Uploaded byJavier138365
PDF, PPTX69 views

Topic 1 - Risk Auditing 1-17.pdf

The document discusses auditing risk processes in ISO 9001:2015. It introduces the concept of risk and discusses why risk is an important but complex topic. It then covers auditing risk in the ISO standard, including the impact of outcomes, different audit methodologies, and how to apply auditing to risk threads. Finally, it discusses risk management processes and three perspectives on risk: within processes, related to products and services, and technical risks. The document provides information to help auditors understand and evaluate risk processes.

Embed presentation

Download as PDF, PPTX
Risk & Auditing Risk Risk Processes in ISO 9001:2015
Introduction to Risk • Why Are We Discussing Risk Again ?? – Can Be a Complex Concept – Difficult to Understand & Distributed Across the Std. – Difficult to Explain to Customers – Need to Continue to Expand our Audit Skills and Learn from Each Other
Auditing Risk in the ISO 9001:2015 • Short Revisit –Risk Perspectives –Risk in the ISO Standard • Auditing Risk –Impact of Outcomes –Audit Methodologies –Auditing Threads –Application to Risk • Case Studies
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
• Risk Planning (Organizational Plan) – The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. • Risk Identification (When & Where) – The step of discovering and defining all risks inherent in your program or project. • Risk Assessment (Who) – The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. • Risk Handling (Decisions & Actions) – The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. • Risk Monitoring – The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process. Risk Management Processes
Plan Do Check Act Risk Management Process - Risk PDCA - •Mitigation •Acceptance •Transfer •Etc.
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
Product/Service & Technical Risk • Complexity of Design • Criticality of Product/Service for End Use • New or Unproven Process or Technology • Organizational Capability to Design or Build Product/Service – New or Unproven Process to Organization – New Technology to Company • Others??
Risk Management Processes What is Risk? Risk Mitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
• Here is Where “Risk Based Thinking” Strongly Applies – See a Risk >> Do Something about it. – Identify and Communicate Risk Based Thinking, Decisions & Behaviors • Risk Understanding – Thinking & Awareness – Understanding the Risks and How they affect your Function or Process • Risk Based Decision Making – Making Choices on Handling Risk
Risk Management Processes Theory Applied Risk Mitigation Behaviors within a process Product & Service Technical Risks
• Identification (including Analysis & Prioritization) – Discovering and defining risks inherent in your program, project, process, or task. • Communication – Communicating Risks to all Relevant Individuals and Processes • Risk Understanding – Understanding the Risks and How they affect your Function or Process • Decision Making (Risk Based) – Making Choices on application of ‘Individual Options’ and ‘Process Options’ • Risk Behaviors – Knowledge of Identified Risks – Knowledge of Process Options – Application of Identified Risk Topics to ‘Process Options’ Risk Based Decisions & Behaviors
Proposal Contract Design Manufact. Product Delivery Integrate Purchasing All Requirements are not created equal Monitoring and Inspection Activities Operational Options that Need Risk Oriented Decisions associated with Critical Requirements •Design Approach •V&V Approach •Monitor & Insp. Approach •Supplier Oversight RFQ Suppliers Communication of Supplier Requirements -Key Characteristics- Requirements & Risk Based Decisions Where Identified How Communicated What Decisions
Risk Concept ISO 9001:2015 • Standard Process With Inputs & Outputs P O I R Risk Input In Step Prevention Down Stream Prevention Risk PDCA in Incremental Process Steps • Monitoring & Improving • Risk Input to Process Visually Separated • Risk Analysis, Plan & Handling • Handling Risk within Process Step & Down Stream Process Step Risk Decisions Lessons Learned
Risk Identification & Decisions P O I R P O I R P O I R P O I R INPUTS •Customer •Regulatory •Known OUTPUTS •Product •Service •Good Product •No Escapes •On-Time •On- Budget Managing Risks to Process EFFECTIVENESS Multiple Prevention opportunity Options per Step
What Does the Standard Say
Risk & Risk Like Wording • Any Risk Impacted Processes Not Apparent or Weak?? • Cust. Reqts/Cont. Review (8.2) • Purchasing/Supplier Management (8.4) • Production Provision (8.5.1) Subject DIS Ref. Topic Risk Complex Impact Effect Likelihood Conseqnce Prevent Mitigate Control Constraint Contingency Essential Reliable QMS Plan/Change 6.1/6.1.2/6.3 QMS Plan, Control & Changes X X X X X X Customer 4.2 5.1.2 8.2 Cust, Stat, Reg Requirements Customer Focus Customer Requirements X X X Design 8.3.2 - 8.3.6 Planning, Input & Changes X X X X X X External Providers 8.4.1-3 Control of Ext. Suppliers X X Ops Plan/Control 8.1 8.5.1-6 8.7 Ops Planning & Control Production Provision NC Control X X X X X X X X X X QMS Processes 4.4/5.5.1 9.1.3 9.3.2 10.1-2 10.2.1 QMS Processes Analysis Management Review Improvement NC & CA X X X X X X X X X QMS Support 7.1 7.2/7.3 7.5 Resources Competence/Awareness Documented Information X X X X X X X
