Professional Documents
Culture Documents
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
Revision History
Page 1 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
1. Purpose
The planning of QMS risk process to give assurance that the QMS can achieve its intended results,
enhance effects, prevent or reduce undesired effects and achieve Improvement.
The risk management process for managing the operations risk to the achievement of applicable
requirements to the organization products and services.
2. Scope
This procedure is applicable to all Processes, Projects, Products, Customers, Suppliers, Contracts managed
at MSA Global Technology & Engineering Pvt. Ltd.
Terms Definitions
Risk An undesirable situation or circumstance that has both a likely hood of
occurring and a potentially negative consequence.
Significant Risk Any medium level risks for which controls have been assessed at less than
adequate any risk assigned a level of high and the severity
Risk Assessment The overall process of the risk identification risk analysis and risk evaluation.
Risk Identification The process of finding, recognizing and describing risks.
Risk Analysis A process to comprehend the nature of the risk and to determine the level
of the risk.
Risk Criteria The terms of reference against which the significance of risk evaluated.
Risk Evaluation The process of comparing the results of risk analysis with risk criteria to
determine whether the risk and/or is magnitude are acceptable to
tolerable.
Risk Mitigation A plan developed with the intent of addressing all known or possible risks
and preventing their occurrence.
SWOT Strength, Weakness, Opportunity, and Threat
Severity The outcome of an event affecting objectives (for the purpose of this
process consequence shall be used in the context of having a negative
effect on objective).
FMEA Failure Mode Effects Analysis
Page 2 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
4. Responsibility
Function Responsibility
MR Maintain the QMS risk management process
Process owner Ensure the risk management activities are performed
throughout the life cycle of any work effort (i.e., customers,
contracts, suppliers, products process etc.)
Use, and maintain the risk management procedure
Ensure that the risk management process is communicated and
integrated throughout the organization and that risk are
identified managed and monitored in accordance with this
procedure
Ensure that adequate resources from all necessary disciplines
are allocated to support this procedure
Ensure the risk treatment strategies and developed
implemented and controls maintained
Risk owner Drive respective risks to closure
Top management Ensure that adequate resources are allocated to support the risk
management process
5. Process Approach
Resources
Responsibilities
Risk register
Stake holders
Inputs Outputs
RAMP
Internal and external issues Risk register, FMEA
Stake holder and their Contract Review
requirements Supplier Approval
Controls Metrics
Internal Audit No .of unpredictable risk
Management Review
Page 3 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
6. Process Flow
7. Process Description
7.1 Risk Context
a) Organizational Contexts: internal and external issues that are relevant to the purpose and the
strategies direction to the organization and which affect the intended results of QMS are
identified through risk register.
b) External Context: while there are several categories of risk associated with manufacturing
including strategic, financial, and suppliers operational. Customers are generally connected with
the operational risk associated with quality and schedule performance requirements of the
products they purchase. This procedure will focus on the significant risks to meet those
requirements, special requirements and/or other risks will be determined from information
flowed via contract or in consultation with other stakeholders.
c) Internal Context: This process is intended to provide a plan for managing the significant risks to
achieve quality, schedule, and cost requirements associated with the manufacture and delivery
of products in accordance with customer and/or regulatory requirements this process shall
support the MSA Global quality policy and assist in achieving established quality objectives.
7.2 Risk Management Context
QMS
Page 4 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
Operation
New products
New customers
New orders
New suppliers
Once in a year
b. The following table defined the various risk planning and management process
Product and process New products new processes Production /PPC/ FMEA,
risk new technology and its Engineering Product Safety
development stage Register, Operational
Risk Register, PO
Review Checklist
c. This procedure should be used in conjunction with other established procedures and process
throughout the organization, such as sales quotation, contract review, production planning,
purchasing, manufacturing and acceptance to provide an integrated plan for managing risk
throughout product realization.
Page 5 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
d. For the purpose of this process, the components of risk shall be identified as follows
A potential risk (or existing issues i.e., internal issues and external issues opportunities)
b. The level of probability (likelihood) element shall be determined using the criteria specified in the
below table. Probability (likelihood) should be determined by evaluating the information both
current and historical or by estimating of occurrence using experience and judgement.
