Enter the risk score you want to trigger mandatory mitigation actions (flags risks as RED): 25.

0
Enter the risk score you want to trigger optional mitigation actions (flags risks as YELLOW): 15.0
Enter the opportuity score you want to trigger mandatory pursuit plans: 5.0

Enter a value that presents an insignificant cost if a risk occurs: $ 5,000.00

Enter a value that presents a significant cost if a risk occurs: $ 10,000.00
Enter a value that represents a very high cost if a risk occurs: $ 50,000.00

NOTE: the sheets in this file are all protected to prevent accidental breakage of the formulas and formatting.
To unprotect any individual sheet, go to the REVIEW menu and select UNPROTECT SHEET.
There are no passwords. Please be careful however, as tampering with the sheets can cause
the entire COTO Log to stop working.
 Enter your List of Processes:

All Processes
Process 1
Process 2
Process 3
Process 4
Process 5
Process 6
Process 7
Process 8
Process 9
Process 10
Etc (add more entries as needed; delete any ununsed sample entries above.)
Context of the Organization

COTO LOG
Form Rev

Parties Tab: List your stakeholders (those companies or persons who have an
impact on your products, services, and QMS, or those who may be impacted by
them.)

Issues Tab: List the issues and requirements of each Party, and flag them as risks,
opportunities, or both ("mixed").

Risk Register: Use this sheet to rank risks and identify those that need management
attention and mitigation plans.

Opportunity Register: Use this sheet to rank opportunities and identify those that
are worthy of pursuit.
 Interested Party Int / Ext
Certification Body External
Customer External
Employees Internal
Top Management Internal
Suppliers External
Attorney Internal
CPA Internal
Investors Internal
Labor Union Representatives External
Local Community External
Parent Company Internal
Product End User External
Public External
Regulatory Bodies External
Staffing Agencies External
 COTO Log: Interested Parties List
Reason for Inclusion
Audits us for QMS certification compliance, issue certifications
Purchases our products and services
Directly responsible for manufacture of products, delivery of service These are fixed, as they re
Has direct responsibility for management of the company
Provide our raw materials and critical support services
Provides legal services
Provides accounting services and annual financial reviews
Concerned with financial health of the company
Interfaces with management and labor union
Impacted by our activities in the region
Concerned with financial health of the company
These are suggested addi
End user of our products and services
Receive some products
Mandate regulatory requirements
Provide candidates for hiring - conduct initial vetting of candidates
These are fixed, as they represent your minimum interested parties

These are suggested additional interested parties.

 Issues of Concern

COTO Log: Issues List

Ln Interested Party Issues, Concerns or Requirements Type of Issue Bias Treatment Method Notes
1 Attorney Concerned with company's legal compliance Internal Risk Other (enter at right) Maintain legal compliance through advice by counsel
2 Certification Body Level of compliance to ISO 9001 External Mixed Add to register
3 CPA Concerned with company's accounting practices Internal Risk Other (enter at right) Undergo regular financial audits
4 Customer Expect high quality services External Risk Add to register
5 Customer Expect on time delivery External Risk Add to register
6 Customer Could be source of referrals to new customers External Opportunity Add to register
7 Customer Flows down their QMS requirements External Risk Add to register
8 Customer If happy, could award follow-on contracts External Opportunity Add to register
9 Employees Expect to be compensated Internal Risk Add to register
10 Employees Expect satisfactory facilities / equipment Internal Risk Add to register
11 Employees Expect appropriate training Internal Risk Add to register
12 Regulatory Bodies Must comply with all regulations and statutes External Risk Add to register
13 Suppliers Expect to be paid promptly External Risk Add to register
14 Suppliers Require clearly defined requirements External Risk Add to register
15 Suppliers Supplier performance impacts on our reputation External Mixed Add to register
16 Top Management Company must remain financially healthy Internal Risk Add to register
17 Top Management QMS processes must be efficient Internal Risk Add to register
18 Top Management Concerned with growth of company Internal Risk Add to register
19 Top Management Company must maintain sufficient staff Internal Risk Add to register
20 Top Management Requires reliable equipment and facilities Internal Risk Add to register
21 Top Management QMS process risks must be adequately addressed Internal Risk Add to register
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 Issues of Concern
50
51
52
53
54
55
56
57
58
59
60
61
Ln Interested Party & Issue
(From prior tabs)