Risk Wording Observances • Risk is: • Explicit in Specific & Overarching Sections of Standard • Implicit in Across a Wide Range of the Standard • Have to Link Overarching Explicit Sections to Some Implicit Sections Where Risk Application is Important • 4.4.1.f – Risk Process Applicability Across Entire QMS • 6.1 – Risk & Opportunities Inclusion In QMS Planning • 8.1 – Risk Emphasis in Operational Planning & Control
Variable Risk Application Approach Varying Applicability to Different Functions (ISO 9001 A.4 ) – Not all process of a QMS represent the same level of Risk in terms of the organizations ability to meet its objectives, an the effects of uncertainty are not the same on all organizations Type Project Production Service Size Large Medium Small Product X X X Process X X X People X X X How Does Risk Approach Vary?. • Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. • Audit Approach & Questioning Will Need to Vary Also.
ISO 9001 – 6.1.2 Actions to Address Risk & Opportunity Processes Behaviors/ Decisions The organization shall plan: a) actions to address these risks and opportunities; b) how to: 1) integrate and implement the actions into its quality management system processes (see 4.4); 2) evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services. NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. Decision Options Key Points – Explicit or Implicit ??? • Establishes a Risk Approach Within the QMS Infrastructure (4.4) • Establishes Requirement for Risk Based Decisions Associated with Product And Services • Others ??
ISO 9001 – 8.1 Operational Planning & Control 8.1 Operational Planning & Control The organization shall plan, implement and control the processes (see 4.4) needed to meet requirements for the provision of products and services and to implement the actions determined in 6, by: a) determining requirements ……….; b) establishing criteria for the processes and for the acceptance ……….; c) determining the resources needed to achieve conformity to ………. requirements; d) implementing control of the processes in accordance with the criteria; e) retaining documented information to the extent necessary ………. The output of this planning shall be suitable for the organization's operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. Key Points – Explicit or Implicit ??? Identify Decisions Decisions Communicate Action Process Decisions Action • Establishes Requirement for Risk Based Actions (6.1) • Operational Planning With Risk Based Decisions Across ‘Realization Process’ (8.1) • Others ??
ISO 9001 – 8.1 Other Risk Phrases of Interest 8.4.2 Type and Extent of Control of External Provision The Organization shall ensure that externally provided processes, products & services do not adversely affect……. The Organization shall: b)Define controls it intends to apply…….. c)Take into consideration the potential Impacts…… as well as the effectivenss of controls…… d)Determine the verification activities necessary to ensure ……. Key Points – Explicit or Implicit ??? Decisions Understand Decision Understand • Decision on Controls tied to impact of Supplier on Product • Variable Methods for Verification tied to Ensuring Supplier Does Not Have an Adverse affect to Organizations Product/Service. • Others??
ISO 9001 Other Risk Phrases of Interest 8.2.1 Customer communication Communication with the customers shall include: e) specific requirements for contingency actions, when relevant. 8.3.2 Design and development planning In determining the stages and controls for design and development, the organization shall consider: a)the nature, duration and complexity of the design and development activities f)the need to control interfaces between persons involved in D&D i)The level of control expected for D&D processes by Customer & Int. Parties 8.3.3 Design and development Inputs The organization shall determine requirements essential for the specific type of products and services being designed and developed. The Organization shall Consider a) functional and performance requirements; e) the potential consequences of failure due to the nature of the products and services; Key Points – Explicit or Implicit ??? Identify Communicate Identify Identify • Risk Associated Wording. Not Strongly Tied to Decisions or Actions. Decision
Auditing Risk The Swiss Cheese Way
Introduction to Auditing Risk • Who has Audited to the New Standards? – How are the Customers Adapting to Risk Based Thinking? – Any Unique Applications? • What Are Your Experiences With Auditing Risk ? – Explicit Wording Areas (Sections 4.4.1, 6.1, 8.1) – Implicit Wording Areas • Any Risk Based NC’s? • Have You had to Change Anything About Your Audit Approach • Let’s Explore Options for Auditing Risk in the New Standard!!
• Needs for an Audit Strategy • For Compliance to Risk Requirements • For Effectiveness of Risk Processes • Implicit Risk Requirements -vs- Explicit Risk Requirements • Needs for an Audit Approach • Audit Planning & Sequence • Audit Technique & Line of Questioning • May Need to Alter Audit Approach & Focal Areas – Minimal Solid Requirements • 9.3.2.e - Risk In Man. Rev. • 9.3.3 - Retained Doc. Info. – Wide Application Of Risk • Process, Capabilities, Controls • Culture?? – Where in the Standard (4.1 Note 3 Context) – How to Audit Introduction to Auditing Risk
