In a business environment failure and negative consequences are the last things anyone wants to encounter. But the reality is that risk is always present and comes from multiple sources, whether from inside the organization or from external elements. Due to the complexity of aviation, space, and defense processes, products, and services, and the severity of the potential consequences of failures, a formal process to manage operational risks is required.
The exercise of risk management is how a company proactively applies quality standards to keep a lid on risk as much as possible from creating negative ramifications in the supply chain or to production or scheduling, etc. While to some it can seem like bureaucracy or unnecessary controls, risk management pays for itself many times over with the cost avoidance it helps secure. All it takes is one bad event to see why risk management is so important, that’s assuming the company survives that event.
The elements of risk management are clear and straightforward as well. It’s an ongoing, cyclical process of identifying risks, assessing them, proactively reducing their probability of occurring by control, and mitigating those that are allowable. But just following the process alone doesn’t explain why a business should have a risk management process in the first place.
In AS9100 the operational risk management process is supported by specific requirements throughout clause 8, to drive an enhanced focus on:
- understanding risk impacts on operational processes; and
- making decisions on operational processes and actions to manage (e.g., prevent, mitigate, control) potential undesired effects.
Within aviation, aerospace, and defense, risk is expressed as a combination of severity and likelihood of having a potential negative impact to processes, products, services, customer, or end users. In AS9100, operational risk management must include how the company defines their risk assessment criteria (e.g., likelihood, consequences, risk acceptance), and ultimately acceptance of risks remaining after implementation of any mitigating actions. Something as simple as the example below may be the simplest way to quantify risks. More detail could be utilized with scoring.
The standard requires an aerospace quality management system that takes into account the identification of various risks related to organizational circumstances in regard to its needs, business objectives, product range, applied processes and the size of the organization. Given the fact that risk can trigger catastrophic results when unmanaged, every aerospace process must have the ability to reduce the occurrences and impacts of unacceptable risks, if not eliminate them entirely. And a risk management process is the only consistent way to assess risks and quantify when they are acceptable risks or when action is required.
Benefits to companies that incorporate risk management through ISO and AS quality standards include:
- An increased probability of meeting schedules, budgets and production objectives
- The means of making management proactive instead of reactive to risk issues
- An increased awareness across the organization to recognize and mitigate risk
- Reduced warranty and field complaints
- Reduced supply chain risks
- An increased ability to successfully plan, manage and implement changes (whether customer, supplier or self-initiated)
- An increased ability to comply with laws, regulations, and customer requirements
- An enhanced capability to track financial expenditures to poor results, and
- Improved relations with stakeholders who see the results of quality and risk management in place