Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risk Assessment 6.1.2.1

Discussion in 'IATF 16949:2016 - Automotive Quality Systems' started by Daniel Attwater, Jun 22, 2020.

  1. Daniel Attwater

    Daniel Attwater Member

    Joined:
    Jun 15, 2020
    Messages:
    9
    Likes Received:
    3
    Trophy Points:
    2
    Does anyone have any advice on the best way to show evidence of a risk assessment or an example of a template please?
     
    qmr1976 likes this.
  2. qmr1976

    qmr1976 Member

    Joined:
    Jun 17, 2019
    Messages:
    45
    Likes Received:
    24
    Trophy Points:
    7
    Hi Daniel,

    We struggled with this as well, and we decided to incorporate this into our Change Request/Engineering Change Notice form. We actually ask if a risk assessment was completed (giving examples of risk) and if the response is 'No', we require an explanation. Another example would be a SWOT document that addresses your Strengths, Weaknesses, Opportunities and Threats. Hope this helps and welcome to the group!
     
    Daniel Attwater likes this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,663
    Likes Received:
    1,852
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    For IATF 16949, surely, performing a D or PFMEA is a risk assessment? If you do those why do any more?
     
    qmr1976 likes this.
  4. qmr1976

    qmr1976 Member

    Joined:
    Jun 17, 2019
    Messages:
    45
    Likes Received:
    24
    Trophy Points:
    7
    Good point, but PFMEAs aren't all inclusive. It just pertains to the process but risk analysis can be performed in various areas of the quality management system.
     
  5. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    431
    Likes Received:
    292
    Trophy Points:
    62
    Location:
    Upper Midwest- USA
    Good day @Daniel Attwater ;
    You have received some good council. Allow me to add a consideration to ensure your risk analysis is not "static"...i.e. "one and done".

    Here is a paraphrase of a response I provided to a similar question elsewhere on this site....
    Risk and Opportunity....... change regularly. For example, fuel prices are currently extremely low. In part because of the fussing between Russia and Saudi Arabia, but also because of the current health crisis. This "risk" or "opportunity" (if you are a US shale producer, huge RISK, if a logistics company, huge OPPORTUNITY). was likely not on the radar (or a matrix) of the industries in my example six months ago.

    Risks and opportunities are very dynamic. Regardless of what the standard requires, your organization would likely benefit from frequent (e.g. monthly? ) reviews of risks and opportunities that present themselves.

    I assure you, USA shale producer company's Top Management did not wait month(s) to take action when per/barrel prices of oil started this recent significant drop.

    Hopefully from my ramblings you can see why a fixed "matrix" of risks and opportunities might not benefit your organization. ALWAYS do what helps your organization...NOT what simply pleases an auditor.


    Hope this helps.
    Be well.
     
    Daniel Attwater and qmr1976 like this.
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,663
    Likes Received:
    1,852
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Daniel:

    This is an area of ISO 9001:2015 and IATF 16949 2016 which don't "sit" well together. ISO 9001 doesn't actually require "risk assessments". IATF implies that it does, by the wording of "the organization shall include..." The IATF is "spinning" the ISO 9001 requirements to suit what it wants. It leads to an unhappy juxtaposition of something which should be the results of evaluating non-conformities etc. However, as I posted earlier, risks like the ones listed are all product oriented and that comes from just a few sources and should result in updates to the PFMEA.

    Do not fall into the (common) trap of thinking some formalized risk-based weighting tables etc are a) required or b) appropriate to deal with this. Simple Pareto analysis (80/20 Rule) of scrap etc is fine.
     
    Daniel Attwater likes this.
  7. Daniel Attwater

    Daniel Attwater Member

    Joined:
    Jun 15, 2020
    Messages:
    9
    Likes Received:
    3
    Trophy Points:
    2
    Hi Andy, thanks for the advice. Yes we have FMEA's which will cover a lot of it. However, in a previous employment we had to conduct risk assessments for scrap products, risk of them getting to black market etc.
    "The organization shall include in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework. The organization shall retain documented information as evidence of the results of risk analysis" What is it asking for a risk analysis on in terms of scrap, complaints and rework etc? The risk or producing scrap is obviously quite large given the nature of automotive production, Sure they dont want every part of the process risk analysised?
     
  8. Daniel Attwater

    Daniel Attwater Member

    Joined:
    Jun 15, 2020
    Messages:
    9
    Likes Received:
    3
    Trophy Points:
    2
    Hi Thanks for the advice, the IATF manual states "
    The organization shall include in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework.The organization shall retain documented information as evidence of the results of risk analysis" How would you show evidence of a risk assessment for the items mentioned in the statement?
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,663
    Likes Received:
    1,852
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    What's listed are the results of an ineffective control plan. The analysis - using tools like 8D, Fishbone Diagrams, etc should be sufficient to show, with revised detection/occurrence values (since the PFMEA didn't work) of "risk analysis". ISO 9001 doesn't require any formal system and IATF can be answered by existing tools. I see ZERO reason (other than a mis-interpretation by a incompetent auditor) of any other process being needed. Use the tools provided, don't make another.
     
    Daniel Attwater likes this.
  10. qmr1976

    qmr1976 Member

    Joined:
    Jun 17, 2019
    Messages:
    45
    Likes Received:
    24
    Trophy Points:
    7
    Management Review Meeting minutes can be a good tool to document this information. It should already be on your agenda and that's where you can usually capture all areas of risk analysis.
     
    Daniel Attwater likes this.
  11. Daniel Attwater

    Daniel Attwater Member

    Joined:
    Jun 15, 2020
    Messages:
    9
    Likes Received:
    3
    Trophy Points:
    2

    Hi Andy,

    Sorry it's taken me so long to reply. So if I have understood correctly, FMEA's and Control plan would be sufficient tools to show that as a business we have analyzed certain risks associated with the product? For warranty returns etc an 8D or fishbone document providing its documented and stored would be fine?
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,663
    Likes Received:
    1,852
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Since there's this (apparent) disconnect from what ISO 9001 states and what IATF 16949 wants you to do, I take the "risk assessment" to mean the (P)FMEA. In that case, the IATF requirements are (in a less than direct manner) seeking to close the loop on taking performance issues and feed them back into the PFMEA (which we all know we should be doing) which is not always done effectively.
     

Share This Page