When you look at standards like IATF 16949 or ISO 9001, the requirements boil down to two essential elements: improving customer satisfaction and reducing risk.
They go hand in hand because effective risk management means safer products and happier customers—and fewer problems for their suppliers.
To help automotive suppliers proactively avoid quality and safety issues, we’re looking at four important places to focus on for improving risk management and reducing costs.
What is risk management?
The concept of risk is often misunderstood, as is risk management.
A risk is not the same thing as a hazard. Risk is defined as probability x impact of a given hazard, causing an unwanted event. Risk takes into account how likely an event is to occur as well as potential consequences:
Risk = Probability x Impact
Risk management is not the same as finding hazards or conducting a risk assessment. Risk management is a cyclical process involving:
1. Hazard identification: Spotting problems
If you’re not effectively identifying problems, it’s only a matter of time before you have a quality issue escape. And if we’re talking about a quality problem that causes downtime for the OEM, you could be looking at charges of $10,000 per minute or more.
What can automotive suppliers do to improve hazard identification?
• Create structured systems for observation and capturing issues, such as with high-frequency audits and safety walk-throughs
• Look upstream at processes, instead of just focusing on rear-facing product inspections
• Bring fresh eyes to hazard identification, drawing on management expertise with tools like gembawalks and layered process audits (LPAs)
• Proactively analyze data as you collect them, rather than allowing weeks to pass before crunching spreadsheet data
• Periodically review lessons learned from issues like audits, recalls, and complaints—a requirement of standards like IATF 16949
Hazard identification is crucial because risk management isn’t just about reacting to existing problems. It’s about identifying potential problems before they occur, so you can take preventive action.
2. Risk assessment: Prioritizing follow-up
It’s not uncommon for suppliers to have a long list of hazards but only limited resources with which to address them. Which ones can you fix immediately, and which ones require deeper investigation? How do you decide when to implement new controls? This is where risk assessment comes in, focusing on probability and severity.
Some tools like FMEAs will give you a quantitative method for making decisions, allowing you to calculate a risk priority number (RPN) based on severity (S), occurrence (O), and detection (D):
RPN = S x O x D
Other situations may involve a less formal approach to risk-based thinking. For example, when you identify a nonconformance during an audit, you have two options:
• Correct the problem on the spot with a mitigation
• Open a corrective action for full root cause analysis and further problem-solving (such as with the 8D method)
The choice you make should be based on risk, also taking into account that you don’t want minor, easily fixed items obscuring high-risk problems in your corrective action system.
3. Corrective Action: Closing the loop
One place where manufacturers frequently struggle is creating a closed-loop corrective action process. Corrective actions should include elements such as:
• Links to the original nonconformance, such as within the audit record
• Action items and deadlines
• Who’s responsible for each item and reviewing progress
• Escalations to notify management if employees don’t complete tasks
Many manufacturers use software to track corrective actions, which is especially helpful when tied to systems like a mobile audit platform. Linking the two allows you to improve visibility, from hazard identification to follow-up.
4. Verification: Holding the gains
The final critical step in the risk management process is continued monitoring and adjustment. This is where you check that your process is working and ensure that you’re holding the gains of corrective action.
Going back to our auditing example, you’ll want to make sure that you add new audit questions based on corrective actions and previous nonconformances. Only then can you see whether your corrective actions have solved the problem and are held in place, or whether you need to start the process over again.
And that’s the most important thing to remember: Risk management is a process, not a one-off activity. Follow the plan-do-check-act (PDCA) cycle in your risk management activities, and you’ll see a big improvement in the effectiveness of your work.
First published April 9, 2019, on the Beacon Quality blog.
BIO
Paul Foster. Paul is Product Manager at Ease, where he designs products and provides customer onboarding and support. A veteran of the Air Force, he served on the data integrity team and supported technical inspections on B52 bombers and F16 fighter jets. Paul holds a B.A. in Physics from Cal Poly – San Luis Obispo and an MBA from Oklahoma State University. He has a passion for coding and builds Android apps in his spare time.