Quality Planning & Risk Assessment
Module 2: Quality Planning & Risk Assessment
This module introduces risk-based thinking, identifies common manufacturing risks, develops quality objectives, conducts FMEA analysis, and implements risk mitigation strategies aligned with ISO 9001:2015 requirements.
Section 1: Introduction to Risk-Based Thinking
1.1 What is Risk-Based Thinking?
Risk-based thinking is a fundamental principle in ISO 9001:2015 requiring organizations to proactively identify and manage risks that could affect their ability to deliver quality products. Rather than only reacting to problems, risk-based thinking asks: "What could go wrong? How do we prevent it?"
This shift from reactive (fixing problems) to proactive (preventing problems) is one of the most important changes in ISO 9001:2015.
Why Risk-Based Thinking Matters:
Without risk-based thinking, you discover problems after they've caused damage: late deliveries, production shutdowns, defective products shipped. With risk-based thinking:
- Identify potential problems before they occur
- Implement preventive measures proactively
- Prepare contingency plans for critical risks
- Maintain focus on what matters most (high-impact risks)
- Demonstrate strategic thinking to customers and regulators
Example: Risk Discovery
- High Risk: Main injection molding machine failure would stop production (no backup)
- Medium Risk: Key supplier has single-site operations; disruption would halt supply
- Low Risk: Minor ambient temperature fluctuations affect dimensions
Rather than discovering these through crises, they purchased a backup machine, qualified a second supplier, and installed environmental controls. This proactive approach prevented several costly disruptions.
Section 2: Identifying Manufacturing Risks
2.1 Common Manufacturing Risk Categories:
| Category | Examples |
|---|---|
| Supplier/Input Risks | Quality failure, delivery delay, capacity loss, price volatility |
| Production/Process Risks | Equipment failure, operator error, process drift, environmental factors |
| Product Design Risks | Design defect, tolerance stack-up, manufacturing feasibility |
| Customer/Market Risks | Changing requirements, competition, regulatory changes, market downturn |
| Compliance/System Risks | Inadequate documentation, insufficient training, audit findings |
| Data/Communication Risks | Data loss, miscommunication, system failure, traceability loss |
2.2 Risk Assessment Methodologies:
RISK MATRIX (Probability × Impact)
The simplest and most widely used approach. For each risk, estimate:
- Probability: How likely? (Low: <10%, Medium: 10-50%, High: >50%)
- Impact: How serious if occurs? (Low: manageable, Medium: significant, High: critical)
Color-coding: Green (Low) = Monitor | Yellow (Medium) = Mitigate | Red (High) = Urgent action
FMEA (Failure Mode & Effects Analysis)
More detailed methodology analyzing:
- Failure Mode: What could fail?
- Effects: What happens when it fails?
- Causes: Why might it fail?
- Severity: How serious? (1-10 scale)
- Probability: How likely? (1-10 scale)
- Detection: Can we detect before customer? (1-10 scale)
- RPN: Risk Priority Number = Severity × Probability × Detection
Section 3: Developing Quality Objectives
3.1 What are Quality Objectives?
Quality Objectives are specific, measurable targets defining what the organization wants to achieve regarding quality. They translate the broad quality policy into concrete, actionable goals.
3.2 SMART Quality Objectives
Effective quality objectives should be:
- Specific: Clearly defined, not vague
- Measurable: Quantifiable, trackable, verifiable
- Achievable: Realistic given resources and timeframe
- Relevant: Aligned with customer needs and business strategy
- Time-bound: Clear deadline
Example Quality Objectives:
| Objective | Details |
|---|---|
| Reduce defect rate | From 3% to <1% by Q4 2026 (measured monthly) |
| Improve on-time delivery | From 92% to 98% by Q2 2026 (measured per order) |
| Increase customer satisfaction | From 7.2/10 to >8.5/10 by Q3 2026 (quarterly survey) |
| Improve employee competency | 100% operators trained on new SPC by Q1 2026 |
| Reduce scrap costs | From €45K/month to €25K/month by Q3 2026 |
Section 4: FMEA Process
4.1 FMEA Steps
- Select Process: Choose critical process to analyze
- Assemble Team: Bring together people who understand the process
- Identify Failure Modes: Brainstorm "What could go wrong?"
- Assess Severity, Probability, Detection: Rate each on 1-10 scale
- Calculate RPN: Risk Priority Number = Severity × Probability × Detection
- Prioritize and Take Action: Focus on highest RPN items
4.2 RPN Interpretation
- RPN > 100: Requires immediate action
- RPN 50-100: May require action depending on industry
- RPN < 50: Monitor and review regularly
Key Point: After implementing mitigation actions, recalculate RPN. Effectiveness comes from reducing probability, severity, or improving detection.
Section 5: Risk Mitigation Strategies
5.1 Five Risk Response Strategies
| Strategy | Approach | Example |
|---|---|---|
| AVOID | Eliminate the risk entirely | Don't do the activity that creates risk |
| MITIGATE | Reduce probability and/or impact | Preventive maintenance, SPC, dual suppliers |
| ACCEPT | Tolerate the risk | Low probability AND low impact; acceptable |
| TRANSFER | Shift responsibility to another party | Insurance, supplier warranty, customer acceptance |
| PREPARE | Develop contingency plan if risk occurs | Backup equipment, emergency supplier list |
Section 6: Risk Register
6.1 Creating a Risk Register
A Risk Register is a living document listing all identified risks, their assessment, mitigation strategies, and status.
Essential Risk Register Fields:
- Risk ID (unique identifier)
- Risk Description (what could go wrong?)
- Category (Supplier, Process, Product, etc.)
- Probability (1-10)
- Impact (1-10)
- RPN (Priority Number)
- Mitigation Strategy (what will we do?)
- Responsible Party (who owns it?)
- Target Date (when will mitigation complete?)
- Status (Not started / In progress / Complete)
- Residual Risk (risk level after mitigation)
- Last Review Date (when assessed?)
6.2 Best Practices
- Update Regularly: Review at least quarterly or when major changes occur
- Ownership: Each risk should have a clear owner responsible for mitigation
- Escalation: Critical risks (high RPN) should be escalated to leadership
- Evidence: Document mitigation completion with records/evidence
- Learning: When a risk actually occurs, analyze why mitigation failed
Conclusion: Proactive Quality Planning
Quality planning through risk-based thinking transforms your organization from reactive (fixing problems after they occur) to proactive (preventing problems before they cause damage). By identifying risks, developing quality objectives, and implementing mitigation strategies, you create a sustainable quality system that meets customer expectations and regulatory requirements.
