How to Ensure Effective Risk Management in ISO 9001:2015

Using FMEA tool for Risk Management in ISO 9001:2015

The FMEA, which is short for ‘Failure Mode and Effects Analysis’, is an engineering risk analysis tool made of four (4) key metrics that will enable any organization to determine a risk’s threat level. It utilizes a scale of 1-10 to simplify the identification of threat levels.

Its definition can be split into two:

Failure Mode | This implies the potential paths or modes of failure. Failures can be potential or current and encompass any mistakes or flaws, especially those that negatively impact the client.

Effects Analysis | This refers to understanding the consequences that might follow if a failure identified above occurs.

All in all, the FMEA can be described as a methodology used to develop any process to anticipate potential failures and their effects. FMEA is an effective tool for identifying and mitigating risk in the design and production of a product or process. The ultimate objective of the FMEA is to prevent problems before they occur by predicting and analyzing potential failures and implementing corrective actions to mitigate the risk of failure.

Going back to the key metrics that the FMEA utilizes, we have to understand how such metrics are used. Severity, Occurrence and Detection are the first three (3) metrics of the FMEA. These metrics will help us determine the overall threat level of any risk, also known as the Risk Priority Number (RPN) or metric #4. The RPN is obtained by multiplying all values for the Severity, Occurrence and Detection. The product of these values is the RPN. It is important to note that the higher the RPN is, the higher the risk and, therefore, the higher the focus that this risk must be given within the organization.

Depending on the organization, several implementation strategies may be used for the implementation of the FMEA. As a result, each organization may have different steps involved. FMEA procedures often consist of the following:

1. Assemble a group of individuals who are familiar with the system, design, or process at hand and the respective client expectations. Such a team should be cross-functional, composed of people with diverse expertise in sales, customer service, production, design, maintenance, and quality.
2. Determine the overall scope and purpose of the system, design or process being analyzed.
3. Dissect a system, a design, or a process into its constituent parts.
4. Examine each component of the system, design, or process to find any potential problems or single points of failure.
5. Analyze the potential causes of failures and the respective effects those failures would have.
6. Rank each failure using a scale from 1-10 for the Severity, Occurrence and Detection. Use these numbers to get the product, also known as the Risk Priority Number (RPN).
7. Determine the best methods for spotting, reducing, mitigating, and fixing the most severe errors by identifying possible failures and necessary corrective measures. This lowers the likelihood of failure effects.
8. Review risk parameters as necessary.

The benefits of using Failure Modes and Effects Analysis (FMEA) include the following:

1. Improved product quality: FMEA helps to identify potential failure modes and assess their impacts, allowing organizations to prevent problems before they occur and improve the overall quality of their products.
2. Reduced risk of failure: By anticipating and mitigating potential failure modes, FMEA helps to reduce the risk of failure and improve the reliability of products and processes.
3. Enhanced customer satisfaction: By preventing problems and improving product quality, FMEA can lead to increased customer satisfaction.
4. Improved design and production processes: FMEA can identify areas for improvement in the design and production processes, leading to more efficient and effective processes.
5. Better risk management: FMEA provides a structured approach to risk management, helping organizations to prioritize the highest risk issues and focus on mitigating those first.
6. Increased teamwork and collaboration: FMEA often involves a cross-functional team, which can lead to increased collaboration and improved communication within an organization.
7. Compliance with industry standards: FMEA is widely used in various industries and may be required by industry standards, such as ISO 9001.

So all in all, what is FMEA in a nutshell? The Failure Mode and Effects Analysis is a proactive approach to risk management that helps organizations reduce the risk of failure and improve the overall quality and reliability of their products and processes.

But when shall we draw the line? Should an organization tackle all risks? Should an organization negate all risks below the RPN value of 200? Or tackle the five top-most threats?

There is no right or wrong, really. This is decided by the business’s risk appetite. But let us first understand what this term means.

Risk Appetite and Risk Management in ISO 9001:2015

Risk appetite refers to the amount of risk an organization or individual is willing to accept in pursuit of their goals. It is the level of uncertainty that an organization or individual is willing to tolerate in order to achieve a desired outcome.

Risk appetite is determined by considering factors such as the organization’s goals and objectives, its tolerance for losses, its financial strength and stability, and the regulatory and legal environment in which it operates.

Having a clear understanding of an organization’s risk appetite is important as it helps guide decision-making, determine the types of risks that are acceptable, and establish limits on risk-taking.

An organization with a high-risk appetite may be willing to accept significant risk in pursuit of high returns. In contrast, an organization with a low-risk appetite may focus on preserving capital and avoiding losses.

If a corporation wants to manage all risks and is not comfortable with having any lingering dangers within the organization, it is perfectly acceptable. However, if an organization has a greater risk tolerance, it can also opt to focus on the first five most critical risks within the firm.

It is important to note that risk appetite is not the same as risk tolerance, which refers to the ability of an organization or individual to handle a loss or adverse event. An organization may have a high-risk appetite but a low-risk tolerance if it lacks the resources or capacity to handle significant losses.

INTERESTED IN LEARNING MORE about Risk Management in ISO 9001:2015?

Luke Desira is an ISO management system consultant who understands that taking the first step to achieve ISO certification is never easy. Make sure to listen to what Luke Desira has to say about Risk Management in ISO 9001:2015 and be sure to realize that mishaps are never far off. Read more about it here, where you can understand how things can go wrong when implementing any ISO Standard. Achieving consistency in quality is never an easy task.

Anything can go wrong when implementing ISO Standards, make sure that you are aware of such mishaps before they occur! All management systems based on ISO Standards that are implemented should pertain directly to the organization’s objectives, and ISO 9001 – Quality Management System  should be no different. Have a look at different ISO Certification specialised by Industry to understand in which category your organization falls.

Luke offers a variety of ISO certification services that puts him as the #1 ISO Certification consultant in Malta. He can help you achieve ISO certification efficiently. When ready, take the first step to success and call Luke Desira.

Make sure to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.