Risk Management For CQE

CQE Body of Knowledge
Certified Quality Engineer # Questions

Topic
Refresher Course I. Management and Leadership
18
II. Quality System
16
BoK VII. Risk Management III. Product, Process, and Service Design
23
IV. Product and Process Control
25
V. Continuous Improvement
27
VI. Quantitative Methods and Tools
36
VII. Risk Management
15
Copyright © 2017 Mark Lindsey 1 Copyright © 2017 Mark Lindsey 2
Materials recommended for this Course

VII. Risk Management (15 questions)
and Exam
3 Sub-Topics to Cover
These slides are based on the Body of
Knowledge (BoK) on the exam. A. Risk Oversight
To prepare for the open book exam, other B. Risk Assessment
materials are highly recommended*.
C. Risk Control
– Quality Council of Indiana Primer and Solution Text
which is an extensive resource for the exam
http://www.qualitycouncil.com
– ASQ various publications
http://asq.org/cert

VIIA. Risk Oversight (BoK) Risk Oversight Planning
Risk management is an increasingly important
business driver and stakeholders have
Risk Oversight become more concerned about risk.
Risk may be a driver of strategic decisions, it
1. Planning and oversight may be a cause of uncertainty in the
– Understand identification, planning, prioritization, organization or it may be embedded in the
and oversight of risk. (Understand) activities of the organization.
2. Metrics
– Identify and apply evaluation metrics. (Apply)
3. Mitigation planning
– Apply and interpret risk mitigation plan. (Evaluate)
Risk Oversight Planning Risk Oversight Planning

An enterprise-wide approach to risk Risk management standards have been published,
management enables an organization to such as the ISO 31000 “Risk management –
Principles and guidelines”.
consider the potential impact of all types of
– This guide draws together developments to provide a
risks on all processes activities, stakeholders, structured approach to implementing enterprise risk
products and services. management (ERM).
– This presentation uses content from this publication.
Implementing a comprehensive approach will
result in an organization benefiting from what
is often referred to as the “upside of risk” aka
“rewards”.

EU14971:2003 Corporate Risk Management Program Risk Oversight Planning
FDA issued an Industry guidance document in 2006
RM called “Q9 Quality Risk Management.
Policy – http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-drugs-
gen/documents/document/ucm073511.pdf
An Integrated Risk – This presentation uses content from this publication.
Management Process
(for all phases of the life of the product)
Risk
Culture on Risk
Risk Hazard
Communication
Graph Cause
Implementation of Residual Verification
Training Risk Control Risk Of Post
Of Measures Effectiveness Production
Personnel Monitoring

There is a need to understand the risks being
taken when seeking to achieve objectives and
attain the desired level of reward.
Organizations need to understand the overall
level of risk embedded within their processes
and activities.
It is important for organizations to recognize
and prioritize significant risks and identify the
weakest critical controls.
When setting out to improve risk management
performance, the expected benefits of the risk
management initiative should be established
Copyright © 2017 Mark Lindsey 11 in advance. 12
Copyright © 2017 Mark Lindsey
FDA Q9 Quality Risk
Management
The outputs from successful risk management
include:
– Compliance
– Assurance
– Well informed decision-making.
These outputs will provide benefits by way of
improvements in the efficiency of operations,
effectiveness of tactics and strategy of the
organization.
Risk Oversight Planning Risk Management Process Overview

A defined risk management process will allow 1. Identify 4. Track
your organization to: 2. Analyze 5. Control
– Effectively achieve its key objectives 3. Plan 6. Learn & Mitigate
– Oversee the entire risk management process https://i-technet.sec.s-msft.com/dynimg/IC119053.gif
https://technet.microsoft.com/en-us/library/cc535304.aspx
– Ensure risks are managed proactively in specific

areas and activities
– Gain assurance about the effectiveness of your
company’s risk management
– Successfully respond to change in a timely fashion

Risk Oversight Planning Risk Management Process Overview
Rewards and Risks can be expressed in terms Six Steps of the Risk Management Process
related to Confidence and Uncertainties 1. Identify
(probabilities of an event and its effects). 2. Analyze
Risk has three primary components 3. Plan
1. An event (i.e. undesirable change, failure)
4. Track
2. Probability of the occurrence of the event
5. Control
3. The impact of the event (severity)
6. Mitigate
QCI CQE
Primer
Risk Management Process Steps Risk Management Process Steps

