The discussion of risk analysis should begin with the definition of the concept of risk. Generally speaking, it is the influence of uncertainty that will lead to a deviation from expectations.
It can also be explained as a combination of the consequences of an event and its associated probability of occurrence.
In contrast, a risk-based approach is activities that aim to achieve a better result. In connection with the above, when speaking about the requirements for risks and opportunities in the Quality Management System (QMS), we will take into account:
- organizational context from Chapter 4.1 of ISO 9001.
- take into account the interested parties and their requirements
- identify risks and opportunities
All these elements will be necessary to plan activities that will relate to risks and opportunities and how we will integrate these activities into the quality management system and its processes. It is also important to define the way in which we will evaluate the effectiveness of the actions taken.
Risk analysis in relation to the IATF requirement
If we are talking about risk analysis, which is included in the IATF 16949 standard, point 6.1.2.1 Risk Analysis [1], we will draw attention here to the fact that in our analysis there must be at least some areas that we must take into account.
These will primarily be conclusions from previous lessons, i.e. the so-called lessons learned, concerning:
- recurrence campaigns
- product audit
- warranty returns and repairs
- complaints and rejects
We should also remember about the sanctioned interpretation number 21 (SI 21), which, in addition to the risk analysis, adds the risk of cyber attacks on IT systems. With this activity, it is required to have documented information in the quality management system. Accordingly, our risk analysis will have to be documented.
The IATF 16949 standard also includes the concept of preventive action. They should be understood as actions that will eliminate the causes of a potential non-compliance or other potential undesirable situation. It is also a definition that can be found in the ISO 9000 terminology standard [2]. Please note that in our system, we must identify and implement measures that will eliminate these causes of potential nonconformities to prevent them from reoccurring.
Why? Because it is also important that the actions we take are appropriate to their importance. We will proceed differently in the case of measures to prevent recurrence of problems on the production line, and otherwise we will conduct preventive measures to avoid, for example, a recall campaign.
When it comes to preventive actions, in addition, we must have a process in place to reduce the impact of the negative effects of this risk. Earlier, we talked about a documented process, while for preventive actions, we should have a process of reducing the impact of negative effects of risk. It should concern:
- determining potential non-conformities and their causes
- assessing whether measures should be taken to prevent the appearance of non-compliance
- identifying and implementing and the actions needed
- documentation of information on the action taken
- review the effectiveness of the actions taken and the use of lessons learned in our system
Source:
- IATF 16949: 2016 Automotive Quality Management System Standard – edition 01.10.2016
- ISO 9000: 2015, Quality management systems. pt. 3.12.1
You can download an editable Excel form for free on the Free Quality Tools
Document name: Risk Analysis – Excel form
Agata Lewkowska
