1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Are FMEA and Risks Registries adequate against Clause 6.1.1?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by tony s, Dec 19, 2016.

  1. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    If 6.1.1 of ISO 9001:2015 requires an organization to determine risks and opportunities, can FMEAs or Risks Registries satisfy the requirement? Bear in mind that both tools only identify the "negative" effects of uncertainty. There is no section or column in both tools that identifies opportunities. There's a column for "action", but is intended to address the identified "negative" effect of uncertainty (i.e. risk).
     
  2. Paul Simpson

    Paul Simpson Member

    Joined:
    Aug 6, 2015
    Messages:
    41
    Likes Received:
    61
    Trophy Points:
    17
    Hi, Tony. It looks like you have answered your own question. If the requirement is to address 'risks and opportunities' and FMEA and risk register are both tools that only help to manage risk then you have some additional work to do for the opportunity piece.

    Don't feel you have to force fit this activity into the same process. Most organisations are good at managing opportunities (sales enquiries, OFIs etc.). So long as the organization is managing these activities then you should be able to demonstrate addressing the full requirement.
     
  3. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Maybe I'm just overthinking about this, but bear with me. Clause 4.4.1f says "address the risks AND opportunities as determined in accordance with the requirements of 6.1". To address them, clause 6.1 requires the following: determine them (6.1.1), plan the actions to address them (6.1.2a), integrate the actions into the processes (6.1.2b.1).

    By using FMEAs and Risks Registries, IMHO, the half-part of the requirements described above (i.e. risks part) are adequately covered. We can easily connect FMEAs to the controls established for the manufacturing processes. The Risks Registries, in the same manner, cover the non-manufacturing processes. But what about the other part (i.e. opportunities part)?
     
  4. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Don't you not review the risk register during Management Review to identify Opportunities for improvement? OFI are both in the input and output of MR.
     
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    There are at least two major clauses in the standard where we are required to determine "opportunities". One is on Clause 6 - Planning and the other is on Clause 9 - Performance Evaluation. One is when "we look forward" and one is when "we look back". Identifying OFIs during management reviews does not, IMHO, satisfy the intent of the standard on determining "opportunities" during the "planning" period.

    FMEAs and Risks Registries, on the other hand, are good tools for planning the controls to be established. Hence, FMEA is a requirement during product quality planning for some standards (e.g. IATF/ISO 16949) and its outputs are included in the Control Plans and/or documented procedures/instructions. I'm toying with an idea that there must be an equivalent tool for planning for the controls that is based on the anticipated "opportunities".
     
    Andy Nichols likes this.
  6. PSRiordan

    PSRiordan Member

    Joined:
    Dec 14, 2016
    Messages:
    13
    Likes Received:
    9
    Trophy Points:
    2
    I think everyone "gets' the risk side of it. It's the opportunities that causes some head scratching. Opportunities are not the same as actions taken in response to risks; they're different. An example: When flushing out the context of the organization, the company notes that it operates in an environment where technology changes rapidly. They employ highly qualified engineers and invest considerably in their training to keep them "cutting edge." An opportunity for the company might be to position their engineers to become active within key industry groups as experts - thereby capitalizing on this knowledge through perceived industry expertise and enhancing the company's reputation. Or, alternatively, to offer their services in a professional services function - voila - there's an opportunity for additional revenue!

    Just some thoughts.
     
    Andy Nichols likes this.
  7. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I agree. Even "opportunities" are required to be addressed by actions (see 6.1.2a).
     
  8. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    A SWOT analysis is better positioned as a tool to simply address risks and opportunities. FMEA is a great tool for picking apart the various risks in a more detailed, granular manner.

    Neither are required, they are just useful, organized ways of handling information. The SWOT is a good tool for high level, strategic thinking such as in management review. The FMEA can be done at upper management level if they are comfortable with it, or at department level if that is what the organization prefers.

    An example:

    Some clients of mine are very worried about losing their skilled machinists. This represents a risk of inability to maintain production due to manpower loss from attrition.

