Risk management is an obvious priority in the aviation industry.  Aviation products, such as commercial and private aircraft, spacecraft and weapons systems have built in risk associated with their design, production, usage and possible non-compliance with industry and federal regulations.  A quality management system takes risk management out of the Quality Control department and integrates it into all phases of design, production and delivery.

The aerospace industry has managed risk in much the same way as other organizations.  The CEO has overall responsibility for the company while each department focuses on its own processes to minimize risk.  One area may do an outstanding job, while another down the process may not do as well.  Without integration, there can be gaps that can expose the company to liability.  Insurance and legal counsel can protect the organization after a crisis, but the quality management system seeks to eliminate variation, errors and waste before products reach the customer.

While the word risk didn’t appear in ISO 9000:2000, risk management was always a goal of a quality management system.  It did appear in the ISO 9000:2008 with respect to the environment and how the organization’s environment influences quality.  Risk appeared in AS9100 relative to the risk of meeting customer requirements.  ISO 9000:2001’s processes for corrective and preventive action, internal audits and management review addressed the importance of quality systems to recognize and manage risk by preventing and correcting errors or non-conformance before the product reaches the customer.

The latest version of AS9100, Rev C, not only mentions risk management, but Section 7.1.2, Risk Management, also  requires companies have a process for risk management.

Risk management has three components. 

  1. Future root cause –what event, process or environmental component could trigger non-conformance, error, waste, or product failure?
  2. Probability – What is the degree of certainty or opportunity the future root cause will occur?
  3. Consequences – What are the possible consequences and impact on product quality, injury or loss, and the company’s exposure to liability?

This section specifically addresses:

  • Assignment of responsibility for risk.  Who is ultimately responsible for identifying risk and determining risk acceptance levels?
  • Identifying the three components of risk management – root cause, probability and consequences within the quality management system.
  • What risks are acceptable in the organization’s processes?
  • What are the established risk levels and tolerances?
  • What actions or modifications are required to eliminate or reduced identified risk, and what steps are taken in order to manage risk to acceptable standards.
  • What steps are necessary when risk levels exceed established tolerances?  Who is responsible for altering risk levels to new standards?

Risk management goes beyond product design, production and delivery.

Like ISO: 9001:2008, AS9100, Rev C quality management systems focus on meeting or exceeding customer requirements.  There is risk involved in not understanding customer requirements and falling short in the design and production of customer products or services, meeting scheduled deadlines, delivery methods and timelines, customer service, resolving customer complaints and replacing or repairing product to customer satisfaction.

A company risks losing customers and its quality reputation in the industry by failing to satisfy the customer.  Further, negative publicity in the regular and social media from product recalls, injuries or catastrophes from product failure can spell disaster for a company locally and around the world.