RISK ASSESSMENT & MANAGEMENT

HE/PRO/07

RISK ASSESSMENT & MANAGEMENT PROCEDURE AS OPERATED FOR ACTIVITIES CARRIED OUT
AT HITEK ENGINEERING FZCO, NATIONAL INDUSTRIES PARK, JEBEL ALI, DUBAI, UAE

01 28/04/2018 Amended to address API audit finding Vimal Sison Hisham

00 07/06/2017 Issued for review Vimal Natarajan Hisham
REV DATE DESCRIPTION PREPARED REVIEWED APPROVED

HE/PRO/07 Page 1 of 7
 REVISION RECORD

REV DESCRIPTION DATE

00 Issued for review & approval 07/06/17
01 Revised to address API Audit Findings 28/04/18

HE/PRO/07 Page 2 of 7
 TABLE OF CONTENTS

SECTION TITLE PAGE #

-- Revision Record 02
-- Table of contents 03
1.0 Purpose 04
2.0 Scope 04
3.0 Responsibilities 04
4.0 Definitions/Abbreviations 04
5.0 Focus 05
6.0 Risk Assessment & Management 05
7.0 Risk Identification 06
8.0 Risk Analysis 06
9.0 Risk Treatment 06
10.0 Risk Assessment Output 06
11.0 Risk Assessment Effectiveness Monitoring 07

HE/PRO/07 Page 3 of 7
1.0 PURPOSE
The purpose of this procedure is to identify and control risk associated with impact on delivery
and quality of product. To identify the techniques, tools and their application for risk
identification, assessment, and mitigation.

2.0 SCOPE
This procedure is applicable to all the following systems and standards,
 ISO 9001:2015
 API Spec Q1, 9th Edition
 API 6A
 API 16A
 API 5CT
 API 7-1

3.0 RESPONSIBILITIES
 It shall be the responsibility of the Quality Manager to prepare the risk related records
pertaining to QMS.
 It shall be the responsibility of all discipline supervisors to carry out the risk assessment
pertaining to their relevant areas.

4.0 DEFINITIONS / ABBREVIATIONS:

 Residual Risk:
The degree of risk remaining for each hazard after all controls is in place and maintained.
 Likelihood:
The possibility that a consequence will occur.
 Risk:
Combination of the likelihood of an event and the consequences of that event, should it
occur.
 Risk assessment:
Overall process of risk identification, risk analysis and risk evaluation
 Risk evaluation:
Process of comparing the results of risk analysis with risk criteria to determine whether the
risk and /or its magnitude are acceptable or tolerable
 Risk analysis:
Process to comprehend the nature of risk and to determine the level of risk
 Risk management:
Systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context, and identifying, analyzing, evaluating,
treating, monitoring and reviewing risk.

HE/PRO/07 Page 4 of 7
5.0 FOCUS
Risk can be associated with any Quality Management System element. The primary focus of the
Risk Assessment and Management process is to identify risk related to:
 Delivery of the product
 Quality of the product

5.1 Risk assessment for product delivery

5.1.1 The below requirements are the activities are considered for performing risk assessment with
respect to product delivery:
 Determination of capacity of all the production process such as facility / equipment
availability
 Breakdown / Preventive maintenance process.

5.2 Risk assessment for product quality

5.2.1 The below requirements are the activities are considered for performing risk assessment with
respect to product quality:
 Rejection & rework details related to Internal, Supplier, Sub contractors and Customers.
 Availability of competent personnel.

6.0 RISK ASSESSMENT & MANAGEMENT

6.1 Hitek has established a Risk Assessment and Management process that systematically identifies
analyses and evaluates the risk of all applicable processes, systems, information, people, assets,
suppliers and other resources that support them.
6.2 Hitek has established a Risk Assessment and Management process that systematically identifies
analyses and evaluates the risk of all applicable processes, systems, information, people, assets,
suppliers and other resources that support them.
6.3 Risk assessment provides a structured process for analyzing risk in terms of consequences and
likelihood before deciding on further actions.
This structured process attempts to answer some fundamental questions:
 What may happen and why (risk identification)?
 What might be the consequences?
 What is the likelihood of them happening? And
 Is there anything that might mitigate the consequences or reduce the likelihood
6.4 Listed below are the processes for which Risk Assessment and Management is developed and
documented.
 Human Resource
 Sales and Marketing
 Purchase
 Design and Development
 Production / Operation / Machine shop / Valve Shop / Fabrication
 Quality Assurance and Quality Control

HE/PRO/07 Page 5 of 7
  Stores
 Maintenance

6.5 Cross Functional Team

The cross functional shall be present while doing the risk assessment. The input shall be given by
CFT to perform the risk analysis.

7.0 RISK IDENTIFICATION

7.1 Risk identification process involves finding, recognizing and describing the risk. It could be a
historical data or theoretical analysis which involves identification of risk sources, events, causes
and their potential consequences which delay the original objectives.

7.2 Risks identified on Enquiry/Order Review form HE-Doc-07 r2 shall be filled in for each risks with
comment/s elaborated if needed on the form or on additional sheets as required.

8.0 RISK ANALYSIS

8.1 Risk analysis involves analyzing the nature of risk and determining the level of risk associated
with the relevant activity. In the Risk Assessment and Management process, the Risk Assessment
Matrix is used for analyzing the impact. Risk analysis provides an input to risk evaluation and to
decisions on whether risks need to be treated, and on the most appropriate risk treatment
strategies and methods.
8.2 Risk analysis also provides an input into making decisions where choices must be made and the
options involve different types and levels of risk. Risk analysis involves consideration of the
causes and sources of risk, their positive and negative consequences, and the likelihood that
those consequences can occur. Factors that affect consequences and likelihood are identified.
Risk is analyzed by determining consequences and their likelihood, and other attributes of the
risk.
8.3 Based on the level of severity and probability, the level of impact is finalized

9.0 RISK TREATMENT

9.1 Risk treatment involves selecting one or more options from modifying risks, and implementing
those options that involves a cyclical process of,
9.1.1 Assessing a risk treatment
9.1.2 Deciding whether residual risk level are tolerable
9.1.3 If not tolerable, generating a new risk treatment and assessing its effectiveness.
9.1.4 Further, activities’ pertaining to the criteria determined from risk analysis is called as significant
which requires proper action plan.
 Avoiding the risk by deciding not to start or continue with the activity that gives rise to the
risk
 Taking or increasing the risk in order to pursue an opportunity
 Removing the risk source
 Changing the likelihood
 Changing the consequences
 Sharing the risk with another party or parties (including contracts and risk financing) and
 Retaining the risk by informed decision

HE/PRO/07 Page 6 of 7
10.0 RISK ASSESSMENT OUTPUT
10.1 The output of risk assessment is used as an input for contingency planning and also the same is
considered in working corrective and preventive actions.

11.0 RISK ASSESSMENT EFFECTIVENESS MONITORING

11.1 The Risk assessment effectiveness review will be carried out every six months for all the relevant
processes and the records maintained with necessary action plans. Re-evaluation is done on a
need basis, process changes, and customer requirement or changes to quality and delivery
requirement.

HE/PRO/07 Page 7 of 7