The following is a brief overview of the 2. Analyze and Prioritize
six steps of the Risk Management
process. – Risk analysis transforms the
estimates or data about specific
1. Identify - Risk identification allows
risks that developed during risk
individuals to identify risks so they identification into a consistent
become aware of potential problems. form that can be used to make
Risk identification be undertaken decisions around prioritization.
early and repeated at different stages
and changes. – Risk prioritization enables
operations to commit resources to
– Risk Statements – is an expression of a
causal relationship between a real condition manage the most important risks.
(cause) and a potential effect.
– Root Cause - Should consider the root cause
or originating source, of the risk condition.
Understanding root causes can help to identify
additional related risks.
3. Plan and Schedule 4. Track and Report
– Risk planning takes the – Risk tracking monitors the
information obtained from status of specific risks and the
risk analysis and uses it to progress in their respective
formulate strategies, plans, action plans.
change requests, and – Also includes monitoring the
actions. probability, impact, exposure,
– Risk scheduling ensures that and other measures of risk for
these plans are approved changes that could change the
and then incorporated into priority or risk plans.
the standard day-to-day – Risk reporting ensures that the
processes and infrastructure. Management and other
stakeholders are aware of the
status of top risks and the plans
Copyright © 2017 Mark Lindsey 21 to manage them. Copyright © 2017 Mark Lindsey 22

Risk Tracking - monitors three main changes: Risk Status Reporting - should operate at two levels-
1. Trigger values – If the event occurs, the contingency plan Internal and External. Regular risk status reports
needs to be executed. should consider four possible risk management
2. The risk's condition, consequences, probability, and situations for each risk:
impact - If any of these change (or are found to be 1. Resolution - A risk is resolved, completing the risk action
inaccurate), they need to be re-evaluated. plan.
3. The progress of a mitigation plan - If the plan is behind 2. Consistency - Risk actions are consistent with the risk
schedule or is not having the desired effect, it needs to be management plan, in which case the risk plan actions
re-evaluated. continue as planned.
Monitors above changes on three main time frames: 3. Variance - Some risk actions are at variance with the risk
1. Constant - Monitored constantly or at least many times management plan, in which case corrective measures
each day. should be defined and implemented.
2. Periodic - Review the top risks list, looking for changes in 4. Changeability - The situation has changed significantly with
the major elements. This often happens at meetings. respect to one or more risks and will usually involve re-
3. As-needed - Someone notices that part of a risk has analyzing the risks or re-planning an activity.
changed.
5. Control 6. Mitigate and Learn - Formalizes
– Risk control is the process of the lessons learned and uses tools
executing risk action plans and to capture, categorize and share
their associated status reporting. knowledge.
– New risks – If an issue that had not
– Also includes initiating change
been identified earlier as a risk, it
control requests when changes in should review whether any signs
risk status or risk plans could (leading indicators) could have helped
affect the availability of the service to predict the risk.
or service level agreement (SLA). – Mitigation strategies - The other key
• Monitor risk action plans. learning point is to capture
experiences of strategies that have
• Correct for variations from plans.
been used successfully (or even
• Respond to triggering events. unsuccessfully) to mitigate risks. Use
of a standard risk classification
provides a meaningful way to group
related risks.
Risk Oversight - Metrics Risk Oversight – Metrics

Study by Stanford University on Corporate Software security/hazard analysis is performed
Governance shows the below metrics. during the requirements definition,
https://www.gsb.stanford.edu/sites/gsb/files/publication-pdf/cgri-quick-guide-06-strategy-risk-oversight.pdf
specification, and design processes.
– Most companies do not integrate risk management
and strategy. Is often delegated (internal audit, risk Consists of attributes that prevents
management function, etc.) resulting in less unauthorized access
visibility to the senior executives.
– 50% have no enterprise risk management in place.
– 20% describe their risk management as “mature” or
“robust.”
– 45% have no structure for identifying and reporting
risk to the board.
– 38% do no formal risk assessment when
developing strategy.
Risk Oversight – Metrics Risk Oversight – Mitigation Planning
The Software Risk Evaluation (SRE) is a Risk Response - Assign responsibilities for
process for identifying, analyzing, and each critical risk and have them develop
developing mitigation strategies for risks in a contingency plans. Four strategies.
software-intensive system while it is in 1. Avoidance
development. 2. Transference
Refer to the Software Engineering Institute at 3. Mitigation
Carnegie Mellon which receives funding from
4. Acceptance
the Department of Defense (DoD).
– http://www.sei.cmu.edu/productlines/frame_report/technicalRM.htm
– SEI Software Risk Evaluation
http://www.sei.cmu.edu/reports/99tr029.pdf
Risk Oversight – Mitigation Planning Risk Management Process Steps

