The discussion of risk analysis should begin with the definition of the concept of risk. Generally speaking, it is the influence of uncertainty that leads to a deviation from expectations. It can also be explained as a combination of the consequences of an event and its associated probability of occurrence.
In contrast, a risk-based approach consists of activities that aim to achieve a better result. In connection with the above, when speaking about the requirements for risks and opportunities in the Quality Management System (QMS), we will take into account:
- Organizational context from Chapter 4.1 of ISO 9001.
- The interested parties and their requirements.
- Identification of risks and opportunities.
All these elements will be necessary to plan activities that relate to risks and opportunities and how we will integrate these activities into the quality management system and its processes. It is also important to define the way in which we will evaluate the effectiveness of the actions taken.
Risk analysis in relation to the IATF requirements
When discussing risk analysis as included in the IATF 16949 standard, point 6.1.2.1 Risk Analysis, we must pay attention to several key areas:
Conclusions from previous lessons (lessons learned) concerning:
- Recurrence campaigns
- Product audits
- Warranty returns and repairs
- Complaints and rejects
We should also remember the sanctioned interpretation number 21 (SI 21), which adds the risk of cyber-attacks on IT systems to the risk analysis. This requires documented information in the quality management system. Accordingly, we must document our risk analysis.
Preventive Action in IATF 16949
The IATF 16949 standard also includes the concept of preventive action. These actions should eliminate the causes of potential non-compliance or other potential undesirable situations, a definition found in the ISO 9000 terminology standard. It is essential to identify and implement measures that eliminate these causes to prevent reoccurrence.
Preventive actions must be appropriate to their importance. Different approaches are needed for measures to prevent the recurrence of problems on the production line versus preventive measures to avoid, for example, a recall campaign.
In addition, we must have a process to reduce the impact of the negative effects of risk. This process should concern:
- Determining potential non-conformities and their causes.
- Assessing whether measures should be taken to prevent the appearance of non-compliance.
- Identifying and implementing the necessary actions.
- Documenting information on the actions taken.
- Reviewing the effectiveness of the actions taken and using lessons learned in our system.
Source:
- IATF 16949: 2016 Automotive Quality Management System Standard – edition 01.10.2016
- ISO 9000: 2015, Quality management systems. pt. 3.12.1
You can download an editable Excel form for free on the Free Quality Tools
Document name: Risk Analysis – Excel form