1 Not likely (remote) Externally unlikely. May only occur in exceptional circumstance has
never occurred before
2 Low like hood Unlikely to occur or re-occur but possible occurred less than once per
(occasional) Annum
3 Likely (probable) May occur/or re-occur but not definite has previously occurred once
or twice per annum
4 High likely (frequent) Will probably occur/ re occur has happened several times per annum
5 Near Certainty (often) Continuous exposure to risk has happened before regularity and
frequently
Page 6 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
c. The level of severity (consequences) element shall be determined using the criteria specified in
the below table. While cost has been included in these criteria and should be considered in the
quotation and estimation stages the inclusion of cost criteria should be evaluated for the use
afterward of contract
Severity (Consequences)
Level Product quality process intended results Delivery schedule Cost effect
2 Minor (marginal) requires significant Minor impact internal Cost increase of <5%
rework /reprocess/replacement to bring schedule slip still able to
into full conformity meet original schedule and
quality
3 Moderate. (critical) Extensive rework or Require minor schedule Cost increase of <5%
remake cannot be reworked to meet (<30 days) or quality
conformity/requirements requires concession from customer
customers concession/approval to “use as
is”
Page 7 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
d. The overall risk score is determined using risk score matrix and is assigned a level of low medium
or high
RISK Consequence
MATRIX
1 2 3 4 5
1 L L L L H
2 L L M M H
Likelihood
3 L M M H H
4 L M H H H
5 L H H H H
2.Risk related as medium –existing controls must be like evaluate for effectiveness for controls assessed
3.Risk rates in the high (red) category shall require risk treatment and/or further analysis
4.Irrespective of risk score if the consequence value is 5 and above must be treated with a plan
Risk Mitigation process for controlling the risk to prevent or reduce undesired effects.
Risk mitigation involves the cyclical process of
Once the risk has been identified, must be analysed in terms of their probability
(likelihood) to occur and the severity (Consequences) of their occurrence. This is
accomplished using the probability and severity criteria charts established as explained
above.
Each risk shall be assigned a probability level and severity level score these will be used to
evaluate the overall risk assessment score which in turn will determine further action.
Using the score developed in the risk analysis, enter the risk assessment scoring chart at the
appropriate levels of probability and severity to obtain the overall risk assessment score. This
will correspond to one of the three overall levels of risk low(yellow), moderate(purple), high
(red).
For risk scoring in the low (yellow) category risk treatment is not required monitor and review for
future treatment.
For risk scoring in the medium (purple) category exists controls must be evaluated for effectiveness
for controls assessed to be less than “adequate” further risk treatment is required for controls
assessed to be only “adequate” evaluate for further risk treatment.
All-risk scoring in the high (red) category shall require risk mitigation and/or further analysis.
Irrespective of risk score if the consequence value 5 and above must be treated with the plan.
a. selecting the most appropriate mitigation options involves balancing the cost of
implementation against the benefits derived.
b. In general, the cost of managing risk need to be commensurate with the benefits
obtained. when evaluating the cost versus benefits, it is important to consider all costs
direct and indirect and all benefits whether tangible or intangible.
c. If budgetary constraints exist, the mitigation plan should clearly specify the priority order
in which mitigation should be implemented, considering the full impact of not acting
against any cost saving.
Page 9 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
d. If after mitigation plan implementation, residual risk remains then it should be evaluated,
and a decision should be made about whether to retain this risk or repeat the risk
mitigation process.
a. The purpose of the mitigation plan is to document how the chosen potions will be
implemented, the plan is documented in risk register which contains a minimum of the
followings,
Assigned responsibilities
b. Mitigation plan should be integrated with the applicable QMS processes and the same will
be implemented as above.
c. As a part of QMS risk planning opportunities are also identified during the SWOT analysis
the same is captured in the risk register.
a. In MRM, review of the risks and mitigation are discussed and if any further action
required, shall be implemented.
b. Review is essential to ensure that the management plan remains relevant and effective in
case of customer complaints, major nonconformities (process, product etc.).
c. Monitoring of mitigation plans at regular intervals at least once in a year, for verifying the
effectiveness of the actions implemented, until the risk factor comes under accepting
criteria of the risk.
Page 10 of 11
RISK ASSESSMENT AND MITIGATIONPLAN
PROCEDURE NO. MSA/QSP/01 REVISION NO. 00 AS9100D CLAUSE NO. 6.1, 8.1.1
Page 11 of 11