Risk management in the Automotive sector

In the era of increasing volatility, uncertainty, complexity and ambiguity of the world, the experiences of companies show instability and a tendency to risk, which can surprise virtually every company in the world.

Despite clear concepts and common sense about the importance of risk management in the automotive market, this process is becoming increasingly important and critical. The daily characterization associated with the concept of risk, combined with the statistical nature of all the processes we deal with, has resulted in the recognition of risk management as a valuable element of business management.

Why is risk assessment so important today?

Production facilities must identify and manage all risks associated with their business, including strategic, market, financial, operational, compliance, IT, and social, ethical and environmental risks, and manage these risks to keep them at an acceptable level.

It is no longer acceptable for organizations to find themselves in a situation where unexpected events cause financial loss, disruption to normal operations, damage to reputation and loss of market presence. External and internal stakeholders expect companies to fully consider the risks. They may result in non-compliance with statutory obligations, disruption and inefficiency of manufacturing operations, delays in project delivery or failure to deliver on a promised strategy.

Effective risk management should lead to better and more informed decisions, giving stakeholders and the business community greater confidence in the organization’s ability to cope with potential risk, reflecting the perceived value along with the sustainability of that business.

Start by choosing the right risk management tools

Companies manage many types of risk. For this reason they need tools that will allow for their appropriate classification along with making rational decisions regarding the related costs.

Risk identification is the first “trap” that is easy to fall into. The point of this stage is to be inventive, predictive and innovative. Risk identification should be done on a regular basis. This usually takes the form of a more or less formalized form of the so-called checklists. This is the simplest, but also the least valuable way to identify a risk.

It does not allow to go beyond existing beliefs, hinders group work and does not allow for free identification of new threats. It is worth considering more extensive tools, including, for example:

  • process mapping
  • flow charts
  • HAZOP (Hazard and Operability Studies)
  • HAZID (Hazard Identification Study)
  • Fault Tree Analysis
  • Root Cause Analysis
  • or rarely used, efficient PESTEL analysis (a framework to assess political, economic, social, technological, environmental, and legal factors)

Thorough reviews of the flows and concentration of the company’s resources in geographical and logical terms will also be helpful. Talks and workshops conducted with managers and lower operational levels leaders are invaluable. Often, they are much better aware of the risks that threaten the company than the management board.

The role of the ISO 31000 norm in the risk management process

The ISO 31000 norm is a set of basic principles, frameworks and guidelines for risk management. It allows for more efficient and effective implementation of tasks and business goals by adopting appropriate actions in the field of designing, implementing, maintaining and improving the risk management process in the organization.

Like any modern management system, the ISO 31000 norm was built on the basis of the Deming cycle, which further facilitates its implementation in a company of any profile. The implementation of the international ISO 31000 norm enables the introduction of high standards preparing for identifying, assessing and minimizing risks and teaches how to respond to them.

Effective risk management in four steps

It is a mistake for companies to limit themselves only to the assessment of a selected area, which they have marked as high, medium or low risk. They then adjust their hedging decisions accordingly. Other organizations use advanced quantitative or qualitative methods to understand and assess risk.

The risk management process should start with a proper search and description of the encountered risk (risk identification). This will consequently be of fundamental importance in determining the nature of the risk and determining its level (risk analysis). Knowing the type and nature of the risk, the results of the risk analysis can be compared with the risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable (risk evaluation).

Ultimately, the organization faces the choice and implementation of risk-modifying actions or its complete elimination (risk treatment).

Risk analysis of your suppliers is also key

Reaching a common understanding on how to apply risk management among stakeholders in a given process is very difficult. Why? Because each stakeholder perceives potential harms differently and attributes, different probabilities and different degrees of severity to each potential risk.

Given the diversity of stakeholders, protecting production processes and products through objective compliance management should be considered paramount. An effectively structured approach to risk management can ensure the quality of processes along the supply chain. We can’t forget also about final quality of the product for the customer, as it provides the means to identify and control potential quality hazards in the development and production phases.

In addition, when crisis management is required, quality risk management can optimize the decision-making process. This approach is used e.g. by Stellantis ex-FCA as part of risk management. Its use results from the Customer’s Specific Requirements. They can be found on the IATF website.

Automotive Risk management – summary

All activities undertaken as part of the risk management strategy are aimed at the production of a product or service, the use of which will fully satisfy the ordering party and, above all, end users / clients. Customer satisfaction is a guarantee of success. It’s related to the continuous development of the company. How it can be achieved? By obtaining increased revenues and reducing the fear of taking risks in terms of incurring additional costs.

Companies making various decisions on a daily basis must consider risks. From one hand they are perceived as a threat, and on the other hand may be a prerequisite for success. Only companies that can handle risk better than their competitors can gain an advantage over them.

Paweł Miszczuk

1. Collective authors, Risk Management Handbook for Suppliers FCA, 3rd Edition, May30th 2020.
2. Paul Hopkin, Fundamentals of Risk Management: Understanding, Evaluating and Implementing
Effective Risk Management, Kogan Page Publishers, 2018.
3. ISO/IEC 31000:2018 norm

Download for FREE our E-BOOKS