1 Certification Body: Level of compliance to AS9100 [External]

2 Customer: Expect high quality services [External]
3 Customer: Expect high quality services [External]
4 Customer: Expect high quality services [External]
5 Customer: Expect high quality services [External]
6 Customer: Expect high quality services [External]
7 Customer: Expect high quality services [External]
8 Customer: Expect high quality services [External]
9 Customer: Expect high quality services [External]
10 Customer: Expect high quality services [External]
11 Customer: Expect high quality services [External]
12 Customer: Expect high quality services [External]
13 Customer: Expect high quality services [External]
14 Customer: Expect high quality services [External]
15 Customer: Expect high quality services [External]
16 Customer: Expect high quality services [External]
17 Customer: Expect high quality services [External]
18 Customer: Expect high quality services [External]
19 Customer: Expect high quality services [External]
20 Customer: Expect on time delivery [External]
21 Customer: Expect on time delivery [External]
22 Customer: Flows down their QMS requirements [External]
23 Employees: Expect to be compensated [Internal]
24 Employees: Expect appropriate training [Internal]
25 Employees: Expect appropriate training [Internal]
26 Regulatory Bodies: Must comply with all regulations and statutes [External]
27 Suppliers: Expect to be paid promptly [External]
28 Suppliers: Require clearly defined requirements [External]
29 Suppliers: Require clearly defined requirements [External]
30 Suppliers: Supplier performance impacts on our reputation [External]
31 Suppliers: Supplier performance impacts on our reputation [External]
32 Suppliers: Supplier performance impacts on our reputation [External]
33 Top Management: Company must maintain sufficient staff [Internal]
34 Top Management: Company must maintain sufficient staff [Internal]
35 Top Management: Company must maintain sufficient staff [Internal]
36 Top Management: Company must maintain sufficient staff [Internal]
37 Top Management: Company must maintain sufficient staff [Internal]
38 Top Management: Company must maintain sufficient staff [Internal]
39 Top Management: Company must maintain sufficient staff [Internal]
40 Top Management: Company must maintain sufficient staff [Internal]
41 Top Management: Company must maintain sufficient staff [Internal]
42 Top Management: Company must maintain sufficient staff [Internal]
43 Top Management: Company must maintain sufficient staff [Internal]
44 Top Management: Company must maintain sufficient staff [Internal]
45 Top Management: Concerned with growth of company [Internal]
46 Top Management: Concerned with growth of company [Internal]
47 Top Management: Concerned with growth of company [Internal]
48 Top Management: Concerned with growth of company [Internal]
49 Top Management: Concerned with growth of company [Internal]
50 Top Management: QMS process risks must be adequately addressed [Internal]
51 Top Management: QMS process risks must be adequately addressed [Internal]
52 Top Management: QMS process risks must be adequately addressed [Internal]
53 Top Management: QMS process risks must be adequately addressed [Internal]
54 Top Management: QMS process risks must be adequately addressed [Internal]
55 Top Management: QMS process risks must be adequately addressed [Internal]
56 Top Management: QMS process risks must be adequately addressed [Internal]
57 Top Management: QMS process risks must be adequately addressed [Internal]
58 Top Management: QMS process risks must be adequately addressed [Internal]
59 Top Management: QMS process risks must be adequately addressed [Internal]
60 Top Management: QMS process risks must be adequately addressed [Internal]
61 Top Management: QMS process risks must be adequately addressed [Internal]
62 Top Management: Company must remain financially healthy [Internal]
63 Top Management: QMS process risks must be adequately addressed [Internal]
64 Top Management: QMS processes must be efficient [Internal]
65 Top Management: QMS processes must be efficient [Internal]
66 Top Management: QMS processes must be efficient [Internal]
67 Top Management: Requires reliable equipment and facilities [Internal]
68 Top Management: Requires reliable equipment and facilities [Internal]
69 Top Management: Requires reliable equipment and facilities [Internal]
70 Top Management: Requires reliable equipment and facilities [Internal]
71 Top Management: Requires reliable equipment and facilities [Internal]
72 Top Management: Requires reliable equipment and facilities [Internal]
73 Top Management: Requires reliable equipment and facilities [Internal]
74 Top Management: Requires reliable equipment and facilities [Internal]
75 Top Management: Requires reliable equipment and facilities [Internal]
76 Top Management: Requires reliable equipment and facilities [Internal]
77 Top Management: Requires reliable equipment and facilities [Internal]
78 Top Management: Requires reliable equipment and facilities [Internal]
79 Top Management: Requires reliable equipment and facilities [Internal]
80 Employees: Expect satisfactory facilities / equipment [Internal]
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
COTO Log: Risk Register

