1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

"Demonstrating" Risk Based Thinking

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by QMSmaster, Feb 8, 2016.

  1. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    There have been a few threads discussing what we think we need to do to satisfy RBT requirements. Does anyone had discussions with Auditors and RB's about what they will be requiring? Will simply doing FMEA's be good enough?
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Who said this was even necessary? What's an "RB"?
     
    Carol Robinson likes this.
  3. Bob@PTE

    Bob@PTE New Member

    Joined:
    Oct 5, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I am going to train my managers in RBT ("Risk Based Thinking") and document the training. I am going to require them to provide me with a "top five risks" from each department. I am going to consider operational risks, i.e. Loss of a key employee, lack of available materials, etc... I am also going to have them consider health and safety risks, i.e. poor posture in the office chair, lifting requirements in shipping, etc... I have created a "risk log" in which I have incorporated a probability x severity "grading system" for each risk. Action will be taken for "high risks". The results will be internally audited, once rolled out and will be discussed at the Management Review Meeting. If they don't like that, @#$% *&^.
    The standard says,

    6.1.1 When planning for the quality management system, the organization shall consider the issues

    referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that


    need to be addressed to:

    So, I think I will have it covered.
     
  4. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Have you identified the top Level Processes?
     
  5. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    My concern is my complete contempt for doing this simply to pass the audit requirement. It needs to add value. Since we do not have to have a documented top level process I should be able to satisfy RBT by simply showing a few FMEA's. No one can deny that is "not" RBT. I am just wondering if anyone has heard from an auditing body what will be considered acceptable.
     
    Bev D likes this.
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    You aren't going to hear that answer. If YOU are doing the FMEA it will become apparent to a sharp auditor and the leadership will NOT be able to talk to it and, therefore, your ship will sink...
     
    MCW8888, Jennifer Kirley and Bev D like this.
  7. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    In my opinion, it is never a good strategy to implement anything related to YOUR system, based on anticipations of what an external auditor might "like to see". The system has to work and make sense for the organization that is supposed to live with it, day in, day out. Auditors come, spend a couple of days with you, and then, leave. Don't ever attempt to do something it is not sustainable.

    When it comes to Risk Based Thinking (RBT), you have to be able to explain some of the most traditional questions organizations have been asking and answering since ISO 9001's first edition in 1997, through the perspective of assessing the risks from a product conformity and customer satisfaction perspective; questions such as:

    1. Do I need a procedure for....
    2. How much detail do I have in this work instruction?
    3. How many management reviews should I have?
    4. Do I have to physically audit that critical supplier?
    5. Do I need more than one design review meeting for this new product?
    6. What is "as appropriate" and applicable for my context?
    7. etc....
    RBT is the framework you should be using to answer all of the questions you are confronted with, when developing and improving your QMS.
     
  8. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Not required but recommended. You can build the RBT on your SOP's if you want to. Some of our plants have come up with a template where there is a risk icon (HSSE or Quality, Technical, etc...) HSSE and Quality will be the highest since they are going to impact HSSE (Goal Zero) and Customer (CSI->90%). Some of our facilities are not TS16949 and so they are not familiar with the acronym FMEA. That's another training in itself.
     
  9. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    I can't help but come back to the same thought...RBT isn't new...it isn't even old...its ancient...it's Biblical...it's stone age.
    How do you train someone to this? It's like training someone to breathe.

    When you pull up to the gas station to fill up and a guy is playing with a lighter next to you...you leave. See, you already are well versed with RBT.
    When the T-Rex roars were really loud outside the cave, you stayed in the cave even though you were pretty hungry...even the cave men were well versed in it.

    The hardest part of "adopting RBT" is getting people to understand that it isn't a new requirement...it's another word for what you (should) have been doing all along.
    Not "How do I show RBT?"...but "Am I using RBT as a lifestyle?"...if you're using it, the evidence should already be piled up around you.

    Tuesday rant over...
     
  10. BradM

    BradM Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    394
    Likes Received:
    314
    Trophy Points:
    62
    Location:
    Arlington, TX
    I would put in a shameless plug here for Jennifer's FMEA Excel spreadsheet that she provided as a resource here.

    http://www.qualityforumonline.com/forum/index.php?resources/safety-fmea.3/

    I think sometimes you have to just kick things off. Maybe hold people's hands and walk the production/ process area and document the potentials with weights. Pretty soon, you'll have the 3-5 top things that should be focused on.

    This risk-based thinking may initially only apply to Safety. But after a while, it will become apparent that it's a pretty nice way to do things.

