cqe on line - marks master set of slides · 9,,$ 5lvn 2yhuvljkw %r. 5lvn 2yhuvljkw 3odqqlqj dqg...

Certified Quality Engineer Refresher Course

BoK VII. Risk Management

Copyright © 2017 Mark Lindsey 1

CQE Body of KnowledgeTopic # Questions

I. Management and Leadership 18II. Quality System 16III. Product, Process, and Service Design 23IV. Product and Process Control 25V. Continuous Improvement 27VI. Quantitative Methods and Tools 36VII. Risk Management 15


Materials recommended for this Course and Exam

These slides are based on the Body of Knowledge (BoK) on the exam.

To prepare for the open book exam, other materials are highly recommended*.– Quality Council of Indiana Primer and Solution Text

which is an extensive resource for the examhttp://www.qualitycouncil.com

– ASQ various publicationshttp://asq.org/cert


VII. Risk Management (15 questions)3 Sub-Topics to Cover

A. Risk Oversight

B. Risk Assessment

C. Risk Control


VIIA. Risk Oversight (BoK)

Risk Oversight

1. Planning and oversight– Understand identification, planning, prioritization,

and oversight of risk. (Understand)

2. Metrics– Identify and apply evaluation metrics. (Apply)

3. Mitigation planning– Apply and interpret risk mitigation plan. (Evaluate)


Risk Oversight Planning

Risk management is an increasingly important business driver and stakeholders have become more concerned about risk.

Risk may be a driver of strategic decisions, it may be a cause of uncertainty in the organization or it may be embedded in the activities of the organization.



An enterprise-wide approach to risk management enables an organization to consider the potential impact of all types of risks on all processes activities, stakeholders, products and services.

Implementing a comprehensive approach will result in an organization benefiting from what is often referred to as the “upside of risk” aka “rewards”.



Risk management standards have been published, such as the ISO 31000 “Risk management –Principles and guidelines”. – This guide draws together developments to provide a

structured approach to implementing enterprise riskmanagement (ERM).

– This presentation uses content from this publication.


EU14971:2003 Corporate Risk Management Program


Implementation ofRisk Control

Measures

Culture on RiskCommunication

RMPolicy

An Integrated RiskManagement Process

(for all phases of the life of the product)

TrainingOf

Personnel

PostProductionMonitoring

RiskGraph

ResidualRisk

Risk Hazard

Cause

VerificationOf

Effectiveness


FDA issued an Industry guidance document in 2006 called “Q9 Quality Risk Management.– http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-drugs-

gen/documents/document/ucm073511.pdf

– This presentation uses content from this publication.





There is a need to understand the risks being taken when seeking to achieve objectives and attain the desired level of reward.

Organizations need to understand the overall level of risk embedded within their processes and activities.

It is important for organizations to recognize and prioritize significant risks and identify the weakest critical controls.

When setting out to improve risk management performance, the expected benefits of the risk management initiative should be established in advance. Copyright © 2017 Mark Lindsey 12



FDA Q9 Quality Risk Management

Risk Oversight PlanningThe outputs from successful risk management include:– Compliance

– Assurance

– Well informed decision-making.

These outputs will provide benefits by way of improvements in the efficiency of operations, effectiveness of tactics and strategy of the organization.



A defined risk management process will allow your organization to:– Effectively achieve its key objectives

– Oversee the entire risk management process

– Ensure risks are managed proactively in specificareas and activities

– Gain assurance about the effectiveness of yourcompany’s risk management

– Successfully respond to change in a timely fashion


Risk Management Process Overview1. Identify

2. Analyze

3. Plan


4. Track

5. Control

6. Learn & Mitigatehttps://i-technet.sec.s-msft.com/dynimg/IC119053.gif

https://technet.microsoft.com/en-us/library/cc535304.aspx

Risk Oversight PlanningRewards and Risks can be expressed in terms related to Confidence and Uncertainties (probabilities of an event and its effects).

