RISK BASED

THINKING
TRAINING
For Internal Auditor
Base On ISO 9001:2015
Introduction Of Trainer

TOYO GUSTAMAN
• QC/QA Dept. Senior Supervisor Of PT. Vuteq Indonesia
• Lead Auditor Internal Of PT. Vuteq Indonesia

JOB EXPERIENCE :

 2001 – 2004 3 Years Quality Control Of Kansai Kouryu Co.Ltd - Japan

 2004 – 2009 5 Years Production Dept. Of PT. Vuteq Indonesia
 2009 – 2012 3 Years QMR ISO 9001:2008 Of PT. Vuteq Indonesia
 2012 – 2015 3 Years QMR ISO/TS 16949:2009 Of PT. Vuteq Indonesia
 2015 – Now 4 Years Lead Auditor Internal Of PT. Vuteq Indonesia
 2009 – Now 10 Years QC/QA Dept. Supervisor Of PT. Vuteq Indonesia
 2015 – Now 4 Years Trainer For Trainer Of PT. Vuteq Indonesia
Introduction Of Trainer
TRAINING EXPERIENCE FOR TRACEABILITY KNOWLEDGE :

1. 2012 Certified Lean Six Sigma

2. 2012 Certiified Awareness QMS ISO 9001:2008
3. 2012 Certified Awareness IQA ISO/TS 16949:2009
4. 2012 Certified Core Tools SPC, MSA, FMEA, APQP & PPAP
5. 2013 Certified Train For Trainner
6. 2013 Certified QMR : Lead and Sustain QMS Program
7. 2013 Certified Proffesional Document Controller
8. 2014 IRCA Certified QMS Auditor/Lead Auditor [ Based ISO 9001:2008 ]
9. 2016 Certified Awareness and Interpretation QMS ISO 9001:2015
10. 2016 Certified QMS Internal Auditor [ ISO 9001:2015 ]
11. 2016 SMMT Certified QMS Auditor/Lead Auditor [ based ISO/TS 16949:2009 ]
12. 2017 Certified Awarenes and Interpretation of EMS 14001:2015
13. 2017 Certified Interpretation IATF 16949:2016
14. 2017 Certified QMS Internal Auditor [ IATF 16949:2016 ]
15. 2017 Certified Improvement Quality Through Calibration and Measurement System Analysis
16. 2018 Certified Measurement System Analysis [ Base on AIAG Ref. Manual 4 th Edition ]
17. 2018 Certified Statistical Process Control [ Base on AIAG Ref. Manual 2 nd Edition ]
18. 2018 Certified Total Productive Maintenance
IATF Simplified

RISK BASED THINKING

PEMIKIRAN BERBASIS RESIKO
ISO 9001 REQUIREMENT
CLAUSE NO REQUIREMENT

4.4.1 (F) Quality Management System And Its Processes Shall Address The Risks And Opportunities As Determined In Accordance With The
Requirements Of 6.1.
5.1.1 (D) Leadership Shall Promote The Use Of The Process Approach And Risk-based Thinking
5.1.2 Customer Focus -Ensure The Risks And Opportunities That Can Affect Conformity Of Products And Services And The Ability To
Enhance
Customer Satisfaction Are Determined And Addressed
6.1.1 While Planning Determine The Risks And Opportunities That Need To Be Addressed To:
a) Give Assurance That The Quality Management System Can Achieve Its Intended Result(s);
b) Enhance Desirable Effects;
c) Prevent, Or Reduce, Undesired Effects;
d) Achieve Improvement

6.1.2 The Organization Shall Plan:

e) Actions To Address These Risks And Opportunities;
f) How To:
1) Integrate And Implement The Actions Into Its Quality Management System Processes (See 4.4);
2) Evaluate The Effectiveness Of These Actions.
9.1.3 Analysis And Evaluate The Effectiveness Of Actions Taken To Address Risks And Opportunities;
9.3.2 Discuss The Effectiveness Of Actions Taken To Address Risks And Opportunities In MRM.
10.2.1 E) Update Risks And Opportunities Determined During Planning, Whenever NC Arises
ISO 9001 REQUIREMENT
CLAUSE NO REQUIREMENT

6.1.1 The Organization Shall Determine The Risks And Opportunities, Related To Its Environmental Aspects (See 6.1.2), Compliance
Obligations (See 6.1.3) And Other Issues And Requirements, Identified In 4.1 And 4.2, That
Need To Be Addressed To:
• Give Assurance That The Environmental Management System Can Achieve Its Intended Outcomes;
• Prevent Or Reduce Undesired Effects, Including The Potential For External Environmental Conditions To Affect The
Organization;
• Achieve Continual Improvement.
6.1.1 The Organization Shall Maintain Documented Information Of Its Risks And Opportunities That Need To Be Addressed And
Process(es) Needed In 6.1.1 To 6.1.4, To The Extent Necessary To Have Confidence They Are Carried Out As Planned

6.2.1 The Organization Shall Establish Environmental Objectives At Relevant Functions And Levels, Taking Into Account The
Organization’s Significant Environmental Aspects And Associated Compliance Obligations, And Considering Its Risks And Opportunities.
Review Changes In Risks And Opportunities In MRM
Note: 6.1.2 Significant Environmental Aspects Can Result In Risks And Opportunities Associated With Either Adverse Environmental
Impacts
(Threats) Or Beneficial Environmental Impacts (Opportunities).
Note: 6.1.3 Compliance Obligations Can Result In Risks And Opportunities To The Organization

.
What Is Risk?