QCI CQE Primer

VIIB. Risk Assessment (BoK) Hazard Risk Category Table - Example
Risk Assessment
Apply categorization methods and
evaluation tools to assess risk.
(Analyze)
Hazard Classification Matrix - example Hazard Classification Matrix - example

Risk Management Tools
Below is a partial listing of various Risk FTA, FMEA, & Control Plans
Management Tools. Most are covered in more
detail in other presentations.
– Standard Operating Procedures, Flow Charts,
Process Mapping, Check Sheets, Cause & Effect
Diagrams, etc.
– Failure Mode Effects Analysis (FMEA)
– Fault Tree Analysis (FTA)
– Hazard Analysis and Critical Control Points
(HACCP)
– Hazard Operability Analysis (HAZOP)
– Preliminary Hazard Analysis (PHA)
– Risk ranking and filtering
– Supporting statistical tools
FMEA versus FTA Fault Tree Analysis

FMEA FTA
Type of “Bottoms-up” “Top down”
Analysis Considers failure modes Considers failure
at the lowest level and modes at the highest
determines effects at the level and works down
highest level to determine causes at
the lowest level
Type of Typically used if there Typically used if there
Use are multiple effects at is one extremely
the system level of critical top-level event.
comparable severity Product functionality is
Top events cannot be highly complex
explicitly defined Product is not
The identification of all repairable once
failure modes is initiated
important Copyright © 2017 Mark Lindsey
39
Type of Use
Copyright © 2017 Mark Lindsey 40

Fault Tree Analysis Ranking Guide Example
Fault Tree Analysis involves the following
7 steps:
1. Define the top event.
2. Know the system.
3. Construct the tree.
4. Validate the tree.
5. Evaluate the tree.
6. Study tradeoffs.
7. Consider alternatives and recommend
action.
Copyright © 2017 Mark Lindsey
42
FMEA – RPN (Risk Priority Number)

Failure Mode Effects Analysis (FMEA)
Calculation
SxOxD = RPN
A FMEA or FMECA is a detailed analysis S = Severity of the effect of the failure on
of a system down to the component or the rest of the system if the failure occurs.
feature level. Rating is 1 – 10 (10 being worst).
All items are classified as to the: O = probability of Occurrence this failure
1. Failure Mode mode will occur. Rating is 1 – 10 (10 being
2. Effect of Failure worst). SxO = Criticality
3. Probability failure will occur D = ability of Detection. Effectiveness of the
4. Controls in place to prevent or detect the current controls to prevent or detect the
failure
occurrence. Rating is 1 – 10 (10 being least
After classification, the items are then
rated as to their level of risk on an matrix likely to detect).
shown as a RPN (Risk Priority Number).
Design FMEA – Example
FMEA – Key Steps / Questions
Design FMEA – Occurrence of Causes Design FMEA – Detection of Controls

Likelihood that the
cause will occur Likelihood that the cause
will be detected by the
Use statistics from controls
manufacturing and
field performance
to maintain this No control = 10
rating.
New technology Failure prevented by
with no history = design control = 1
very high
Prevention
controls = very low

Process FMEA – Example
Process FMEA Occurrence Ranking
Likelihood that the cause will occur

Use statistics from manufacturing and field performance to
maintain this rating.
New technology with no history = very high
Prevention controls = very low
P-FMEA Detection Ranking Actions for High RPNs

Probability that the
cause will be Remember to also assess and mitigate
detected by the risks that have a high Severity x
controls Probability (SxO).
Actions for high RPNs include:
No control = 10 – Eliminate the Occurrence
– Reduce the Severity
Failure prevented by – Reduce the Occurrence
design control = 1 – Improve Detection
– Include it in the Process Control Plan