Risk has three primary components1. An event (i.e. undesirable change, failure)

2. Probability of the occurrence of the event

3. The impact of the event (severity)


Risk Management Process OverviewSix Steps of the Risk Management Process

1. Identify

2. Analyze

3. Plan

4. Track

5. Control

6. Mitigate


QCI CQE Primer

Risk Management Process StepsThe following is a brief overview of the six steps of the Risk Management process.

1. Identify - Risk identification allowsindividuals to identify risks so theybecome aware of potential problems.Risk identification be undertakenearly and repeated at different stagesand changes.– Risk Statements – is an expression of a

causal relationship between a real condition(cause) and a potential effect.

– Root Cause - Should consider the root causeor originating source, of the risk condition.Understanding root causes can help to identifyadditional related risks.


Risk Management Process Steps

2. Analyze and Prioritize

– Risk analysis transforms theestimates or data about specificrisks that developed during riskidentification into a consistentform that can be used to makedecisions around prioritization.

– Risk prioritization enablesoperations to commit resources tomanage the most important risks.



3. Plan and Schedule

– Risk planning takes theinformation obtained fromrisk analysis and uses it toformulate strategies, plans,change requests, andactions.

– Risk scheduling ensures thatthese plans are approvedand then incorporated intothe standard day-to-dayprocesses and infrastructure.



4. Track and Report

– Risk tracking monitors thestatus of specific risks and theprogress in their respectiveaction plans.

– Also includes monitoring theprobability, impact, exposure,and other measures of risk forchanges that could change thepriority or risk plans.

– Risk reporting ensures that theManagement and otherstakeholders are aware of thestatus of top risks and the plansto manage them. Copyright © 2017 Mark Lindsey 22


Risk Tracking - monitors three main changes:1. Trigger values – If the event occurs, the contingency plan

needs to be executed.

2. The risk's condition, consequences, probability, andimpact - If any of these change (or are found to beinaccurate), they need to be re-evaluated.

3. The progress of a mitigation plan - If the plan is behindschedule or is not having the desired effect, it needs to bere-evaluated.

Monitors above changes on three main time frames:1. Constant - Monitored constantly or at least many times

each day.

2. Periodic - Review the top risks list, looking for changes inthe major elements. This often happens at meetings.

3. As-needed - Someone notices that part of a risk haschanged.



Risk Status Reporting - should operate at two levels-Internal and External. Regular risk status reports should consider four possible risk management situations for each risk:1. Resolution - A risk is resolved, completing the risk action

plan.

2. Consistency - Risk actions are consistent with the riskmanagement plan, in which case the risk plan actionscontinue as planned.

3. Variance - Some risk actions are at variance with the riskmanagement plan, in which case corrective measuresshould be defined and implemented.

4. Changeability - The situation has changed significantly withrespect to one or more risks and will usually involve re-analyzing the risks or re-planning an activity.



5. Control

– Risk control is the process ofexecuting risk action plans andtheir associated status reporting.

– Also includes initiating changecontrol requests when changes inrisk status or risk plans couldaffect the availability of the serviceor service level agreement (SLA).

• Monitor risk action plans.

• Correct for variations from plans.

• Respond to triggering events.



6. Mitigate and Learn - Formalizesthe lessons learned and uses toolsto capture, categorize and shareknowledge.– New risks – If an issue that had not

been identified earlier as a risk, itshould review whether any signs(leading indicators) could have helpedto predict the risk.

– Mitigation strategies - The other keylearning point is to captureexperiences of strategies that havebeen used successfully (or evenunsuccessfully) to mitigate risks. Useof a standard risk classificationprovides a meaningful way to grouprelated risks.


Risk Oversight - Metrics

Study by Stanford University on Corporate Governance shows the below metrics. https://www.gsb.stanford.edu/sites/gsb/files/publication-pdf/cgri-quick-guide-06-strategy-risk-oversight.pdf

– Most companies do not integrate risk managementand strategy. Is often delegated (internal audit, riskmanagement function, etc.) resulting in lessvisibility to the senior executives.