Specific Risk

Loss of ISO 9001 certification

We provide poor post-delivery support, harming our reputation
Equipment failure impacts on product quality/delivery, escape to customer
Calibrated device found to be out of tolerance, forces recall
Loss or damage to customer/supplier property (physical)
Insufficient inspection leads to quality escapes to customer
Cross contamination during manufacture lead to quality escapes to customer
Product damaged during internal handling - escaped to customer
FOD left in product, caught at Final Inspection
FOD left in product, escape to customer
FOD damage, caught at Final Inspection
FOD damage, escape to customer
Improper packaging results in shipping damage, discovered by customer
Poor quality outside processing, escape to customer
Poor raw material leads to quality problems, escape to customer
Lack of procedures leads to quality escapes to customer
Employees ignore job documents; leads to quality escapes to customer
Customer delivery requirements on their PO reduce quoted leadtimes; customer delivery dates may not be kept.
Volume of order very high; capacity of production equipment would be exceeded.
Customer pulls in delivery date, we can't meet adjusted date
Raw materials are ordered late, putting delivery at risk
We can't comply with customer QMS requirements
Failure to make payroll
Our training is inadequate, operators cannot perform work well
Training is not provided at all, operators cannot perform work well
Quality escape not reported to regulators
Inability to pay suppliers
Failure to notify vendor of rush job requirements
Errors in outgoing Purchase Orders lead to supplier mistakes
Pandemic affects suppliers' ability to satisfy our requirements
Our supplier's reputation harms our own reputation in some way
Supplier availability limited, risks late delivery or other problems
Pandemic leads to staffing issues, inability to satisfy contract requirements
Implementing pandemic-related social distancing in manufacturing areas is problematic
Lack of workplace health controls for pandemic (barriers, etc.) could lead to employee infection
Lack of workplace PPE controls for pandemic could lead to employee infection
Loss of single key employee
Difficulty in finding candidates for hiring leads to limits on capabilities
Production employee lost for =< 3 business days; jeopardy to production/delivery schedule.
Key production department employee becomes unavailable >= 3 business days; loss of production capacity and process
knowledge.
Key inspection employee becomes unavailable >= 3 business days; loss of inspection and shipping capabilities.
Increase in production volume exceeds personnel resources; existing personnel unable to maintain production volume.
Key mgmt employee lost for =< 3 business days; jeopardy to production/delivery schedule.
Key mgmt employee lost for >= 3 business days; jeopardy to production/delivery schedule.
Taking on customers without proper vetting leads to problems
Loss of top tier customer could impact on revenue suddenly
Lack of diverse customer base leads to stagnation / lack of work
Variable costs by suppliers limits our ability to calculate profit
Pricing higher than competition; loss of business opportunity.
Internal audits fail to identify QMS nonconformities.
CAs not processed properly, resulting in poor processes
Lack of proper contract review results in failure to comply with customer requirements.
Errors in quotes lead to loss of time or profit during execution of the work
Product arrives damaged due to carrier mishandling
Suppliers provide poor quality products, delay our operations
Suppliers provide poor quality products, escape to customer
We utilize suppliers without proper evaluation
Management sets unrealistic process objectives
Process objectives routinely do not meet assigned goals
Inadequate staffing levels
Inadequate equipment or infrastructure
Inadequate financial resources lead to quality or schedule issues
One or more processes fail to meet KPI or process objectives
Process metrics are not sufficiently related to customer expectations
External audits reveal serious process nonconformities
Poor machine scheduling leads to inefficient operations
Employee theft of equipment or materials
Poor equipment, facilities risk safety of employees
Poor equipment, facilities make it harder for employees to satisfy quality
Fire
Theft, break-in / loss of equipment or product
Extreme weather event leads to company shutdown of > 24 hours
Hack / virus / ransomware / phishing scams
IT: loss of records backup
IT: Catastrophic server failure
Inadequate machine availability; jeopardy to production/delivery schedule
Power failure for < 1 day; jeopardy to production / delivery schedule.
Power failure for 1-3 days; jeopardy to production / delivery schedule.
Power failure for > 3 days; jeopardy to production / delivery schedule.
Lack of appropriate inspection equipment causes defects.
 Probability (of risk occurring)
Main Process Prob.
Affected Likelihood Previous Occurrences Rating