P-FMEA Linkages Control Plans
Control Plans are used to document and

communicate the plan for monitoring and
controlling the process and include:
– Station/Operation Number and process description.
– Machinery, equipment, or fixtures.
– Reference drawing numbers.
P-FMEA is not a “stand-alone” document! – Product or process characteristic to be controlled.
– Evaluation method (gages, visual checks, etc.).
Design concept documents and D-FMEA are
– Sample size and sample frequency.
predecessors.
– Control method (control chart, fixture, go and no-go,
Process Control Plan and other documents poka-yoke/mistake proofing, etc.).
are successors. – Reaction plan to be followed if a problem is detected.
Hazard Analysis and Critical Control

Control Plans - Example
Points (HACCP) (FDA Q9)
HACCP is a systematic, proactive, and

preventive tool for assuring product quality,
reliability, and safety.
It is a structured approach that applies
technical and scientific principles to analyze,
evaluate, prevent, and control the risk or
adverse consequence(s) of hazard(s) due to
the design, development, production, and use
of products.

Hazard Analysis and Critical Control Hazard Analysis and Critical Control
Points (HACCP) Points (HACCP) (FDA Q9)
HACCP consists of the following seven steps:
1. Conduct a hazard analysis and identify preventive
measures for each step of the process
2. Determine the critical control points
3. Establish critical limits
4. Establish a system to monitor the critical control
points
5. Establish the corrective action to be taken when
monitoring indicates that the critical control points
are not in a state of control
6. Establish system to verify that the HACCP system
is working effectively
7. Establish a record-keeping system
Hazard Analysis and Critical Control Hazard Operability Analysis (HAZOP)

Points (HACCP) (FDA Q9)
(FDA Q9)
Potential Areas of Use(s) HAZOP is based on a theory that assumes that
– HACCP might be used to identify and manage risks risk events are caused by deviations from the
associated with physical, chemical, and biological
hazards (including microbiological contamination).
design or operating intentions.
– HACCP is most useful when product and process HAZOP often uses a team of people with
understanding is sufficiently comprehensive to expertise covering the design of the process or
support identification of critical control points. product and its application.
– The output of a HACCP analysis is risk
management information that facilitates monitoring
of critical points not only in the manufacturing
process but also in other lifecycle phases.

Hazard Operability Analysis (HAZOP)
Hazard Operability Analysis (HAZOP)
(FDA Q9)
Is a systematic brainstorming technique for

identifying hazards using Guide Words.
Guide Words (e.g., No, More, Other Than, Part
of) are applied to relevant parameters (e.g.,
contamination, temperature) to help identify
potential deviations from normal use or design
intentions.
Hazard Operability Analysis (HAZOP) Hazard Operability Analysis (HAZOP)

(FDA Q9)
Potential Areas of Use(s)
– HAZOP can be applied to manufacturing processes,
including outsourced production and formulation as
well as the upstream suppliers, equipment and
facilities for substances and products.
– As is the case with HACCP, the output of a HAZOP
analysis is a list of critical operations for risk
management. This facilitates regular monitoring of
critical points in the manufacturing process.

Preliminary Hazard Analysis (PHA)
Preliminary Hazard Analysis (PHA)
(FDA Q9)
PHA is a tool of analysis based on applying
prior experience or knowledge of a hazard or
failure to identify future hazards, hazardous
situations and events that might cause harm,
as well as to estimate their probability of
occurrence for a given activity, facility, product,
or system.
Preliminary Hazard Analysis (PHA) Preliminary Hazard Analysis (PHA)

The tool consists of 4 steps: (FDA Q9) (FDA Q9)
1. The identification of the possibilities that the risk
event happens
2. The qualitative evaluation of the extent of possible
– PHA might be useful when analyzing existing
injury or damage to health that could result
systems or prioritizing hazards where circumstances
3. Relative ranking of the hazard using a combination prevent a more extensive technique being used.
of severity and likelihood of occurrence.
– It can be used for product, process and facility
4. The identification of possible remedial measures design as well as to evaluate the types of hazards
for the general product type, then the product class,
and finally the specific product.
– Commonly used early in the development of a
project when there is little information on design
details or operating procedures.
– Typically, hazards identified in the PHA are further
assessed with other risk management tools.
Risk Ranking and Filtering (FDA Q9) Risk Ranking and Filtering (FDA Q9)
Risk ranking of complex systems typically These factors are combined into a single
involves evaluation of diverse quantitative and relative risk score that can then be used for
qualitative factors for each risk. ranking risks.
The tool involves breaking down a basic risk “Filters,” in the form of weighting factors or cut-
question into as many components as needed offs for risk scores, can be used to scale or fit
to capture factors involved in the risk. the risk ranking to management or policy
objectives.
Risk Ranking and Filtering Risk Ranking and Filtering (FDA Q9)

