Risk Management for Automotive Suppliers: 4 Critical Places to Focus
When you look at standards like IATF 16949 or ISO 9001, the requirements boil down to two essential elements: improving customer satisfaction and reducing risk.
They go hand in hand, because effective risk management means safer products and happier customers—and fewer problems for their suppliers.
To help automotive suppliers proactively avoid quality and safety issues, we’re looking at 4 important places to focus for improving risk management and reducing costs.
What Is Risk Management?
The concept of risk is often misunderstood, as is risk management.
A risk is not the same thing as a hazard. Risk is defined as probability x impact of a given hazard causing an unwanted event. Risk takes into account how likely an event is to occur as well as potential consequences.
RISK = Probability x Impact
Risk management is not the same as finding hazards or conducting a risk assessment. Risk management is a cyclical process involving: hazard identification, risk assessment, risk mitigation, and ongoing monitoring.
1. Hazard Identification: Spotting Problems
If you’re not effectively identifying problems, it’s only a matter of time before you have a quality issue escape. And if we’re talking about a quality problem that causes downtime for the OEM, you could be looking at charges of $10,000 per minute or more.
What can automotive suppliers do to improve hazard identification?
- Create structured systems for observation and capturing issues, such as with high-frequency audits and safety walkthroughs
- Look upstream at processes, instead of just focusing on rear-facing product inspections
- Bring fresh eyes to hazard identification, drawing on management expertise with tools like Gemba walks and layered process audits (LPAs)
- Proactively analyze data as you collect it, rather than allowing weeks to pass before crunching spreadsheet data
- Periodically review lessons learned from issues like audits, recalls and complaints—a requirement of standards like IATF 16949
Hazard identification is crucial because risk management isn’t just about reacting to existing problems. It’s about identifying potential problems before they occur, so you can take preventive action.
2. Risk Assessment: Prioritizing Follow-Up
It’s not uncommon for suppliers to have a long list of hazards but only limited resources with which to address them. Which ones can you fix immediately, and which ones require deeper investigation? How do you decide when to implement new controls? This is where risk assessment comes in, focusing on probability and severity.
Some tools like FMEAs will give you a quantitative method for making decisions, calculating a risk priority number (RPN) based on severity (S), occurrence (O) and detection (D).
RPN = S x O x D
Other situations may involve a less formal approach to risk-based thinking. For example, when you identify a non-conformance during an audit, you have two options:
- Correct the problem on the spot with a mitigation
- Open a corrective action for full root cause analysis and further problem-solving (such as with the 8D method)
The choice you make should be based on risk, also taking into account that you don’t want minor, easily fixed items obscuring high-risk problems in your corrective action system.
3. Corrective Action: Closing the Loop
One place manufacturers frequently struggle is creating a closed-loop corrective action process. Corrective actions should include elements such as:
- Links to the original non-conformance, such as within the audit record
- Action items and deadlines
- Who’s responsible for each item and reviewing progress
- Escalations to notify management if employees don’t complete tasks
Many manufacturers use software to track corrective actions, which is especially helpful when tied to systems like a mobile audit platform. Linking the two allows you to improve visibility from hazard identification to follow-up.
4. Verification: Holding the Gains
The final critical step in the risk management process is continued monitoring and adjustment. This is where you check that your process is working and ensure that you’re holding the gains of corrective action.
Going back to our auditing example, you’ll want to make sure that you add new audit questions based on corrective actions and previous non-conformances. Only then can you see whether your corrective actions have solved the problem and are held in place, or whether you need to start the process over again.
And that’s the most important thing to remember: risk management is a process, not a one-off activity. Follow the plan-do-check-act cycle in your risk management activities, and you’ll see a big improvement in the effectiveness of your work.