– 50% have no enterprise risk management in place.

– 20% describe their risk management as “mature” or“robust.”

– 45% have no structure for identifying and reportingrisk to the board.

– 38% do no formal risk assessment whendeveloping strategy.


Risk Oversight – Metrics

Software security/hazard analysis is performed during the requirements definition, specification, and design processes.

Consists of attributes that prevents unauthorized access


Risk Oversight – Metrics

The Software Risk Evaluation (SRE) is a process for identifying, analyzing, and developing mitigation strategies for risks in a software-intensive system while it is in development.

Refer to the Software Engineering Institute at Carnegie Mellon which receives funding from the Department of Defense (DoD). – http://www.sei.cmu.edu/productlines/frame_report/technicalRM.htm

– SEI Software Risk Evaluationhttp://www.sei.cmu.edu/reports/99tr029.pdf


Risk Oversight – Mitigation Planning

Risk Response - Assign responsibilities for each critical risk and have them develop contingency plans. Four strategies.

1. Avoidance

2. Transference

3. Mitigation

4. Acceptance


Risk Oversight – Mitigation Planning


Risk Management Process StepsQCI CQE Primer


VIIB. Risk Assessment (BoK)Risk Assessment

Apply categorization methods and evaluation tools to assess risk. (Analyze)


Hazard Risk Category Table - Example


Hazard Classification Matrix - example


Hazard Classification Matrix - example


Risk Management ToolsBelow is a partial listing of various Risk Management Tools. Most are covered in more detail in other presentations.– Standard Operating Procedures, Flow Charts,

Process Mapping, Check Sheets, Cause & EffectDiagrams, etc.

– Failure Mode Effects Analysis (FMEA)

– Fault Tree Analysis (FTA)

– Hazard Analysis and Critical Control Points(HACCP)

– Hazard Operability Analysis (HAZOP)

– Preliminary Hazard Analysis (PHA)

– Risk ranking and filtering

– Supporting statistical toolsCopyright © 2017 Mark Lindsey 37

FTA, FMEA, & Control Plans


FMEA versus FTA

FMEA FTAType of Analysis

“Bottoms-up”Considers failure modes at the lowest level and determines effects at the highest level

“Top down”Considers failure modes at the highest level and works down to determine causes at the lowest level

Type of Use

Typically used if there are multiple effects at the system level of comparable severityTop events cannot be explicitly definedThe identification of all failure modes is important

Typically used if there is one extremely critical top-level event.Product functionality is highly complexProduct is not repairable once initiated

Type of Use Copyright © 2017 Mark Lindsey 39

Fault Tree Analysis


Fault Tree Analysis

Fault Tree Analysis involves the following 7 steps:1. Define the top event.

2. Know the system.

3. Construct the tree.

4. Validate the tree.

5. Evaluate the tree.

6. Study tradeoffs.

7. Consider alternatives and recommendaction.


Ranking Guide Example


Failure Mode Effects Analysis (FMEA)

A FMEA or FMECA is a detailed analysis of a system down to the component or feature level.All items are classified as to the: 1. Failure Mode2. Effect of Failure3. Probability failure will occur4. Controls in place to prevent or detect the

failure

After classification, the items are then rated as to their level of risk on an matrix shown as a RPN (Risk Priority Number).


FMEA – RPN (Risk Priority Number) Calculation

SxOxD = RPNS = Severity of the effect of the failure on the rest of the system if the failure occurs. Rating is 1 – 10 (10 being worst).

O = probability of Occurrence this failure mode will occur. Rating is 1 – 10 (10 being worst). SxO = Criticality

D = ability of Detection. Effectiveness of the current controls to prevent or detect the occurrence. Rating is 1 – 10 (10 being least likely to detect).