– Risk ranking and filtering can be used to prioritize
manufacturing sites for inspection/audit by
regulators or industry.
– Risk ranking methods are particularly helpful in
situations in which the portfolio of risks and the
underlying consequences to be managed are
diverse and difficult to compare using a single tool.
– Risk ranking is useful for management to evaluate
both quantitatively-assessed and qualitatively-
assessed risks within the same organizational
framework.

Supporting Statistical Tools (FDA Q9)
Supporting Statistical Tools (FDA Q9)
They can enable effective data assessment,
aid in determining the significance of the data
set(s), and facilitate more reliable decision
making.
A listing of some statistical tools commonly
used is provided (covered in detail in other
presentations):
– Histograms
– Control charts
– Pareto charts
– Process capability analysis
– Design of experiments (DOE)
Aligning Risk Management Tools Aligning Risk Management Tools

Raw
Risk Analysis Dispensing Granulation Drying Milling Mixing Tabletting Coating
Material
Preliminary Hazard
• Intended Purpose Identification
Analysis
• Hazard Identification Identity Strength
Fault Tree Analysis
• Risk Estimation Quality Potential
Functional Analysis __ System

Failure Mode and Effects A nalysis
(Design FMEA)
Potency Purity
__ Subsystem
__ Component F ME A N um b er:
Risk
Page 1 or 1
Model Year/Vehicle(s): Design Responsibility P rep a re d b y: L e e D aw s o n
F ME A D ate (O rig .):
Core Team: Key Date:
Item C Potential O Current Current D Responsibility Action Results
Assessment
Potential Potential S L Cause(s)/ C Design Design E R. Recommended & Target
Failure Effect(s) of E A Mechanism(s) C T P. S O D R.
Controls Controls Action(s) Completion Actions
Mode Failure V S U E N.
Date
E C E P.
Function S Of Failure R Prevention Detection C Taken V C T N.
Risk Evaluation
10
Cause Failure Effect
Tolerability of Risk 9 Mode
• Risk Acceptability Decision
Cost-Benefit Analysis 8
Socio/Ethical Analysis 7
Risk Ishikawa 6
5
Management
4 IV. Minor
Risk Control 3 III. Marginal
FMECA 2
• Options analysis FMECA II. Critical
1
• Implementation HACCP I. Catastrophic
0
• Residual Risk Evaluation HAZOP A. Very High B. High C. Moderate D. Low E. Remote
• Overall Risk Acceptance PAT Probability of Occurance
Criticality Matrix
Post-production Information
• Post-production experience Six Sigma DOE
• Systemic Procedures SPC
• Identification of new Hazards CAPA Multivariate Analysis
• Change Control & Feedback Loop Complaint Mgmt.
SPC
Source: ISPE-Boston, Feb. 2005

VIIA. Risk Control (BoK) Risk Control (FDA Q9)
Risk control includes decision making to

Risk Control reduce and/or accept risks.
1. Identification and documentation The purpose of risk control is to reduce the risk
– Identify and document risks, gaps and to an acceptable level.
controls. (Analyze) Amount of effort used for risk control should be
2. Auditing and Testing proportional to the significance of the risk.
– Apply auditing techniques and testing of Decision makers might use different processes,
controls. (Evaluate) including cost-benefit analysis for
understanding the optimal level of risk control.
Risk Control Risk Control (FDA Q9)
Cost-Benefit Analysis – choosing options for Risk control might focus on the following
the optimal level of control. questions:
– Is the risk above an acceptable level?
– What can be done to reduce or eliminate risks?
– What is the appropriate balance among benefits,
risks and resources?
– Are new risks introduced as a result of the identified
risks being controlled?