Back To The Basics • What Are Auditing Basics • 2 Eyes, 2 Ears, 1 Mouth – Use them in proportion • Open Ended Questions • IAF – Expected Outcomes http://www.iaf.nu/upFiles/IAF9001expectedoutcomes0112.pdf • An organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. • What Are Auditor Methods • Down-stream • Up-stream • Cannonball • What Are Auditor Sampling Approaches • Random • Biased • (e.g., focusing on the results of performance / effectiveness metrics, focusing on specific customers) • Comparative • (e.g., comparing the work performed with procedures, verifying consistency between workers) • Which Are the Best Methods, Approaches and Techniques to Use For Various Risk Auditing Situations??
Auditing Risk – Building Blocks • Audit For Risk in Process Model • Context of Organization & Interested Party Impacts • How Risk Can Impact Compliance and Effectiveness • Occurrence –v– Recurrence Focus in Risk Auditing • Understanding Requirements Threads • Individual Requirements Weave Together to Form Cross Cutting Larger Requirements • Understand Best Strategy for Auditing Risk For Various Scenarios • What is the Audit Goal – IAF Expected Outcomes • Which Sampling Technique to Use • What Audit Paths to Focus on • How to Combine Techniques and Paths for Maximum Effectiveness • Where to Start!! • What is Best Entry Point for Auditing Risk in an Organizations Management System
Risk and Down Stream Audit Approach • What is Downstream Auditing • Start at the Beginning of a Process and Follow Trails to End of Process(s) • What Are Strengths & Weaknesses • Good for Following Planning to Outcome Trail (PDCA) • Can Be Weak for Auditing Outcomes • Other • How To Use For Auditing ‘Risk Based Thinking’ • Follow PDCA Trail • Look at Leading Indicators for Potential of Risk Impacts to Process • Look for Risk ID, Communication & Understanding for Prevention of Occurrence • Use Comparative Sampling to Evaluate Consistency of Risk Based Thinking • Other? Prevent Control Mitigate Emergency Audit Trail
Down-Stream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) How Do Process Owners Understand Context, Requirements, Capabilities, Regulatory, etc. and Determine Risks and Plan for Prevention Actions for Appropriate Steps of the Process Audit Trail
Risk and Up-Stream Audit Approach Prevent Control Mitigate Emergency Audit Trail • What is Up-stream Auditing • Start at the End of a Process and Follow Trails to Earlier Stage of Process(s) • What Are Strengths & Weaknesses • Good for Following Trails on Adverse Process Outcomes (CAPD) • Supportive of IAF Expectations on ‘Expected Outcomes’ • Potential for Not Understanding Full Process Before Starting the Audit Trail. • How To Use For Auditing ‘Risk Based Thinking’ • Use Biased Sampling and Start with a ‘Known’ Negative Issue or Lagging Indicators Showing ‘Unintended Outcomes’ • Follow Trail Back to Planning and Decisions • How Where Potential Risk were ID, Communication & Understood • Were Appropriate Risk Decisions Applied Based On Understanding of Risk • Look for How Risk ID, Communication & Understanding will be used for Prevention of Recurrence • Note - Comparative Sampling can then be used to determine if other personnel are applying similar ‘Risk Based Thinking’ • Other?
Upstream Auditing & the “Turtle “ Model ? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) If defect sent to Cust, Where did risk thinking fail?? Same Scenario if Internal Data shows an adverse issue Audit Trail
Risk Case Studies • What Have We Covered? – General Discussion on Risk Theories – Risk Wording in ISO 9001:2015 Standard – Audit Strategies, Methods and Techniques Associated with Risk Based Thinking • Time to put your Auditor Hats Back On – Case Studies
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) Audit Trail You are auditing a Company that designs and manufactures valves and other pressure related piping components for commercial industries. From the Management Interview, you find that the organization is branching out into the Chemical Processing industry which is new to the organization. You have selected a contract that is for supplying valves to a customer involved in chemical processing. During your audit of this contract you are told that the customer is looking to use these valves for a chemical process that they have not been used for in the past.
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) During the audit you find that the customer rejected a lot of 50 valves due to lack of material certifications that were required by chemical industry codes referenced in the customer’s contract. You also find that the organizations Purchasing Department was not aware that they needed to specifically request material certifications from the supplier, but had referenced the Chemical industry codes to their supplier. Audit Trail
Downstream Auditing & the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) In review of Inspection data from the weekly Manufacturing Department report, you see an increasing trend of workmanship nonconformances and scrap dispositions. In follow-up questions, you find that no apparent changes are being made to the manufacturing process. Audit Trail
What’s Next • Understanding the Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle • Educate Yourself on the Broadness of Risk Applicability in a QMS • Develop Sensible But Meaningful Approaches to Auditing Risk • Auditing Homework • Get Comfortable with the Risk Wording in the Standards • Develop Concepts On Audit Strategy & Planning • Determine Approaches for Auditor/Auditee Engagements • Down Stream & Up stream Audit Paths • Comparative & Biased Sampling • Ask Questions We Always Learning
?? Questions ?? Risk & Cheese