FMEA – Key Steps / Questions


Design FMEA – Example


Design FMEA – Occurrence of Causes

Likelihood that the cause will occur

Use statistics from manufacturing and field performance to maintain this rating.New technology with no history = very highPrevention controls = very low


Design FMEA – Detection of Controls

Likelihood that the causewill be detected by the controls

No control = 10

Failure prevented by design control = 1


Process FMEA – Example


Process FMEA Occurrence Ranking

Likelihood that the cause will occurUse statistics from manufacturing and field performance to maintain this rating.New technology with no history = very highPrevention controls = very low


P-FMEA Detection RankingProbability that the cause will be detected by the controls

No control = 10

Failure prevented by design control = 1


Actions for High RPNs

Remember to also assess and mitigate risks that have a high Severity x Probability (SxO).

Actions for high RPNs include:– Eliminate the Occurrence

– Reduce the Severity

– Reduce the Occurrence

– Improve Detection

– Include it in the Process Control Plan


P-FMEA Linkages

P-FMEA is not a “stand-alone” document!

Design concept documents and D-FMEA are predecessors.

Process Control Plan and other documents are successors.


Control Plans

Control Plans are used to document and communicate the plan for monitoring and controlling the process and include:– Station/Operation Number and process description.

– Machinery, equipment, or fixtures.

– Reference drawing numbers.

– Product or process characteristic to be controlled.

– Evaluation method (gages, visual checks, etc.).

– Sample size and sample frequency.

– Control method (control chart, fixture, go and no-go,poka-yoke/mistake proofing, etc.).

– Reaction plan to be followed if a problem is detected.Copyright © 2017 Mark Lindsey 54

Control Plans - Example


Hazard Analysis and Critical Control Points (HACCP) (FDA Q9)

HACCP is a systematic, proactive, and preventive tool for assuring product quality, reliability, and safety.

It is a structured approach that applies technical and scientific principles to analyze, evaluate, prevent, and control the risk or adverse consequence(s) of hazard(s) due to the design, development, production, and use of products.


Hazard Analysis and Critical Control Points (HACCP)



HACCP consists of the following seven steps:1. Conduct a hazard analysis and identify preventive

measures for each step of the process

2. Determine the critical control points

3. Establish critical limits

4. Establish a system to monitor the critical controlpoints

5. Establish the corrective action to be taken whenmonitoring indicates that the critical control pointsare not in a state of control

6. Establish system to verify that the HACCP systemis working effectively

7. Establish a record-keeping systemCopyright © 2017 Mark Lindsey 58


Potential Areas of Use(s)– HACCP might be used to identify and manage risks

associated with physical, chemical, and biologicalhazards (including microbiological contamination).

– HACCP is most useful when product and processunderstanding is sufficiently comprehensive tosupport identification of critical control points.

– The output of a HACCP analysis is riskmanagement information that facilitates monitoringof critical points not only in the manufacturingprocess but also in other lifecycle phases.


Hazard Operability Analysis (HAZOP)(FDA Q9)

HAZOP is based on a theory that assumes that risk events are caused by deviations from the design or operating intentions.

HAZOP often uses a team of people with expertise covering the design of the process or product and its application.



Is a systematic brainstorming technique for identifying hazards using Guide Words.

Guide Words (e.g., No, More, Other Than, Part of) are applied to relevant parameters (e.g., contamination, temperature) to help identify potential deviations from normal use or design intentions.


Hazard Operability Analysis (HAZOP)


Hazard Operability Analysis (HAZOP)



Potential Areas of Use(s)– HAZOP can be applied to manufacturing processes,

including outsourced production and formulation aswell as the upstream suppliers, equipment andfacilities for substances and products.

– As is the case with HACCP, the output of a HAZOPanalysis is a list of critical operations for riskmanagement. This facilitates regular monitoring ofcritical points in the manufacturing process.


Preliminary Hazard Analysis (PHA)(FDA Q9)

PHA is a tool of analysis based on applying prior experience or knowledge of a hazard or failure to identify future hazards, hazardous situations and events that might cause harm, as well as to estimate their probability of occurrence for a given activity, facility, product, or system.


