Risk is mentioned throughout the AS9100 Rev D standard and risk-based thinking (RBT) is employed in many of its requirements. RBT is first introduced in clause 0.3.3, explaining the general concept and application. The specific requirements concerning risk include 6.1 Actions to Address Risks and Opportunities and 8.1.1 Operational Risk Management.
RBT is essential for a successful quality management system. RBT involves consideration of potential effects, which may result in outcomes that deviate from what is expected. By adopting RBT you will be able to plan ahead and take actions to prevent undesired events, such as a nonconformity, from occurring.
Actions to Address Risks and Opportunities
A risk can be positive or negative. Addressing a risk could mean pursuing an opportunity. Examples of opportunities include pursuing a new customer, product or technology.
Risks and opportunities are present in every process. Using RBT, organizations can plan for these potential risks or opportunities and take actions before they occur to control or prevent their effects. When planning for your quality management system, you are required to determine what your risks and opportunities are, plan the actions to take for addressing these risks and opportunities, and evaluate the effectiveness of the actions taken.
Operational Risk Management
Operational risks are those that may negatively impact a process, product, service, customer or end user. In order to meet the requirements around operational risks, you must have a process for how these will be managed. That process must be documented in a risk management procedure and needs to include,
- Assignment of responsibilities,
- Criteria for accessing risk,
- Management of actions to address risk,
- Acceptance of remaining risk after actions have been taken,
- Identification, assessment and communication of risk.
Risk is generally expressed in terms of likelihood and severity within the aviation, space and defense industries. A risk matrix accesses the degree of a risk based on these two factors. Accessing risk using this criterion will help you to determine which risks should be addressed.
ARP 9134 Risk Guidance Standard provides guidelines for supply chain risk management and can be a helpful tool for an organization needing to establish a risk management process.