Applying Risk-based Thinking - Failure Modes and Effect Analysis (FMEA)

Applying Risk-based Thinking - Failure Modes and Effect Analysis (FMEA)

First question comes in our mind, how to use risk-based thinking in the QMS. Simple, we need to identify, understand and then address risks. ISO 9001:2015 QMS standard does not provide any specific procedure or method to determine risks and opportunities. It is for the organization to apply any procedure or method to determine risks and opportunities. Risk analysis is the important step of identify potential problems. One commonly used method of risk identification and risk analysis is known as 'Failure Modes and Effect Analysis' (FMEA) that is done during the design of a product or process. The purpose of FMEA is to identify all potential problems that could arise in the product or process, identify how critical is the risk and decide what to do about it. FMEA is a structured approach to discovering potential failures that may exist within the design of a product or process. Failure modes are the ways in which a process can fail. Effects are the ways that these failures can lead to waste, defects or harmful outcomes.



FMEA process includes four steps -

(i) Identify your risks - It can be done in a brainstorming from different areas of your organization. List all potential problems that could arise. Considering external and internal issues and interested parties (as determined as per clause 4.1 and 4.2 of the standard) will be helpful in identifying the risks.

(ii) Determine how critical each risk is - You should assess the risk against probability of occurrence, severity of occurrence and chance of detection of occurrence. Brainstorm each risk that you identify. What is the probability of risk occurring? What is its impact?

(iii) Rank the risk - You should decide the rank of the risk, whether the risk is acceptable or unacceptable. What is your priority with regard to the risk?

(iv) Determine actions - After understanding the risk, determine your actions, what should be done. What you plan? Plan actions to address the risks. Mention mitigation steps to eliminate or reduce the risks.

FMEA process is simple. It is easy to use. FMEA process gives results that are easy to determine acceptability, and thus provides a framework to assign resources to risk reduction that is easily supported. You should clearly understand that FMEA is a way of dealing risk analysis, and it is in no way mandated by ISO 9001:2015 QMS standard that you must use it. Any method you find useful, relevant and efficient can be used.

After FMEA process, you need to address the risk:
(i) Implement the plan - Take action
(ii) Check the effectiveness of the action
(iii) Improve your action on the basis of check results

Thanks,

Keshav Ram Singhal

Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking'.

Applying Risk-based Thinking - Checklist

Applying Risk-based Thinking - Checklist

A checklist is a list of things that can be checked off as completed or noted. When we certain steps to do for a work or process, we make a list of all of them and we check them off as we accomplish each of them. A checklist is a type of informational job aid used to reduce failure by compensating for potential limits of human memory and attention. It helps to ensure consistency and completeness in carrying out a task. Check-lists are simple form of risk identification technique that provides a listing of typical uncertainties which need to be considered. Check-lists are developed usually from experience - either from previous risk assessment result or from past failure result. A check-list can be used to determine hazards and risks. It can be used to assess the effectiveness of the controls applied. Check-lists can be used at all stages of the life cycle of a product/service or system. They may be used independently or as a part of other risk assessment techniques. A well designed check-lists may be used by non-experts and help ensure that common problems are taken care.

Typical daily checklist for boiler maintenance may be as under:

- Inspect around and under the boiler equipment for leaking water
- Ensure that the area around the boiler equipment is free of materials that may cause obstruction
- Check and ensure temperature readings are within the designed range
- Check and ensure pressure readings are within the designed range
- Watch closely all display panels and ensure no error codes or service codes
- On watching any error codes, ensure to send for service
- Ensure vent termination is not blocked or obstructed
- Inspect and ensure the combustion air opening with no blockage
- Always listen closely for any unusual noises or vibrations

To prepare a checklist for a particular process, make a small team of identified people who should be asked to prepare check points of the known issues that can affect conformity of the product/service (risks) and have the ability to enhance customer satisfaction (opportunities).

For writing of a checklist, the initial process is to carry out a thorough investigation of the task to accomplish. A good checklist starts with a thorough investigation into what and why of whatever it is you are trying to accomplish. Understand objectives of what you want to accomplish. Before you start making your checklist, you must understand what you want to accomplish. Do some research. Find out what others are doing. Write down all points. Get everything documented what you want to accomplish. Brainstorm on your own each point of the process and note down them. You must know the value of each task. Write down in simple language to include a fully detailed description by organizing all your points.

