Risk Management for Aerospace and Defense Industries

Aerospace transport and people. Two pilots dressed in uniform flying jet airliner on sunny day sitting inside aircraft cockpit surrounded by equipment. Selective focus on captain's hand on power lever

In a business environment failure and negative consequences are the last things anyone wants to encounter.  But the reality is that risk is always present and comes from multiple sources, whether from inside the organization or from external elements. Due to the complexity of aviation, space, and defense processes, products, and services, and the severity of the potential consequences of failures, a formal process to manage operational risks is required.

The exercise of risk management is how a company proactively applies quality standards to keep a lid on risk as much as possible from creating negative ramifications in the supply chain or to production or scheduling, etc. While to some it can seem like bureaucracy or unnecessary controls, risk management pays for itself many times over with the cost avoidance it helps secure. All it takes is one bad event to see why risk management is so important, that’s assuming the company survives that event.

The elements of risk management are clear and straightforward as well. It’s an ongoing, cyclical process of identifying risks, assessing them, proactively reducing their probability of occurring by control, and mitigating those that are allowable. But just following the process alone doesn’t explain why a business should have a risk management process in the first place.

In AS9100 the operational risk management process is supported by specific requirements throughout clause 8, to drive an enhanced focus on:

  • understanding risk impacts on operational processes; and
  • making decisions on operational processes and actions to manage (e.g., prevent, mitigate, control) potential undesired effects.

Within aviation, aerospace, and defense, risk is expressed as a combination of severity and likelihood of having a potential negative impact to processes, products, services, customer, or end users. In AS9100, operational risk management must include how the company defines their risk assessment criteria (e.g., likelihood, consequences, risk acceptance), and ultimately acceptance of risks remaining after implementation of any mitigating actions. Something as simple as the example below may be the simplest way to quantify risks. More detail could be utilized with scoring.

table

The standard requires an aerospace quality management system that takes into account the identification of various risks related to organizational circumstances in regard to its needs, business objectives, product range, applied processes and the size of the organization.  Given the fact that risk can trigger catastrophic results when unmanaged, every aerospace process must have the ability to reduce the occurrences and impacts of unacceptable risks, if not eliminate them entirely. And a risk management process is the only consistent way to assess risks and quantify when they are acceptable risks or when action is required.

Benefits to companies that incorporate risk management through ISO and AS quality standards include:

  • An increased probability of meeting schedules, budgets and production objectives
  • The means of making management proactive instead of reactive to risk issues
  • An increased awareness across the organization to recognize and mitigate risk
  • Reduced warranty and field complaints
  • Reduced supply chain risks
  • An increased ability to successfully plan, manage and implement changes (whether customer, supplier or self-initiated)
  • An increased ability to comply with laws, regulations, and customer requirements
  • An enhanced capability to track financial expenditures to poor results, and
  • Improved relations with stakeholders who see the results of quality and risk management in place
Sign Up For Our Newsletter

ISO 9001 Myths and Their Reality

Artboard 2

ISO 9001 is the world’s most used management system standard, existing for almost 30 years, it tends to fall into the gap where many people have heard about it, but not many fully understand what the standard involves. As a result, there are common myths about ISO 9001 that simpleQuE can help to clarify.

Is it complicated and difficult to implement?
In most cases, no. SimpleQuE was one of the first consulting companies in the world to become ISO 9001:2015 certified, so we know what it takes to transition to the new standard. It is possible to simplify ISO implementation, transition, training and maintenance, by integrating simple solutions that fit into your company’s culture.  This can be done with a gap audit checklist to identify where you’re already in compliance and more effectively target only those areas that need work.

Isn’t ISO 9001 an outdated model?
While it is true that ISO 9001 has been around since 1987, it has evolved through several revisions to match the changing needs of business. Today there is instant access to information, higher expectations from customers, more complex supply chains and a globally competitive economy.  ISO 9001:2015 takes all of these factors into account.

Isn’t ISO 9001 a standard that only benefits big corporations?
This is not the case. ISO 9001 is intended to be a set of requirements that can be used by any company, of any size, in any industry. The requirements are written as a set of best practices needed to control all the processes of a business system – no matter what the company does. The standard is designed to be flexible; the focus is on improving quality and customer satisfaction, which every organization can benefit from including:

  • More efficient use of resources and improved financial performance,
  • Improved risk management and protection of people and the environment, and
  • Increased capability to deliver consistent and improved services and products, thereby increasing value to customers and all other stakeholders.

Will everything have to be monitored and measured?
Processes do have to be monitored and measured to ensure that they are performing as designed, however, the standard allows a company to consider the impact that a process has on product/service conformity and the effectiveness of the Quality Management System (QMS) when determining what to monitor or measure and the method to be adopted.  A good QMS will help with monitoring performance and driving improvement.

Is ISO 9001 is the sole responsibility of the quality manager or department?
This couldn’t be farther from the truth, since the requirements cover every aspect of the business – from planning through delivery and post-delivery of your product or service.

Doesn’t ISO 9001 cost a lot to implement?
The question of cost will depend on the size and complexity of the organization and the competency of the personnel. Basic implementation pricing should be competitive and reasonable, depending if the work is done internally or through an external consulting service. The overall outcome of these activities should be to reduce costs through improvements and increase revenues through satisfied customers. Your return on investment should be well above the costs. Note that ISO certification is a separate additional cost.

SimpleQue can customize consulting for your organization and provide simple solutions while clearing up any misconceptions about ISO 9001 and how it can benefit your organization. Contact us today to find out more information and how simpleQue can help!