.
• Executives don’t want to be blindsided, and they feel uncomfortable with uncertainty.
• Executives want to manage outcomes and stakeholder expectations.
• Bottom line: Risk management is preventive and predictive, not reactive.
- From “Risk Management- The Future of Quality” by Greg Hutchins (www.qualityplusengineering.com) in Quality Digest
Monday, January 26, 2009
Monday, January 19, 2009
ISO 9001:2008 - What’s New?
This ‘fourth edition’ of the Standard was released on the 15th November 2008. It is not a revision but it only introduces amendments, clarifications and some additional ‘Notes’. It also aims to increase compatibility with ISO 14001:2004.
While there are many cosmetic changes and those based on semantics, here is an abbreviated list of the notable differences between the 2000 and 2008 versions:
1. Cl 1.1: The definition of the term ‘Product’ now includes also ‘any intended output resulting from the product realization process’.
2. Cl 4.1 : There are a number of additional requirements as regards outsourced processes. One is, ‘The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system’. The meaning of ‘outsourced product’ is now made clear as a process that is needed for the QMS (specially with respect to Cls. 7.2.1 and 7.4) but is chosen to be performed by an external agency. An additional note makes it clear that outsourcing will not absolve the company of the responsibility for conformity to requirements. The note also covers how the company can decide on the extent of control to be exercised on the BPO. For greater ‘officail’ clarification on the term ‘outsourced processes’, see the ISO site at: http://isotc.iso.org/livelink/livelink/3553354/Outsourced.doc?func=doc.Fetch&nodeid =3553354
3. Cl 4.2.1 : It is now made very clear that records also are treated as documents and you determine which records are necessary for effective planning, operation and control of your processes.
4. Cl 4.2.3 : Now you need to determine which of the external documents are necessary for the planning and operation of the QMS and control their distribution. This eliminates the earlier vagueness on this subject.
5. Cl 4.2.4 : This again emphasizes that Records also must be controlled.
6. Cl 7.5.3 : While the 2000 version mentioned that the product status shall be identified with respect to monitoring and measurement requirements, now it is made clear that this applies throughout the product realization.
7. Cl 7.6 : In the 2000 version, there was a note which suggested seeing ISO 10012 parts 1 & 2 (QA systems for measuring equipments) for reference; this note is now removed. Instead, a note is added suggesting that the suitability of computer software may be checked by verification and by configuration management.
8. Cl 8.2.1 : The 2000 version states only that the method of obtaining customer perception ‘shall be determined’. Now a new note points out that this can be done through Customer Satisfaction surveys, customer data on product quality, user opinion survey, lost business analysis, compliments, warranty claims and dealer reports.
9. Cl 8.2.3 : A change has been now made to show that correction and corrective action to meet the planned results of the QMS are not just for the product conformity but cover the system conformity. And a Note is added to say that the type and extent of measurements could be based on the nature of the process impacting on the product and the QMS.
10. 8.5.2 & 8.5.3 : Now it is not sufficient to only ‘review’ the corrective and preventive actions but you have to review their effectiveness.
It is worthwhile noting that the certification to ISO 9001:2000 will be valid till 14th November 2010; but all recertifications and new certifications will be only to the 2008 version from November 2009. You can get your certifying body to audit you to the 2008 edition during the forthcoming surveillance audit itself.
- Ref: Annexure B of ISO 9001:2008
While there are many cosmetic changes and those based on semantics, here is an abbreviated list of the notable differences between the 2000 and 2008 versions:
1. Cl 1.1: The definition of the term ‘Product’ now includes also ‘any intended output resulting from the product realization process’.
2. Cl 4.1 : There are a number of additional requirements as regards outsourced processes. One is, ‘The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system’. The meaning of ‘outsourced product’ is now made clear as a process that is needed for the QMS (specially with respect to Cls. 7.2.1 and 7.4) but is chosen to be performed by an external agency. An additional note makes it clear that outsourcing will not absolve the company of the responsibility for conformity to requirements. The note also covers how the company can decide on the extent of control to be exercised on the BPO. For greater ‘officail’ clarification on the term ‘outsourced processes’, see the ISO site at: http://isotc.iso.org/livelink/livelink/3553354/Outsourced.doc?func=doc.Fetch&nodeid =3553354
3. Cl 4.2.1 : It is now made very clear that records also are treated as documents and you determine which records are necessary for effective planning, operation and control of your processes.
4. Cl 4.2.3 : Now you need to determine which of the external documents are necessary for the planning and operation of the QMS and control their distribution. This eliminates the earlier vagueness on this subject.
5. Cl 4.2.4 : This again emphasizes that Records also must be controlled.
6. Cl 7.5.3 : While the 2000 version mentioned that the product status shall be identified with respect to monitoring and measurement requirements, now it is made clear that this applies throughout the product realization.
7. Cl 7.6 : In the 2000 version, there was a note which suggested seeing ISO 10012 parts 1 & 2 (QA systems for measuring equipments) for reference; this note is now removed. Instead, a note is added suggesting that the suitability of computer software may be checked by verification and by configuration management.
8. Cl 8.2.1 : The 2000 version states only that the method of obtaining customer perception ‘shall be determined’. Now a new note points out that this can be done through Customer Satisfaction surveys, customer data on product quality, user opinion survey, lost business analysis, compliments, warranty claims and dealer reports.
9. Cl 8.2.3 : A change has been now made to show that correction and corrective action to meet the planned results of the QMS are not just for the product conformity but cover the system conformity. And a Note is added to say that the type and extent of measurements could be based on the nature of the process impacting on the product and the QMS.
10. 8.5.2 & 8.5.3 : Now it is not sufficient to only ‘review’ the corrective and preventive actions but you have to review their effectiveness.
It is worthwhile noting that the certification to ISO 9001:2000 will be valid till 14th November 2010; but all recertifications and new certifications will be only to the 2008 version from November 2009. You can get your certifying body to audit you to the 2008 edition during the forthcoming surveillance audit itself.
- Ref: Annexure B of ISO 9001:2008
Subscribe to:
Posts (Atom)