More Related Content

PPTX
QMS Risk Workshop.pptx
bySITTIEBADRIADATUDACU1
 
PPTX
ISO-9001-2015-training.pptx
byWilfredoMina1
 
PPTX
Risk Based Thinking for the integrated Management System ISO 9001 - ISO 14001...
byamanvocational
 
PPTX
Iso 9001-2015-training
byJPPaner
 
PPTX
Iso 9001-2015-training
byUmesh Hajare
 
PDF
Risk-Management-in-ISO-9001.pdf
byukavathekar
 
PPTX
Risk Management Workshop describe workshop for risk
byYahiaOssman
 
PPTX
ISO 9001_2015 Overview Presentation_Hawkeye
byKatie Freeman
 
QMS Risk Workshop.pptx
bySITTIEBADRIADATUDACU1
 
ISO-9001-2015-training.pptx
byWilfredoMina1
 
Risk Based Thinking for the integrated Management System ISO 9001 - ISO 14001...
byamanvocational
 
Iso 9001-2015-training
byJPPaner
 
Iso 9001-2015-training
byUmesh Hajare
 
Risk-Management-in-ISO-9001.pdf
byukavathekar
 
Risk Management Workshop describe workshop for risk
byYahiaOssman
 
ISO 9001_2015 Overview Presentation_Hawkeye
byKatie Freeman
 

Similar to Topic 1 - Risk Auditing 1-17.pdf

PPTX
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
byPraneet Surti
 
PDF
ISO 9001 2015 Overview presentation
byGovind Ramu
 
PPTX
ISO 9001 2015 FULL DETAILED LATEST TRAINING SLIDES DANGOTE FERTILIZER.pptx
byJustinBNickaf
 
PPTX
ISO 9001 2015 FULL DETAILED LATEST TRAINING SLIDES DANGOTE FERTILIZER.pptx
byJustinBNickaf
 
PDF
Risk Based Thinking ISO 9001 Presentation.pdf
byHimanshuMishra203021
 
PPT
2015_ISO_9001 تطبيق نظام إدارةالجودة_Review_.ppt.ppt
bysmo869957
 
PPTX
ISO9001 2015 Risk Management training.pptx
byPrakashSivan
 
PPT
ISO 9001 2015 globally recognized standard for quality management systems (QM...
byAkia17
 
PPT
ISO 9001 2015 a globally recognized standard for quality management systems (...
byAkia17
 
PPTX
ISO 9001-2015: New Risk Requirements
byMasterControl
 
PPTX
RISK MANAGEMENT RISK MANAGEMENT RISK MANAGEMENT
byJoemarAgbayani1
 
PPTX
9001-2015
byDennis J Morgan
 
PPSX
Aligning data life cycle with qb d risk management principle across the produ...
bySANDEEP DIWAKER
 
PPTX
ISO 9001 2015 version Quality Management System
byErnaWati262939
 
PDF
a-risk-based-thinking-model-for-iso-9001-2015.pdf
bygagema2049
 
PPTX
Risk Management
byMadhavan Karthikeyan
 
PDF
QSP 6.1 Actions to address risks and opportunities (Preview)
byCentauri Business Group Inc.
 
PPTX
RISK MANAGEMENT AND OPPORTUNITIES.pptx
byIqahFauzi1
 
PPTX
ISO 13485 & Risk Analysis
byDan_Brown
 
PPTX
Asis social innovation risk management_004_02.07.2020
byarmelleguillermet
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
byPraneet Surti
 
ISO 9001 2015 Overview presentation
byGovind Ramu
 
ISO 9001 2015 FULL DETAILED LATEST TRAINING SLIDES DANGOTE FERTILIZER.pptx
byJustinBNickaf
 
ISO 9001 2015 FULL DETAILED LATEST TRAINING SLIDES DANGOTE FERTILIZER.pptx
byJustinBNickaf
 
Risk Based Thinking ISO 9001 Presentation.pdf
byHimanshuMishra203021
 
2015_ISO_9001 تطبيق نظام إدارةالجودة_Review_.ppt.ppt
bysmo869957
 
ISO9001 2015 Risk Management training.pptx
byPrakashSivan
 
ISO 9001 2015 globally recognized standard for quality management systems (QM...
byAkia17
 
ISO 9001 2015 a globally recognized standard for quality management systems (...
byAkia17
 
ISO 9001-2015: New Risk Requirements
byMasterControl
 
RISK MANAGEMENT RISK MANAGEMENT RISK MANAGEMENT
byJoemarAgbayani1
 
9001-2015
byDennis J Morgan
 
Aligning data life cycle with qb d risk management principle across the produ...
bySANDEEP DIWAKER
 
ISO 9001 2015 version Quality Management System
byErnaWati262939
 
a-risk-based-thinking-model-for-iso-9001-2015.pdf
bygagema2049
 
Risk Management
byMadhavan Karthikeyan
 
QSP 6.1 Actions to address risks and opportunities (Preview)
byCentauri Business Group Inc.
 
RISK MANAGEMENT AND OPPORTUNITIES.pptx
byIqahFauzi1
 
ISO 13485 & Risk Analysis
byDan_Brown
 
Asis social innovation risk management_004_02.07.2020
byarmelleguillermet
 

Recently uploaded

PPTX
Regulatory_Compliance_and_Case_Studies_Workshop_Presentation.pptx
byDharamashi
 
PPTX
Hazard Identification and Risk Assessment
bynittg
 
PPTX
INTRODUCTION TO Framework for Risk Assessment.pptx
byjustin716667
 
PDF
Nature's Gifts. .. By Ivo Arrey Mbongaya
byAfrican Centre for Community and Development
 
PDF
A Complete Guide to Fume Extraction Systems
byUK FRP Scrubber
 
PDF
Drought as new Reality - What this means for our Homes and Landscaping
byChris Maxwell-Gaines
 