    Like Eric said... it's already used all the time. So are process improvement tools. It's just they're not written down and clearly identified many times. :)
     
    AkShef likes this.
  11. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    So what do I need to pass an audit? Has anyone taken one of the RBT classes being offered for a hefty fee? Will it be good enough if I get everyone to regurgitate that RBT has been ingrained in their "fabric of life" since birth and that they are constantly doing RBT? I feel the RBT requirement is way too vague. Do I need to have a risk analysis at the end of every document? Do I need a RBT database? When do we start seeing RBT software packages?
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Easy! Your organization (not YOU) need to implement a quality management system which meets the requirements of ISO 9001:2015! By that I mean, from understanding the context of the organization, the needs and expectations of interested parties and so on. The standard makes it pretty clear what your leadership are responsible for. It sounds to me as if you feel YOU have to do this, instead of working in collaboration with your management team. Have you had a discussion with your management team? Maybe YOU don't need to go on a course, maybe your management team has the answers. Did you ask? If not, maybe consider bringing in a competent consultant.
     
    ncwalker and Crusader like this.
  13. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    Oh goodness...mindset change needed.

    Demonstrate RBT: "Dear auditor, thank you for the question. We measure thickness using a drop gage (see procedure XX-XXX) because operator consistency using handheld micrometers depends on tightening pressure whereas using a drop gage with a fixed spring pressure reduces the risk of variation. (and reduces variation too !)"

    "Dear auditor, thank you for the question. We accepted this order for a material we've never made before because it seems pretty straightforward and the customer is paying a premium price, it is worth the risk."

    RBT now demonstrated for in-process testing and for order acceptance. No documents, no paper, no FMEA. The only thing done was to remove the hesitation to discuss "why".
    Treating RBT like another set of paperwork (IMO) is a complete waste of time and money. I have no document for how to open the door to get into the company, but I can demonstrate it pretty thoroughly...
     
  14. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    ISO-TC176-SC2 Document N1222 agrees with Eric. Its Conclusion: • risk-based thinking is not new • risk-based thinking is something you do already • risk-based thinking is continuous • risk-based thinking ensures greater knowledge and preparedness • risk-based thinking increases the probability of reaching objectives • risk-based thinking reduces the probability of poor results • risk-based thinking makes prevention a habit
    http://www.orion4value.com/wp-conte...C2_N1222_N1222_-_Risk_in_ISO_9001_2014-07.pdf
     
  15. Ganesh Sundaresan

    Ganesh Sundaresan Active Member

    Joined:
    Jul 31, 2015
    Messages:
    66
    Likes Received:
    36
    Trophy Points:
    17
    Not sure if Annexure A (referring to FDIS) has had a mention in the final Standard. It has a certain information about risk based thinking.
    In essence, it is the Organization's responsibility to address risk and it is absolutely fine that no documented information is maintained to prove it to somebody. To me, the onus is right back on the CB to judge the risk based thinking of its client and, now, that's the scarier part of it.
     
    tony s and Somashekar like this.
  16. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    I agree with everything all of you are saying. I have read the 2015 standard a few times. I have been doing this for 20+ years and are a member of the senior management team. What I am more wondering is does anyone know what registrar auditors will be looking for as objective evidence? Maybe it is too early as I doubt anyone has actually been audited to the 2015 standard yet.
     
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I do! It's what your organization is preparing to show them as evidence...
     
    Quintus Abbott III and Bev D like this.
  18. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Just to give some examples, you may consider these:
    • when an organization plans for their strategic objectives, they can use SWOT analysis;
    • when developing new product or process, you can use FMEA;
    • whenever there are changes in your system, procedures, infrastructure, activities, or people, potential failures can also be determined;
    • hazard identification and risk assessment to determine controls for health and safety;
    • aspect identification and impact assessment to determine controls for environment;
    • HACCP for food safety;
    • stand-by generator set in case of power failure;
    • poka-yoke or error-proofing methods;
    • alternative production site;
    • buffer stock and safety inventory level;
    • spare tire,
    • PPE
    • condom...and so on...:p
     
    Candi1024 likes this.
  19. Paul Simpson

    Paul Simpson Member

    Joined:
    Aug 6, 2015
    Messages:
    41
    Likes Received:
    61
    Trophy Points:
    17
    So let's be clear there is only one requirement in the 2015 edition that uses 'RBT' and it is clause 5.1.1 d) and the requirement is for top management to demonstrate leadership and commitment by
    It may come across as semantics but the requirement is specifically for top management and I do hope the auditors don't start their interviews of the CEO with:

    'So tell me how you demonstrate leadership and commitment by promoting the use of risk-based thinking?'

    All the other requirements in 9001 talk about identifying risks and opportunities and the embodiment of RBT is activities when the organisation is addressing another aspect of the QMS - so determining processes (4.4.3 f), looking at potential impact of product / service conformity (5.1.2 b), planning the QMS (6.1), analysis and evaluation of data(9.1.3), management review (9.3.2 e), taking action following nonconformity (10.2).

    I'm not suggesting anyone micromanages risk in their organization but it is too easy to read into the 2015 requirements the need for a sprinkle of RBT magic dust over everything when that is not the case. :)
     
    Jane Bennett and tony s like this.
  20. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    In my view, whenever the standard uses the word risk, the underlying expectation is that requirement must have the RBT-treatment.

    Does not look right to me that the 5.1.1.d) is the ONLY requirement of the standard that addresses RBT.
     
    Bev D likes this.