Thanks,

Keshav Ram Singhal

Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking'.

Applying Risk-based Thinking - Brainstorming Technique

Applying Risk-based Thinking - Brainstorming Technique

Please refer to the earlier article of this blog on 'Understanding Statistical Tools and Techniques - 03 - BRAINSTORMING'.

Thanks,

Keshav Ram Singhal

Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking'.

Applying Risk-based Thinking - Overview of risk assessment tools and techniques

Overview of risk assessment tools and techniques

For understanding a formal risk management following standards may be useful for your reference:
- ISO 31000:2018, Risk management - Guidelines
- ISO/TR 31004:2013, Risk management - Guidance for the implementation of ISO 31000
- IEC 31010:2019, Risk management - Risk assessment techniques

Every organization, whether it is small, medium or large, private or public, manufacturing or service, faces various factors and influences that may be internal and external. Internal and external factors and influences in an organization lead to uncertainty with regard to achievement of organization’s objectives. The effect of uncertainty on the organization’s objectives is termed as risk. Thus risk is an effect of uncertainty on objectives. An effect is a deviation from the expected. The effect may be positive and/or negative. To manage risk, an organization needs to carry out coordinated activities. Risk management is a process that is underpinned by a set of principles. Also it needs to be supported by a structure that should be appropriate to the organization, its environment and context. International Organization for Standardization (ISO) in 2009 has published an International Standard ISO 31000 that describes Risk management – Principles and guidelines, which has been revised and published in 2018 as Risk management - Guidelines. ISO 31000:2018 standard targets the quality of an organization’s management and suggests risk management frameworks, processes and activities that should be followed to help organizations better meet their goals and objectives. ISO 31000:2018 standard describes an overall approach to risk management, not just risk analysis or risk assessment. ISO 31000:2018 standard takes a general approach that can be developed. ISO 31000:2018 standard helps organizations develop a risk management strategy to effectively identify and mitigate risks, thereby enhancing the likelihood of achieving their objectives and increasing the protection
of their assets. Its overarching goal is to develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk.

You can get the copy of standards from the national standards body in your country that is a member of ISO. In India, Bureau of Indian Standards (Website - http://bis.org.in/) is the national standards body, where you can get copies of standards.

There are various tools and techniques mentioned in ISO 31010:2018 standard that can be used for risk assessment. List of such a few tools and techniques are as under:
(i) Brainstorming
(ii) Structured or semi-structured interviews
(iii) Delphi
(iv) Check-lists
(v) Primary hazard analysis
(vi) Hazard and operability studies (HAZOP)
(vii) Hazard Analysis and Critical Control Points (HACCP)
(viii) Environmental Risk Assessment
(ix) Structured 'What If' Technique (SWIFT)
(x) Scenario analysis
(xi) Business impact analysis
(xii) Root cause analysis
(xiii) Failure mode effect analysis (FMEA)
(xiv) Fault tree analysis (FTA)
(xv) Event free analysis
(xvi) Cause and consequence analysis
(xvii) Cause and effect analysis
(xviii) Layers of protection analysis (LOPA)
(xix) Decision tree analysis
(xx) Human reliability analysis
(xxi) Bow tie analysis
(xxii) Reliability centred maintenance
(xxiii) Sneak circuit analysis
(xxiv) Markov analysis
(xxv) Monte Carlo simulation
(xxvi) Bayesian statistics and Bayes Nets
(xxvii) FN curves
(xxviii) Risk indices
(xxix) Consequence/probability matrix
(xxx) Cost/benefit analysis
(xxxi) Multi-criteria decision analysis (MCDA)

In forthcoming chapters, we will focus on a few tools and techniques that an organization may implement for addressing risks and opportunities in the organization.

There is no requirement in ISO 9001:2015 QMS standard for a formal risk management or a documented risk management process. The concept of preventive action is expressed in ISO 9001:2015 QMS standard through the risk-based thinking. Risk-based thinking should be applied in the cyclic process that should include:
- Indentify risks,
- Determine the severity of consequences,
- Evaluate likelihood of occurrence,
- Determine policy and action plan to deal with it it happens,
- Monitor and review .... and so on.

We will focus on a few tools and techniques in the forthcoming articles.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'