PDF
Climate Action Blueprint-Eswatini National Youth parliamentarian.pdf
bygoodmanmabuya976
 
PDF
From production to end-of-life: understanding fluoropolymers across the life ...
byOECD Environment
 
PDF
Urban Open Spaces – multi-scalar reading from city to the plots
byMansi Shah
 
PDF
Economic Trends in Forest Industry - Jan 2026 Maine Woodlands.pdf
byeric kingsley
 
PDF
Post-COVID Tourism Recovery in Sri Lanka
byRaja Shripatrao Bhagawantrao Mahavidyalaya, Aundh, Satara Affiliated to Shivaji University, Kolhapur
 
PPTX
Seed certification-phases- procedure - fieldinspection.pptx
byPRASHANTCHAUDHARY173201
 
PDF
Evaluation of yield, some growth features, economic index and competitive ind...
byOpen Access Research Paper
 
PDF
Utilization of corn stover and pruned Gliricidia sepium biochars as soil cond...
byOpen Access Research Paper
 
PDF
Watching the Earth in Real Time_ Data-Driven Paths to Environmental Sustainab...
byMonika Von Hofmann
 
PPTX
FISH biodiversity IN KAPTAI LAKE IN BANGLADESH
byhasibulhasan557
 
PPTX
WFTT Wood-Wide Webinar series 2026 taster session
byWoods for the Trees
 
PPT
chapter 4 in about environment course.ppt
byAnaDoma1
 
PPTX
Planning and Designing for Safer Cities- Challeneges , issues and Roadmap...
byJIT KUMAR GUPTA
 
PPTX
DISASTER MANAGEMENT. The definitions of the disaster is given in anal laboratory
byDAFLINDJ
 
Regulatory_Compliance_and_Case_Studies_Workshop_Presentation.pptx
byDharamashi
 
Hazard Identification and Risk Assessment
bynittg
 
INTRODUCTION TO Framework for Risk Assessment.pptx
byjustin716667
 
Nature's Gifts. .. By Ivo Arrey Mbongaya
byAfrican Centre for Community and Development
 
A Complete Guide to Fume Extraction Systems
byUK FRP Scrubber
 
Drought as new Reality - What this means for our Homes and Landscaping
byChris Maxwell-Gaines
 
Climate Action Blueprint-Eswatini National Youth parliamentarian.pdf
bygoodmanmabuya976
 
From production to end-of-life: understanding fluoropolymers across the life ...
byOECD Environment
 
Urban Open Spaces – multi-scalar reading from city to the plots
byMansi Shah
 
Economic Trends in Forest Industry - Jan 2026 Maine Woodlands.pdf
byeric kingsley
 
Post-COVID Tourism Recovery in Sri Lanka
byRaja Shripatrao Bhagawantrao Mahavidyalaya, Aundh, Satara Affiliated to Shivaji University, Kolhapur
 
Seed certification-phases- procedure - fieldinspection.pptx
byPRASHANTCHAUDHARY173201
 
Evaluation of yield, some growth features, economic index and competitive ind...
byOpen Access Research Paper
 
Utilization of corn stover and pruned Gliricidia sepium biochars as soil cond...
byOpen Access Research Paper
 
Watching the Earth in Real Time_ Data-Driven Paths to Environmental Sustainab...
byMonika Von Hofmann
 
FISH biodiversity IN KAPTAI LAKE IN BANGLADESH
byhasibulhasan557
 
WFTT Wood-Wide Webinar series 2026 taster session
byWoods for the Trees
 
chapter 4 in about environment course.ppt
byAnaDoma1
 
Planning and Designing for Safer Cities- Challeneges , issues and Roadmap...
byJIT KUMAR GUPTA
 
DISASTER MANAGEMENT. The definitions of the disaster is given in anal laboratory
byDAFLINDJ
 

