RiskBased Supplier Assurance A Missing Key To Enhanced Supplier Quality Program Success

1
Risk-Based Supplier AssuranceA Missing KeyTo
Enhanced Supplier Quality Program Success

• Quality Assurance and Risk Management Services,
  Inc. 
• Robert J. Navarro, President CEO
• A.A. Flippen, Director, Systems Engineering
• University of Bradford, UK
• School of Engineering, Design Technology
• Chakib Kara-Zaitri, PhD, Senior Lecturer in Risk
  Reliability

September 28, 2008
2
Presentation Objectives

• Quality Risk Management Process Today
• Where We Want to Be
• How Do We Get There?
• Case Study
• Summary

3
Where We Are Today
Quality Community
You Are Here

• Quality System Elements
• Management responsibility
• Purchasing / Supply chain management
• Product realization
• Control of non-conforming products
• Etc.

4
Where We Are Today
Risk Management Community
They Are There

• NPR 8000.4 Agency
• Risk Management Procedural Requirements
• Includes supply chain risk

5
Where We Want To Be
Risk Management Community
Supplier Quality Community

• Integration of Quality and Risk Management
• Current focus of this initiative on supply chain
  QA management
• Supplier QA risks typically reported in supplier
  audit reports
• Transformation of quality audit deficiencies into
  a risk management framework
• Systematic reporting of supply chain risks as
  part of the program/project management councils
  (PMCs)

6
How Do We Get There?

• An Approach for Integration
• Program/Project risk management is governed by
  the NASA Risk Management Policy NPR 8000.4
• Includes the Continuous Risk Management (CRM)
  Process
• The CRM process requires program/project risk
  management plans to provide definitions for
  likelihood and consequence ratings
• Apply these definitions to each supplier audit
  finding
• Map results in the traditional 5X5 Risk Reporting
  Matrix
• Report significant supply chain QA results as
  part of an integrated reporting process at
  program/project PMCs

7
Case Study
Likelihood Consequence 5X5 Matrix
Likely to Occur Probably May Occur Unlikely to
Occur Improbable
Likelihood
Very Low Mod High Very Low
High
Consequence
8
Case Study, contd
Definitions
Likelihood A. Likely to occur (e.g., probability
gt 0.1) B. Probably will occur (e.g., 0.1 gt
probability gt 0.01) C. May occur (e.g., 0.01 gt
probability gt 0.001) D. Unlikely to occur (e.g.,
0.001 gt probability gt 0.000001) E. Improbable
(e.g., 0.000001 gt probability) Consequence Very
High -- A condition that may cause death or
permanently disabling injury, facility
destruction on the ground, or loss of crew, major
systems failure, or vehicle during the
mission High -- A condition that may cause severe
injury or occupational illness, or major property
damage to facilities, systems or major impact to
project schedule Moderate -- A condition that may
cause minor injury or occupational illness, or
minor property damage to facilities, systems or
minor impact to project schedule Low -- A
condition that could cause the need for minor
first aid treatment but would not adversely
affect personal safety or health, damage to
facilities, equipment, or flight hardware Very
low -- Minimal or no consequences
9
Case Study, contd

• An audit was completed for Supplier A. Selected
  results
• F1. Supplier A does not have a defined receiving
  inspection process to systematically
• Verify the conformity of purchased products and
  services
• Provide a traceable record of conformity
  including who, when, how, and to what criteria,
  conformity was verified
• Project Risk
• Purchased products may not meet technical
  requirements, and may have no traceable record of
  conformity to requirements. Failures could occur
  downstream and result in costly delays.
• Consequence
• High - A condition that may cause severe injury
  or occupational illness,
• or major property damage to facilities or systems
  or major impact to project schedule
• Likelihood
• C - May occur

10
Case Study, contd Transformed Supplier Risk
Supplier A Risk Report
Likely to Occur Probably May Occur Unlikely to
Occur Improbable
F1
Likelihood
Very Low Mod High Very Low
High
Consequence
11
Case Study, contd
F2. While performance history is cited as a
basis for approving suppliers, there appears to
be no defined process for reporting supplier
deficiencies that could affect supplier approval
status. Project Risk Repeat problems with
subcontracted and/or purchased products. Initial
supplier deficiencies may not be recorded and/or
addressed with appropriate controls. Consequence
Moderate - A condition that may cause minor
injury or occupational illness, or minor property
damage to facilities, systems or minor impact to
project schedule. Likelihood C - May occur
12
Case Study, contd Transformed Supplier Risk
Supplier A Risk Report
Likely to Occur Probably May Occur Unlikely to
Occur Improbable
F2
F1
Likelihood
Very Low Mod High Very Low
High
Consequence
13
Case Study, contd
F3. It appears that there is no defined process
for reviewing controlled documents to determine
whether updating is needed. Project
Risk Incorrect builds, tests and inspections
could occur due to use of outdated material and
process specs, and manufacturing and QA work
instructions.   Consequence High - A condition
that may cause severe injury or occupational
illness, or major property damage to facilities,
systems or major impact to project
schedule Likelihood B - Probably will occur
14
Case Study, contd Transformed Supplier Risk
Supplier A Risk Report
Likely to Occur Probably May Occur Unlikely to
Occur Improbable
F3
F2
F1
Likelihood
Very Low Mod High Very Low
High
Consequence
15
Summary

• Supplier risks can and should be integrated into
  the NASA risk management program defined in NPR
  8000.4 (new revision in NODIS review)
• A systematic and practical risk-based supplier QA
  process can be applied
• Integrated quality and risk management
• Supply chain risks are a critical element of the
  integrated project risk profile
• Next steps
• Field testing for practicality
• Program and project feedback

16
Where We Want To Be
Contact RNavarro_at_QAandRM.com Chakib_at_NTLworld.com