Examples of risk analysis

Hello everyone,

I work in a distributor company that does not have production. What do you think are the risks that may occur in the quality management department? We use the ISO 9001 quality management system. What risks exist regarding documentation, CAPA, customer complaints, etc.? I request your help.

 

You may be looking at risk a bit sideways. It wouldn't be limited to the quality management department. There are risks with those elements you mention: documentation (you may lose a document or record or use an outdated version of a document), CAPA (you may fail to identify root causes), customer complaints (you may lose some or fail to act in a timely manner), but think of risk from the service you provide. If you're a distributor, what can go wrong? Can you distribute the wrong materials (or wrong count)? Send to the wrong recipients? Distribute expired materials? Mix up returned goods with goods that are eligible for distribution? I think those are the types of risks you will want to consider to ensure that your service is high quality.

 

thanks for your return
What you wrote about documentation, CAPA and complaints was very helpful and gave ideas. I was just looking for help for the quality department. We have completed the risks of other departments.

 

In ISO/TS 9002:2016 (Guidelines for the application of ISO 9001:2015), this paragraph in section 6.1.1 contains tools that can be used at planning, not just in strategic level, but also in the operational level:

"In determining risks and opportunities, the organization can consider using the outputs of techniques such as SWOT or PESTLE. Other approaches can include techniques such as Failure Mode and Effects Analysis (FMEA); Failure Mode, Effects and Criticality Analysis (FMECA); or Hazard Analysis and Critical Control Points (HACCP). It is for the organization to decide which methods or tools it should use. Simpler approaches include techniques such as brainstorming, Structured What If Technique (SWIFT) and consequences/probability matrices."​

 

Documentation risks - internal document not consistent with reference standards; use of superseded documents for the current operation; user has a hard time of accessing the documents; unauthorized reproduction of documents; lost of documents issued to copyholders; a copyholder claims that he/she hasn't received yet a copy but was already issued to him/her; can't access electronic documents; hacking of electronic documents; unauthorized alteration of documents/records; loss of documents/records; loss of legibility; damage to documents/records; falsifying records; omissions of important information; inaccurate information; typographical errors;

CAPA risks - wrong criteria used in raising a nonconformity; forcing to tie a NC against an ISO 9001 clause but not relevant; incomplete statement of a problem or NC; statement of NC lacks the description of objective evidence; confusion in the definition of CA and PA; confusion in the definition of Correction and CA; wrong cause identified; management does not support the Correction and CA; target completion dates not followed; verification of action is only focused on determining whether the planned activities are realized and failed to check whether planned results are achieved; CA in one area not extended to other area/s that the same problem/NC might occur;

Customer complaint risks - trying to initiate CA for all types of complaints; incomplete information obtained from the complaining customer; actions not communicated to the customer; see also CAPA risks.