Topic 1 - Risk Auditing 1-17.pdf

  • 1.
    Risk & AuditingRisk Risk Processes in ISO 9001:2015
  • 2.
    Introduction to Risk •Why Are We Discussing Risk Again ?? – Can Be a Complex Concept – Difficult to Understand & Distributed Across the Std. – Difficult to Explain to Customers – Need to Continue to Expand our Audit Skills and Learn from Each Other
  • 3.
    Auditing Risk inthe ISO 9001:2015 • Short Revisit –Risk Perspectives –Risk in the ISO Standard • Auditing Risk –Impact of Outcomes –Audit Methodologies –Auditing Threads –Application to Risk • Case Studies
  • 4.
    Risk Management Processes What is Risk? RiskMitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 5.
    Risk Management Processes What is Risk? RiskMitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 6.
    • Risk Planning(Organizational Plan) – The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. • Risk Identification (When & Where) – The step of discovering and defining all risks inherent in your program or project. • Risk Assessment (Who) – The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. • Risk Handling (Decisions & Actions) – The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. • Risk Monitoring – The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process. Risk Management Processes
  • 7.
    Plan Do Check Act Risk Management Process -Risk PDCA - •Mitigation •Acceptance •Transfer •Etc.
  • 8.
    Risk Management Processes What is Risk? RiskMitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 9.
    Product/Service & TechnicalRisk • Complexity of Design • Criticality of Product/Service for End Use • New or Unproven Process or Technology • Organizational Capability to Design or Build Product/Service – New or Unproven Process to Organization – New Technology to Company • Others??
  • 10.
    Risk Management Processes What is Risk? RiskMitigation Behaviors within a process Product & Service Technical Risks 3 Perspectives on Risk
  • 11.
    • Here isWhere “Risk Based Thinking” Strongly Applies – See a Risk >> Do Something about it. – Identify and Communicate Risk Based Thinking, Decisions & Behaviors • Risk Understanding – Thinking & Awareness – Understanding the Risks and How they affect your Function or Process • Risk Based Decision Making – Making Choices on Handling Risk
  • 12.
    Risk Management Processes Theory Applied Risk Mitigation Behaviorswithin a process Product & Service Technical Risks
  • 13.
    • Identification (includingAnalysis & Prioritization) – Discovering and defining risks inherent in your program, project, process, or task. • Communication – Communicating Risks to all Relevant Individuals and Processes • Risk Understanding – Understanding the Risks and How they affect your Function or Process • Decision Making (Risk Based) – Making Choices on application of ‘Individual Options’ and ‘Process Options’ • Risk Behaviors – Knowledge of Identified Risks – Knowledge of Process Options – Application of Identified Risk Topics to ‘Process Options’ Risk Based Decisions & Behaviors
  • 14.
    Proposal Contract DesignManufact. Product Delivery Integrate Purchasing All Requirements are not created equal Monitoring and Inspection Activities Operational Options that Need Risk Oriented Decisions associated with Critical Requirements •Design Approach •V&V Approach •Monitor & Insp. Approach •Supplier Oversight RFQ Suppliers Communication of Supplier Requirements -Key Characteristics- Requirements & Risk Based Decisions Where Identified How Communicated What Decisions
  • 15.
    Risk Concept ISO9001:2015 • Standard Process With Inputs & Outputs P O I R Risk Input In Step Prevention Down Stream Prevention Risk PDCA in Incremental Process Steps • Monitoring & Improving • Risk Input to Process Visually Separated • Risk Analysis, Plan & Handling • Handling Risk within Process Step & Down Stream Process Step Risk Decisions Lessons Learned
  • 16.
    Risk Identification &Decisions P O I R P O I R P O I R P O I R INPUTS •Customer •Regulatory •Known OUTPUTS •Product •Service •Good Product •No Escapes •On-Time •On- Budget Managing Risks to Process EFFECTIVENESS Multiple Prevention opportunity Options per Step
  • 17.
  • 18.
    Risk & RiskLike Wording • Any Risk Impacted Processes Not Apparent or Weak?? • Cust. Reqts/Cont. Review (8.2) • Purchasing/Supplier Management (8.4) • Production Provision (8.5.1) Subject DIS Ref. Topic Risk Complex Impact Effect Likelihood Conseqnce Prevent Mitigate Control Constraint Contingency Essential Reliable QMS Plan/Change 6.1/6.1.2/6.3 QMS Plan, Control & Changes X X X X X X Customer 4.2 5.1.2 8.2 Cust, Stat, Reg Requirements Customer Focus Customer Requirements X X X Design 8.3.2 - 8.3.6 Planning, Input & Changes X X X X X X External Providers 8.4.1-3 Control of Ext. Suppliers X X Ops Plan/Control 8.1 8.5.1-6 8.7 Ops Planning & Control Production Provision NC Control X X X X X X X X X X QMS Processes 4.4/5.5.1 9.1.3 9.3.2 10.1-2 10.2.1 QMS Processes Analysis Management Review Improvement NC & CA X X X X X X X X X QMS Support 7.1 7.2/7.3 7.5 Resources Competence/Awareness Documented Information X X X X X X X
  • 19.
    Risk Wording Observances •Risk is: • Explicit in Specific & Overarching Sections of Standard • Implicit in Across a Wide Range of the Standard • Have to Link Overarching Explicit Sections to Some Implicit Sections Where Risk Application is Important • 4.4.1.f – Risk Process Applicability Across Entire QMS • 6.1 – Risk & Opportunities Inclusion In QMS Planning • 8.1 – Risk Emphasis in Operational Planning & Control
  • 20.
    Variable Risk ApplicationApproach Varying Applicability to Different Functions (ISO 9001 A.4 ) – Not all process of a QMS represent the same level of Risk in terms of the organizations ability to meet its objectives, an the effects of uncertainty are not the same on all organizations Type Project Production Service Size Large Medium Small Product X X X Process X X X People X X X How Does Risk Approach Vary?. • Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. • Audit Approach & Questioning Will Need to Vary Also.
