Post on 20-Jan-2016
description
transcript
Risk-Based Supplier Assurance
A Missing KeyTo Enhanced Supplier Quality Program Success
Quality Assurance and Risk Management Services, Inc. Robert J. Navarro, President & CEO
A.A. Flippen, Director, Systems Engineering
University of Bradford, UK School of Engineering, Design & Technology
Chakib Kara-Zaitri, PhD, Senior Lecturer in Risk & Reliability
September 28, 2008
2
Presentation Objectives
• Quality & Risk Management Process Today
• Where We Want to Be
• How Do We Get There?
• Case Study
• Summary
3
• Quality System Elements– Management responsibility– Purchasing / Supply chain management– Product realization– Control of non-conforming products– Etc.
Quality Community
You Are Here
Where We Are Today
4
Where We Are Today
NPR 8000.4 Agency Risk Management Procedural Requirements
- Includes supply chain risk
Risk ManagementCommunity
“They” Are There
Supplier Quality
Community
5
Where We Want To Be
• Integration of Quality and Risk Management– Current focus of this initiative on supply chain QA management– Supplier QA risks typically reported in supplier audit reports
• Transformation of quality audit deficiencies into a risk management framework
• Systematic reporting of supply chain risks as part of the program/project management councils (PMCs)
Risk ManagementCommunity
6
An Approach for Integration
• Program/Project risk management is governed by the NASA Risk Management Policy NPR 8000.4
– Includes the Continuous Risk Management (CRM) Process– The CRM process requires program/project risk management
plans to provide definitions for likelihood and consequence ratings
• Apply these definitions to each supplier audit finding
• Map results in the traditional 5X5 Risk Reporting Matrix
• Report significant supply chain QA results as part of an integrated reporting process at program/project PMCs
How Do We Get There?
7
Likelihood & Consequence 5X5 MatrixL
ike
liho
od
Consequence
Likely to Occur
Probably
May Occur
Unlikely to Occur
Improbable
Very Low Mod High VeryLow High
Case Study
8
DefinitionsLikelihood
A. Likely to occur (e.g., probability > 0.1)B. Probably will occur (e.g., 0.1 > probability > 0.01)C. May occur (e.g., 0.01 > probability > 0.001)D. Unlikely to occur (e.g., 0.001 > probability > 0.000001)E. Improbable (e.g., 0.000001 > probability)
ConsequenceVery High -- A condition that may cause death or permanently disabling injury,
facility destruction on the ground, or loss of crew, major systems failure, or vehicle during the mission
High -- A condition that may cause severe injury or occupational illness, or major property damage to facilities, systems or major impact to project schedule
Moderate -- A condition that may cause minor injury or occupational illness, or minor property damage to facilities, systems or minor impact to project schedule
Low -- A condition that could cause the need for minor first aid treatment but would not adversely affect personal safety or health, damage to facilities, equipment, or flight hardware
Very low -- Minimal or no consequences
Case Study, cont’d
9
Case Study, cont’d
An audit was completed for Supplier A. Selected results:
F1. Supplier A does not have a defined receiving inspection process to systematically:
– Verify the conformity of purchased products and services– Provide a traceable record of conformity including who, when, how,
and to what criteria, conformity was verified
Project RiskPurchased products may not meet technical requirements, and may have no traceable record of conformity to requirements. Failures could occur downstream and result in costly delays.
Consequence High - A condition that may cause severe injury or occupational illness, or major property damage to facilities or systems or major impact to project schedule
Likelihood C - May occur
10
Case Study, cont’dTransformed Supplier Risk
Supplier “A” Risk Report
Lik
elih
oo
d
Consequence
F1
Likely to Occur
Probably
May Occur
Unlikely to Occur
Improbable
Very Low Mod High VeryLow High
11
F2. While performance history is cited as a basis for approving suppliers, there appears to be no defined process for reporting supplier deficiencies that could affect supplier approval status.
Project RiskRepeat problems with subcontracted and/or purchased products. Initial supplier deficiencies may not be recorded and/or addressed with appropriate controls.
Consequence Moderate - A condition that may cause minor injury or occupational illness, or minor property damage to facilities, systems or minor impact to project schedule.
Likelihood C - May occur
Case Study, cont’d
12
Lik
elih
oo
d
Consequence
F2 F1
Likely to Occur
Probably
May Occur
Unlikely to Occur
Improbable
Very Low Mod High VeryLow High
Case Study, cont’dTransformed Supplier Risk
Supplier “A” Risk Report
13
F3. It appears that there is no defined process for reviewing controlled documents to determine whether updating is needed.
Project RiskIncorrect builds, tests and inspections could occur due to use of outdated material and process specs, and manufacturing and QA work instructions. Consequence High - A condition that may cause severe injury or occupational illness, or major property damage to facilities, systems or major impact to project schedule
Likelihood B - Probably will occur
Case Study, cont’d
14
Lik
elih
oo
d
Consequence
F3
F2 F1
Likely to Occur
Probably
May Occur
Unlikely to Occur
Improbable
Very Low Mod High VeryLow High
Case Study, cont’dTransformed Supplier Risk
Supplier “A” Risk Report
15
Summary
• Supplier risks can and should be integrated into the NASA risk management program defined in NPR 8000.4 (new revision in NODIS review)
• A systematic and practical risk-based supplier QA process can be applied– Integrated quality and risk management
• Supply chain risks are a critical element of the integrated project risk profile
• Next steps– Field testing for practicality – Program and project feedback
16
Where We Want To Be
Risk ManagementCommunity
Supplier Quality
Community
Contact
RNavarro@QAandRM.com
Chakib@NTLworld.com