    HR has reached out to a nearby technical college and has found an opportunity to help them develop curricula that would help students graduate with more of the specific skills needed to qualify for entry level machinist positions.

    The organization would still need to develop the new machinists with an OJT program (risk of lost skills is still present and would need to be addressed), but the costs could be partially offset by recruiting out of the college versus just placing ads in various places (opportunity to refine the intake process and try to reduce the uncertainty of other recruitment strategies.
     
    Last edited by a moderator: Dec 27, 2016
    Ellie, MCW8888 and Csőke Zita like this.
  9. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    SWOT is a reliable tool for determining strategies or actions to address opportunities on high-level management planning. My question (in another form) is: What could be a reliable tool to determine actions to address opportunities on operational-level planning?
     
    Csőke Zita likes this.
  10. littlefish

    littlefish New Member

    Joined:
    Oct 19, 2016
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    2
    PDCA
     
    Csőke Zita likes this.
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Can you expand your description?
     
  12. Csőke Zita

    Csőke Zita New Member

    Joined:
    Sep 8, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Continuous Risk Management (CRM)
    Cause and Effect matrix
    What do you think about these?
     
  13. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Determining actions for opportunities can be done with a scoring system such as FMEA presents (it doesn't have to only list negative factors) as well as pro-and-con study called Force Field Analysis. That method might work better when dealing with personalities along with technical factors.
     
  14. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Looking at the columns on FMEA, we cannot clearly see where we can capture the "opportunities" that we need to address in order to produce desirable effects or outputs.
     
  15. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    No, one would need to add a column. The typical FMEA has limited utility for risk based planning in management systems, though they are very good for product and process design. Their limitation is why I made and attached a the Risk-Based Planner tool in this site.

    Even that Planner does not have a column specifically for opportunities though. One could point to having recognized opportunities through actions taken to address selected risks. There is a section for that.
     
  16. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I believe actions on addressing failures, their effects and causes are not the same with opportunities. Both risks and opportunities are required to be determined and both are required to be addressed by actions. If we equate opportunities to actions, then why would ISO 9001 need to use the phrase "risks and opportunities". They should instead use "risks and actions".
     
    Last edited: Dec 30, 2016
  17. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Maybe because an action is a response and an opportunity is different. ISO/TC 176/SC2/N1284 describes "opportunity" as "a set of circumstances which makes it possible to do something...Taking or not taking an opportunity then presents different levels of risk."
     
  18. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The RBT guidance of ISO/TC 176 may have given supplemental definition of an opportunity but this definition will have to be interpreted with the other definitions given by ISO like in ISO 14001:2015 clause 3.2.11 where "risks and opportunities" is defined as "potential adverse effects (threats) and potential beneficial effects (opportunities)". Here opportunity is considered as an effect - not as a set of circumstance...ISO 9000:2015 defined risk as effect of uncertainty where further guidance was given to note that an effect is a deviation from the expected - positive or negative. Since one of the main intentions of ISO 9001 is to enhance integration with the other standards, a more consistent definition of an opportunity should be provided by ISO.
     
  19. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Many of us would be delighted if the different standards shared the same definitions for terms like opportunities. In an earlier version of its RBT guidance document, the ISO 9001 Technical Committee defined opportunity as "the upside of risk." That changed in the later version, for whatever reason. While there is now greater consistency between the standards, we can't expect complete consistency - after all, we are dealing with different Technical Committees, and everything else that's associated with the production of these standards.

    And so it is left to us to recognize the subtleties and similarities so as to integrate systems. That said, I don't see a fundamental difference between the definitions "a set of circumstances which makes it possible to do something" (ISO 9001:2015) and "potential beneficial effects" (ISO 14001:2015).
     
  20. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    One was defined by a guidance document, the other by a requirement standard. From my perspective it's like "cause/mode" and "effect". Since, in my point of view, risks and opportunities are presented in the standards as ying ang yang, both can have its mode/s, cause/s and effect/s, including action/s.