  • 21.
    ISO 9001 –6.1.2 Actions to Address Risk & Opportunity Processes Behaviors/ Decisions The organization shall plan: a) actions to address these risks and opportunities; b) how to: 1) integrate and implement the actions into its quality management system processes (see 4.4); 2) evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services. NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. Decision Options Key Points – Explicit or Implicit ??? • Establishes a Risk Approach Within the QMS Infrastructure (4.4) • Establishes Requirement for Risk Based Decisions Associated with Product And Services • Others ??
  • 22.
    ISO 9001 –8.1 Operational Planning & Control 8.1 Operational Planning & Control The organization shall plan, implement and control the processes (see 4.4) needed to meet requirements for the provision of products and services and to implement the actions determined in 6, by: a) determining requirements ……….; b) establishing criteria for the processes and for the acceptance ……….; c) determining the resources needed to achieve conformity to ………. requirements; d) implementing control of the processes in accordance with the criteria; e) retaining documented information to the extent necessary ………. The output of this planning shall be suitable for the organization's operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. Key Points – Explicit or Implicit ??? Identify Decisions Decisions Communicate Action Process Decisions Action • Establishes Requirement for Risk Based Actions (6.1) • Operational Planning With Risk Based Decisions Across ‘Realization Process’ (8.1) • Others ??
  • 23.
    ISO 9001 –8.1 Other Risk Phrases of Interest 8.4.2 Type and Extent of Control of External Provision The Organization shall ensure that externally provided processes, products & services do not adversely affect……. The Organization shall: b)Define controls it intends to apply…….. c)Take into consideration the potential Impacts…… as well as the effectivenss of controls…… d)Determine the verification activities necessary to ensure ……. Key Points – Explicit or Implicit ??? Decisions Understand Decision Understand • Decision on Controls tied to impact of Supplier on Product • Variable Methods for Verification tied to Ensuring Supplier Does Not Have an Adverse affect to Organizations Product/Service. • Others??
  • 24.
    ISO 9001 Other RiskPhrases of Interest 8.2.1 Customer communication Communication with the customers shall include: e) specific requirements for contingency actions, when relevant. 8.3.2 Design and development planning In determining the stages and controls for design and development, the organization shall consider: a)the nature, duration and complexity of the design and development activities f)the need to control interfaces between persons involved in D&D i)The level of control expected for D&D processes by Customer & Int. Parties 8.3.3 Design and development Inputs The organization shall determine requirements essential for the specific type of products and services being designed and developed. The Organization shall Consider a) functional and performance requirements; e) the potential consequences of failure due to the nature of the products and services; Key Points – Explicit or Implicit ??? Identify Communicate Identify Identify • Risk Associated Wording. Not Strongly Tied to Decisions or Actions. Decision
  • 25.
  • 26.
    Introduction to AuditingRisk • Who has Audited to the New Standards? – How are the Customers Adapting to Risk Based Thinking? – Any Unique Applications? • What Are Your Experiences With Auditing Risk ? – Explicit Wording Areas (Sections 4.4.1, 6.1, 8.1) – Implicit Wording Areas • Any Risk Based NC’s? • Have You had to Change Anything About Your Audit Approach • Let’s Explore Options for Auditing Risk in the New Standard!!
  • 27.
    • Needs foran Audit Strategy • For Compliance to Risk Requirements • For Effectiveness of Risk Processes • Implicit Risk Requirements -vs- Explicit Risk Requirements • Needs for an Audit Approach • Audit Planning & Sequence • Audit Technique & Line of Questioning • May Need to Alter Audit Approach & Focal Areas – Minimal Solid Requirements • 9.3.2.e - Risk In Man. Rev. • 9.3.3 - Retained Doc. Info. – Wide Application Of Risk • Process, Capabilities, Controls • Culture?? – Where in the Standard (4.1 Note 3 Context) – How to Audit Introduction to Auditing Risk
  • 28.
    Back To TheBasics • What Are Auditing Basics • 2 Eyes, 2 Ears, 1 Mouth – Use them in proportion • Open Ended Questions • IAF – Expected Outcomes http://www.iaf.nu/upFiles/IAF9001expectedoutcomes0112.pdf • An organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. • What Are Auditor Methods • Down-stream • Up-stream • Cannonball • What Are Auditor Sampling Approaches • Random • Biased • (e.g., focusing on the results of performance / effectiveness metrics, focusing on specific customers) • Comparative • (e.g., comparing the work performed with procedures, verifying consistency between workers) • Which Are the Best Methods, Approaches and Techniques to Use For Various Risk Auditing Situations??
  • 29.
    Auditing Risk –Building Blocks • Audit For Risk in Process Model • Context of Organization & Interested Party Impacts • How Risk Can Impact Compliance and Effectiveness • Occurrence –v– Recurrence Focus in Risk Auditing • Understanding Requirements Threads • Individual Requirements Weave Together to Form Cross Cutting Larger Requirements • Understand Best Strategy for Auditing Risk For Various Scenarios • What is the Audit Goal – IAF Expected Outcomes • Which Sampling Technique to Use • What Audit Paths to Focus on • How to Combine Techniques and Paths for Maximum Effectiveness • Where to Start!! • What is Best Entry Point for Auditing Risk in an Organizations Management System