All Processes
 Consequence (if risk is encountered)
Potential Loss of Potential Inability to
Potential Risk to Human Potential Violation of Impact on Company
Customer or Entire Satisfy Immediate Job or
Contract Order Health Regulations Reputation
 Detectability
Cons. Det. Risk Factor
Est. Cost of Correction / Rating Rating
Ability to detect the risk (Prob x Cons x Det)
Financial Penalty
 Mitigation Plan
(Required for risk factors >=25,
suggested for risk factors between 15 and 25)
Ln Interested Party & Issue
# (From prior tabs)

1 Customer: Could be source of referrals to new customers [External]

2 Customer: If happy, could award follow-on contracts [External]
3 Certification Body: Level of compliance to AS9100 [External]
4 Suppliers: Supplier performance impacts on our reputation [External]
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
COTO Log: Opportunity Register

Specific Opportunity

We can develop ways to ensure current customers refer us to new customers

We can increase efforts to have current customers increase their orders or work with us
We obtain / retain ISO 9001 certification
We must work to help suppliers improve, so that we improve
 Probability (of achieving the opportunity)
Main Process Prob.
Affected Likelihood Previous Occurrences Rating

All Processes
 Benefit (if opportunity is encountered)

Potential for New Potential Expansion of Potential improvement Potential improvement

to internal QMS
Business Current Business in satisfying regulations processes
ered)
Ben. Rating Opp Factor
Improvement to Potential Cost of (Prob x Ben)
Company Reputation Implementation
 Number of active improvement activities: 0

Opportunity Pursuit Plan

(suggested for Opp Factors >=5) Status
May reference external planning document
Post- Implementation
Success?
 OPPORTUNITY LIMIT: RISK RATING LIMIT: Type Priority Bias
5.0 25.0 External Emergency Risk
RISK CONSIDERATION LIMIT Internal High Opportunity
15.0 Medium Mixed
Low

Opportunity Trend Data

Number Open Improvement Initiatives 0
Number Closed Improvement Initiatives 0
Total Improvement Initiatives to Date 4
Opportunity Failed 0
Opportunity Abandoned 0
Met some expectations 0

Met all expectations 0

Exceeded expectations 0

Risk Trend Data

Total risks processed 60

Total risks requiring action 0

Total risks suggesting action 60
Total risks accepted without action 0
 Action Likelihood Occurrences Potential
Add to register Cannot occur / not applicable Has never occurred. None / NA
Other (enter at right) Unlikely to occur Has not occurred in past 10 years. Minor
Somewhat likely to occur Has occurred in past 10 years. Moderate
Likely to occur Has occurred in past 5 years. High
Very likely to occur Has occurred in past year. Very High
 Violation correction reputation cost of opp reputation score Success
None / NA $ 0 or N/A None > $ 50000 No impact / NA 1 Opportunity Failed
Unlikely < $ 5000 Minimal > $ 10000 Minimal impact 2 Opportunity Abandoned
Possible < $ 10000 Moderate < $ 10000 Moderate impact 3 Met some expectations
Very likely > $ 10000 Severe < $ 5000 Good impact 4 Met all expectations
Legal Risk > $ 50000 Very severe $ 0 or N/A Great impact 5 Exceeded expectations
 detectability detscore
Always detected / NA 1
Easy to detect 2
Somewhat easy to detect 3
Difficult to detect 4
Impossible to detect 5

,
suggeste
d for risk for risk factors >=
(Required
factors
between
(Required for risk factors >=25,
suggested for risk factors between 15 and 25)

Opportu
nity
Pursuit
Plan
(suggest
ed for
Opp
Factors
>=

)
May
referenc
e
external
planning
documen
t
(suggested for Opp Factors >=5)
May reference external planning document