Preliminary Hazard Analysis (PHA)


Preliminary Hazard Analysis (PHA)(FDA Q9)The tool consists of 4 steps:

1. The identification of the possibilities that the riskevent happens

2. The qualitative evaluation of the extent of possibleinjury or damage to health that could result

3. Relative ranking of the hazard using a combinationof severity and likelihood of occurrence.

4. The identification of possible remedial measures


Preliminary Hazard Analysis (PHA)(FDA Q9)

Potential Areas of Use(s)– PHA might be useful when analyzing existing

systems or prioritizing hazards where circumstancesprevent a more extensive technique being used.

– It can be used for product, process and facilitydesign as well as to evaluate the types of hazardsfor the general product type, then the product class,and finally the specific product.

– Commonly used early in the development of aproject when there is little information on designdetails or operating procedures.

– Typically, hazards identified in the PHA are furtherassessed with other risk management tools.


Risk Ranking and Filtering (FDA Q9)

Risk ranking of complex systems typically involves evaluation of diverse quantitative and qualitative factors for each risk.

The tool involves breaking down a basic risk question into as many components as needed to capture factors involved in the risk.



These factors are combined into a single relative risk score that can then be used for ranking risks.

“Filters,” in the form of weighting factors or cut-offs for risk scores, can be used to scale or fit the risk ranking to management or policy objectives.


Risk Ranking and Filtering



Potential Areas of Use(s)– Risk ranking and filtering can be used to prioritize

manufacturing sites for inspection/audit byregulators or industry.

– Risk ranking methods are particularly helpful insituations in which the portfolio of risks and theunderlying consequences to be managed arediverse and difficult to compare using a single tool.

– Risk ranking is useful for management to evaluateboth quantitatively-assessed and qualitatively-assessed risks within the same organizationalframework.


Supporting Statistical Tools (FDA Q9)

They can enable effective data assessment, aid in determining the significance of the data set(s), and facilitate more reliable decision making.

A listing of some statistical tools commonly used is provided (covered in detail in other presentations):– Histograms

– Control charts

– Pareto charts

– Process capability analysis

– Design of experiments (DOE)


Supporting Statistical Tools (FDA Q9)


Aligning Risk Management Tools


Risk Analysis

• Intended Purpose Identification• Hazard Identification• Risk Estimation

Risk Evaluation

• Risk Acceptability Decision

Risk Control• Options analysis• Implementation• Residual Risk Evaluation• Overall Risk Acceptance

Post-production Information• Post-production experience• Systemic Procedures• Identification of new Hazards• Change Control & Feedback Loop

RiskAssessment

RiskManagement

Preliminary Hazard Analysis

Fault Tree AnalysisFunctional Analysis

Tolerability of RiskCost-Benefit AnalysisSocio/Ethical Analysis

FMECAHACCPHAZOPPAT

Six SigmaSPCCAPAComplaint Mgmt.


Strength

PurityQuality

Identity

Potency

FailureMode

Cause Effect

Ishikawa

PotentialFailure Mode and Effects Analysis

(Design FMEA)__ System__ Subsystem__ Component

Model Year/Vehicle(s):Core Team:

Design ResponsibilityKey Date:

FMEA N umber:Page 1 or 1Prepared by: Lee D awsonFMEA D ate (Orig.):

Item

Function

PotentialFailureMode

PotentialEffect(s) of

Failure

Potential Cause(s)/

Mechanism(s)Of Failure

CurrentDesign

ControlsPrevention

CurrentDesign

ControlsDetection

RecommendedAction(s)

Responsibility& Target

CompletionDate

ActionsTaken

Action ResultsSEV

CLASS

OCCUR

DETEC

R.P.N.

SEV

OCC

DET

R.P.N.