  • 30.
    Risk and DownStream Audit Approach • What is Downstream Auditing • Start at the Beginning of a Process and Follow Trails to End of Process(s) • What Are Strengths & Weaknesses • Good for Following Planning to Outcome Trail (PDCA) • Can Be Weak for Auditing Outcomes • Other • How To Use For Auditing ‘Risk Based Thinking’ • Follow PDCA Trail • Look at Leading Indicators for Potential of Risk Impacts to Process • Look for Risk ID, Communication & Understanding for Prevention of Occurrence • Use Comparative Sampling to Evaluate Consistency of Risk Based Thinking • Other? Prevent Control Mitigate Emergency Audit Trail
  • 31.
    Down-Stream Auditing &the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) How Do Process Owners Understand Context, Requirements, Capabilities, Regulatory, etc. and Determine Risks and Plan for Prevention Actions for Appropriate Steps of the Process Audit Trail
  • 32.
    Risk and Up-StreamAudit Approach Prevent Control Mitigate Emergency Audit Trail • What is Up-stream Auditing • Start at the End of a Process and Follow Trails to Earlier Stage of Process(s) • What Are Strengths & Weaknesses • Good for Following Trails on Adverse Process Outcomes (CAPD) • Supportive of IAF Expectations on ‘Expected Outcomes’ • Potential for Not Understanding Full Process Before Starting the Audit Trail. • How To Use For Auditing ‘Risk Based Thinking’ • Use Biased Sampling and Start with a ‘Known’ Negative Issue or Lagging Indicators Showing ‘Unintended Outcomes’ • Follow Trail Back to Planning and Decisions • How Where Potential Risk were ID, Communication & Understood • Were Appropriate Risk Decisions Applied Based On Understanding of Risk • Look for How Risk ID, Communication & Understanding will be used for Prevention of Recurrence • Note - Comparative Sampling can then be used to determine if other personnel are applying similar ‘Risk Based Thinking’ • Other?
  • 33.
    Upstream Auditing &the “Turtle “ Model ? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) If defect sent to Cust, Where did risk thinking fail?? Same Scenario if Internal Data shows an adverse issue Audit Trail
  • 34.
    Risk Case Studies •What Have We Covered? – General Discussion on Risk Theories – Risk Wording in ISO 9001:2015 Standard – Audit Strategies, Methods and Techniques Associated with Risk Based Thinking • Time to put your Auditor Hats Back On – Case Studies
  • 35.
    Downstream Auditing &the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) Audit Trail You are auditing a Company that designs and manufactures valves and other pressure related piping components for commercial industries. From the Management Interview, you find that the organization is branching out into the Chemical Processing industry which is new to the organization. You have selected a contract that is for supplying valves to a customer involved in chemical processing. During your audit of this contract you are told that the customer is looking to use these valves for a chemical process that they have not been used for in the past.
  • 36.
    Downstream Auditing &the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) During the audit you find that the customer rejected a lot of 50 valves due to lack of material certifications that were required by chemical industry codes referenced in the customer’s contract. You also find that the organizations Purchasing Department was not aware that they needed to specifically request material certifications from the supplier, but had referenced the Chemical industry codes to their supplier. Audit Trail
  • 37.
    Downstream Auditing &the “Turtle “ Model ? Checklist How? Outputs Inputs How? What Results? With Who With What? Process (Support Processes) 6.1 6.1 6.1 6.1 6.1 6.1 Plant and machinery (7.1.3) Measuring equipment (7.1.5) Tooling (7.1.3) Maintenance (7.1.3) Packaging/labelling (8.5.4) Cleanliness of premises (7.1.4) Customer property (8.5.3) Transportation (7.1.3) Customer schedule (8.2.1) Raw materials (8.4.1) Control plans (8.5.1) Work instructions (8.5.1) Preventive maintenance (7.1.3) SPC (9.1.3) Nonconforming product procedure (8.7) Dispatch process (8.6) Contingency plan (8.5.6/6.1) Document control/ records (7.5.3) Change control (8.5.6) IT (7.1.3) Human resource (7.1.2) Logistics (7.1.3) Sales (7.4) Preventive maintenance (7.1.3) Identify risks (6.1) Analysis of data (9.1.3) Customer satisfaction (9.1.2) Other Organisational objectives (6.2) Maintenance objectives (8.5) Cost of poor quality (9.1.3) Process capability (9.1) Management review (9.3) Continual improvement results (10.3) Audit records (9.2) Conforming product delivered to customer schedule (8.6) Induction/ training/competence records (7.2) Agency/ Contract labour (7.3/8.4) Job responsibilities/ authorities (5.3) Training effectiveness (7.2) SPC awareness (7.2) Personnel safety (7.1.4) Awareness of policy / objectives (5.2.2) Manufacturing Process (8.5) In review of Inspection data from the weekly Manufacturing Department report, you see an increasing trend of workmanship nonconformances and scrap dispositions. In follow-up questions, you find that no apparent changes are being made to the manufacturing process. Audit Trail
  • 38.
    What’s Next • Understandingthe Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle • Educate Yourself on the Broadness of Risk Applicability in a QMS • Develop Sensible But Meaningful Approaches to Auditing Risk • Auditing Homework • Get Comfortable with the Risk Wording in the Standards • Develop Concepts On Audit Strategy & Planning • Determine Approaches for Auditor/Auditee Engagements • Down Stream & Up stream Audit Paths • Comparative & Biased Sampling • Ask Questions We Always Learning
  • 39.