 Effect Of Uncertainty On An Expected Result.

 Deviation From The Expected, Either Positive Or Negative.

.
How to Identify Risk & Opportunities?
 SWOT Analysis
 PESTLE Analysis
 Brainstorming
 Surveys
 Interviews
 Historical data on Failures
 Organization's Records
How to Identify Risk & Opportunities?
 SWOT Analysis
 PESTLE Analysis
 Brainstorming
 Surveys
 Interviews
 Historical data on Failures
 Organization's Records
 Professional Expertise
 On-Site Investigations
SWOT ANALYSIS
PESTLE ANALYSIS
PESTLE ANALYSIS
SWOT ANALYSIS ORGANIZATION
SWOT ANALYSIS QC/QA PROCESS
SWOT ANALYSIS PRODUCT
RISK ASSESMENT
 RISK ASSESMENT
AS/NZS 4360:1999
DAMPAK Kemungkinan Terjadinya Risiko Dampak Terhadap Pencapaian
A Hampir pasti 1 Tidak significant

B Kemungkinan besar terjadi 2 Minor

1 2 3 4 5 C 3
PROBABILITAS

Kadang- kadang Moderate

A H H E E E D Mungkin terjadi 4 Parah

E 5
B M H H E E Jarang terjadi Sangat Parah

C L M H E E
D L L M H E E Resiko Extreme, sangat mendesak, perlu penanganan segera

E L L M H H H Resiko tinggi, perlu perhatian top manajemen

M Resiko sedang, tanggungjawab manajemen perlu diperjelas

L Resiko rendah, perlu diatur rutinitasnya, prosedur

RISK ASSESMENT
RISK ASSESMENT
RISK ASSESMENT

Actions to address risks/opportunities can include

• Avoiding Risk
• Taking Risk in order to pursue an opportunity
• Eliminating the Risk source
• Changing the likelihood or consequences
• Sharing the Risk
• Retaining Risk by informed decision
RISK ASSESMENT
RISK ASSESMENT
WHERE TO START ?
4.1 & 4.2 Needs & Expectation Of Interested Parties

 List Down All Interested Parties(internal, External, Legal & Regulatory

Bodies)
 Find All Need And Expectations Of All Interested Parties
 Assess Risk And Opportunities In Meeting Them.
WHERE TO START ?
5.1.2 Customer Focus
 Find All Requirement For The Products & Services(customer, Legal &
Your Own)
 List Down All The Processes For Meeting The Requirements
 Assess Risk And Opportunities In Converting The Inputs In To Outputs
WHAT IS NEXT ?

6.1 Action To Address Risk & Opportunity

 Incorporate Mitigation Action In To Your Process/Procedure
Wherever Required.
 Consider Risk Mitigation As Objectives Wherever Required.
 Monitor The Risk On Regular Basis.
WHAT IS NEXT ?

9.1.3 Analysis And Evaluation

 Monitor The Risk On Regular Basis.

 Analyze The Effectiveness Of The Mitigation Plan Put In Place.
WHAT IS NEXT ?

9.3.2 Management Review

 Discuss The Effectiveness Of The Mitigation Plan Put In Place

WHAT IS NEXT ?

10.2 Non Conformity & Corrective Action

 Whenever Non Conformity Arises, Check Whether The Particular NC

Addressed In Risk Register?
 If Yes, Investigate What Went Wrong With The Mitigation Plan ?
 If Not Include It With Mitigation Plan.
WHAT IS NEXT ?
6.3 & 8.5.6 Changes In Risk & Opportunity

Asses Risk & Opportunities Whenever Changes

Happening In
 Need & Expectation Of Interested Parties (4.0)
 Leadership, Policy, Roles & Responsibilities (5.0)
 Objectives (6.0)
 Resources(7.0)
 Process /Operations(8.0)

& Update Risk Mitigation Plan.

WHAT IS NEXT ?
Ensure Your Risk Management Plan Is A Dynamic One.

So You Can Achieve Continual Improvement….

 THANK YOU
IATF 16949:2016 Risk Based Thinking For Internal Auditor
Seminar Date : Friday, March 18, 2022