PotentialFailure Mode and Effects Analysis

(Design FMEA)__ System__ Subsystem__ Component

Model Year/Vehicle(s):Core Team:

Design ResponsibilityKey Date:

FMEA N umber:Page 1 or 1Prepared by: Lee D awsonFMEA D ate (Orig.):

Item

Function

PotentialFailureMode

PotentialEffect(s) of

Failure

Potential Cause(s)/

Mechanism(s)Of Failure

CurrentDesign

ControlsPrevention

CurrentDesign

ControlsDetection

RecommendedAction(s)

Responsibility& Target

CompletionDate

ActionsTaken

Action ResultsSEV

CLASS

OCCUR

DETEC

R.P.N.

SEV

OCC

DET

R.P.N.

FMECA

0123456789

10

A. Very High B. High C. Moderate D. Low E. Remote

I. Catastrophic

II. Critical

III. Marginal

IV. Minor

Probability of OccuranceCriticality Matrix

DOE

Multivariate Analysis

SPC

RawMaterial

Dispensing Granulation Drying Milling Mixing Tabletting Coating

Source: ISPE-Boston, Feb. 2005

Aligning Risk Management Tools

VIIA. Risk Control (BoK)Risk Control

1. Identification and documentation– Identify and document risks, gaps and

controls. (Analyze)

2. Auditing and Testing– Apply auditing techniques and testing of

controls. (Evaluate)


Risk Control (FDA Q9)

Risk control includes decision making to reduce and/or accept risks.

The purpose of risk control is to reduce the risk to an acceptable level.

Amount of effort used for risk control should beproportional to the significance of the risk.

Decision makers might use different processes,including cost-benefit analysis for understanding the optimal level of risk control.


Risk Control


Cost-Benefit Analysis – choosing options for the optimal level of control.


Risk control might focus on the following questions:– Is the risk above an acceptable level?

– What can be done to reduce or eliminate risks?

– What is the appropriate balance among benefits,risks and resources?

– Are new risks introduced as a result of the identifiedrisks being controlled?


Risk Control - example



Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level.

Risk reduction might include actions taken to mitigate the severity and probability of harm.

Processes that improve the detectability of hazards and quality risks might also be used as part of a risk control strategy.

The implementation of risk reduction measures can introduce new risks into the system or increase the significance of other existing risks so it is important to re-assess.


Risk Control



Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified. – In these circumstances, it might be agreed that an

appropriate quality risk management strategy hasbeen applied and that quality risk is reduced to aspecified (acceptable) level.

– This (specified) acceptable level will depend onmany parameters and should be decided on a case-by-case basis.


Risk Control Identification and Documentation (FDA Q9)

Quality risk management should be integrated into existing operations and documented appropriately.

Examples:– Quality Management

– Development

– Facility, equipment, and utilities

– Materials management

– Production

– Laboratory control and stability testing

– Packaging and labeling

– Inspection and assessment activities


Risk Mgmt as part of Integrated Quality Mgmt(FDA Q9)

Documentation– To review current interpretations and application of

regulatory expectations.

– To determine the desirability of and/or develop thecontent for SOPs, Guidelines, etc.

Training and Education– Determine the appropriateness of training based on

education, experience, and working habits of staff,as well as on a periodic assessment of previoustraining (e.g., its effectiveness).

– To identify the training, experience, qualifications,and physical abilities that allow personnel toperform an operation reliably and with no adverseimpact on the quality of the product.



Quality defects– To provide the basis for identifying, evaluating, and

communicating the potential quality impact of asuspected quality defect, complaint, trend, deviation,investigation, out of specification, etc.

– To facilitate risk communications and determineappropriate action to address significant productdefects, in conjunction with regulatory authorities(e.g., recall).



Auditing/Inspection– To define the frequency and scope of audits, both

internal and external. Factors such as:• Existing legal requirements

• Compliance status and history of the company or facility

• Robustness of a company’s quality risk management

• Complexity of the site

• Complexity of the manufacturing process

• Complexity of the product and its therapeutic significance

• Number and significance of quality defects (e.g., recall)

• Results of previous audits/inspections

• Major changes of building, equipment, processes, keypersonnel

• Experience with manufacturing of a product

• Test results from laboratoriesCopyright © 2017 Mark Lindsey 88


Periodic review– To select, evaluate, and interpret trend results of

data within the product quality review

– To interpret monitoring data (e.g., to support anassessment of the appropriateness of revalidationor changes in sampling)



Change management/Change control– To manage changes based on knowledge and

information accumulated in development andduring manufacturing

– To evaluate the impact of the changes on theavailability of the final product



Change management/Change control– To evaluate the impact on product quality of

changes to the facility, equipment, material,manufacturing process, or technical transfers

– To determine appropriate actions preceding theimplementation of a change, e.g., additional testing,re-qualification, re-validation, or communicationwith regulators



Continual improvement– To facilitate continual improvement in processes

throughout the product lifecycle

Other areas covered in FDA Q9: – Regulatory Operations

– Development

– Facilities, Equipment and Utilities

– Materials Management

– Production

– Packaging and Labeling


OSHA's Nationally Recognized Testing Laboratory (NRTL) Program

Recognizes private sector organizations to perform certification for certain products to ensure that they meet the requirements of both the construction and general industry OSHA electrical standards.

Each NRTL has a scope of test standards that they are recognized for, and each NRTL uses its own unique registered certification mark(s) to designate product conformance to the applicable product safety test standards.

After certifying a product, the NRTL authorizes the manufacturer to apply a registered certification mark to the product.


Risk Mgmt – Process EvaluationGoals

Product quality and performance achieved and assured by design of robust processes that are:– Effective (minimal variation)*

– Efficient (time and cost)*

– Adaptable (ability to recover or improve)*• *Juran’s Dimensions of Success

Product specifications based on satisfying the customers and also based on process capabilities.

Continuous assurance of quality

94Copyright © 2017 Mark Lindsey

Risk Mgmt – Process EvaluationSources of Variation (based on the IPO model, Juran’sdefinition of a Process and Ishikawa’s Cause & Effect Diagram)

95

Materials

MethodsMan

Medium

Machine

Measurement

Input Process Output

Copyright © 2017 Mark Lindsey

Risk Mgmt – Process EvaluationSources of Variation (based on the IPO model, Juran’sdefinition of a Process and Ishikawa’s Cause & Effect Diagram)

96

INPUTS

(x)

Machine

Methods

Measure System

Prior Ops

Mater ials

Man

Machine - Equipment

Method - Process

Medium - Environment

Materials

Measurement

Man - People Inputs to the process control variability

of the output

Output

y = f(x)y

Variability - source of the “Process” risks to the product

Example50 Products

X10 Operations

X10 Orders per Year

X10 Lots/Batches/Units per Order

X12 Months (30 days per order)

X10 Transactions per Unit per Operation

=6,000,000 Transactions per year

Spec Limit Percent

Defects per Opportunity

(traditionally PPM)

+/- 1 sigma 30.23 697,700

+/- 2 sigma 69.13 308,700

+/- 3 sigma 93.32

(many companies)

66,810

+/- 4 sigma 99.379 6,210

+/- 5 sigma 99.97670 233

+/- 6 sigma (near perfect)

99.9997

(top companies)

3.4

Copyright © 2017 Mark Lindsey

Risk Mgmt – Process EvaluationValue Added and Non-Value Added Activities(NVA – 7 Wastes known as Over Inventory, Over Production, Processing, Motion, Waiting, Defects, Transportation)


Work Processes

AbnormalNormal

Non Value Add

UnnecessaryNecessary

EliminateReduce

Value Add

Flow

eliminate the abnormal and the unnecessary non-value added tasks

reduce the non-value added but necessary, e.g. regulatory

place the value-added processes into a natural sequence

Risk Mgmt – Process EvaluationCAPA Example

Copyright © 2017 Mark Lindsey 98Source: GHTF. 2005

Quality Risk Management – End


cqe on line - marks master set of slides · 9,,$ 5lvn 2yhuvljkw %r. 5lvn 2yhuvljkw 3odqqlqj dqg...

Documents