Risk Control - example Risk Control (FDA Q9)
Risk reduction focuses on processes for

mitigation or avoidance of quality risk when it
exceeds a specified (acceptable) level.
Risk reduction might include actions taken to
mitigate the severity and probability of harm.
Processes that improve the detectability of
hazards and quality risks might also be used as
part of a risk control strategy.
The implementation of risk reduction measures
can introduce new risks into the system or
increase the significance of other existing risks
so it is important to re-assess.
Risk Control Risk Control (FDA Q9)
Risk acceptance can be a formal decision to

accept the residual risk or it can be a passive
decision in which residual risks are not
specified.
– In these circumstances, it might be agreed that an
appropriate quality risk management strategy has
been applied and that quality risk is reduced to a
specified (acceptable) level.
– This (specified) acceptable level will depend on
many parameters and should be decided on a case-
by-case basis.

Risk Control Identification and Risk Mgmt as part of Integrated Quality Mgmt
Documentation (FDA Q9) (FDA Q9)
Quality risk management should be integrated Documentation
into existing operations and documented – To review current interpretations and application of
appropriately. regulatory expectations.
Examples: – To determine the desirability of and/or develop the
content for SOPs, Guidelines, etc.
– Quality Management
– Development Training and Education
– Facility, equipment, and utilities – Determine the appropriateness of training based on
education, experience, and working habits of staff,
– Materials management
as well as on a periodic assessment of previous
– Production training (e.g., its effectiveness).
– Laboratory control and stability testing – To identify the training, experience, qualifications,
– Packaging and labeling and physical abilities that allow personnel to
– Inspection and assessment activities perform an operation reliably and with no adverse
impact on the quality of the product.
Risk Mgmt as part of Integrated Quality Mgmt Risk Mgmt as part of Integrated Quality Mgmt
(FDA Q9) (FDA Q9)
Quality defects Auditing/Inspection
– To provide the basis for identifying, evaluating, and – To define the frequency and scope of audits, both
communicating the potential quality impact of a internal and external. Factors such as:
suspected quality defect, complaint, trend, deviation, • Existing legal requirements
investigation, out of specification, etc. • Compliance status and history of the company or facility
– To facilitate risk communications and determine • Robustness of a company’s quality risk management
appropriate action to address significant product • Complexity of the site
defects, in conjunction with regulatory authorities • Complexity of the manufacturing process
(e.g., recall). • Complexity of the product and its therapeutic significance
• Number and significance of quality defects (e.g., recall)
• Results of previous audits/inspections
• Major changes of building, equipment, processes, key
personnel
• Experience with manufacturing of a product
• Test results from laboratories
(FDA Q9) (FDA Q9)
Change management/Change control
Periodic review
– To manage changes based on knowledge and
– To select, evaluate, and interpret trend results of information accumulated in development and
data within the product quality review during manufacturing
– To interpret monitoring data (e.g., to support an – To evaluate the impact of the changes on the
assessment of the appropriateness of revalidation availability of the final product
or changes in sampling)
(FDA Q9) (FDA Q9)
Change management/Change control Continual improvement
– To evaluate the impact on product quality of – To facilitate continual improvement in processes
changes to the facility, equipment, material, throughout the product lifecycle
manufacturing process, or technical transfers
Other areas covered in FDA Q9:
– To determine appropriate actions preceding the
implementation of a change, e.g., additional testing, – Regulatory Operations
re-qualification, re-validation, or communication – Development
with regulators – Facilities, Equipment and Utilities
– Materials Management
– Production
– Packaging and Labeling

OSHA's Nationally Recognized Testing Risk Mgmt – Process Evaluation
Laboratory (NRTL) Program Goals
Recognizes private sector organizations to perform
certification for certain products to ensure that they
Product quality and performance achieved and
meet the requirements of both the construction and assured by design of robust processes that
general industry OSHA electrical standards. are:
Each NRTL has a scope of test standards that they – Effective (minimal variation)*
are recognized for, and each NRTL uses its own – Efficient (time and cost)*
unique registered certification mark(s) to designate – Adaptable (ability to recover or improve)*
product conformance to the applicable product safety • *Juran’s Dimensions of Success
test standards.
Product specifications based on satisfying the
After certifying a product, the NRTL authorizes the
manufacturer to apply a registered certification mark to customers and also based on process
the product. capabilities.
Continuous assurance of quality
Risk Mgmt – Process Evaluation Risk Mgmt – Process Evaluation

Sources of Variation (based on the IPO model, Juran’s Sources of Variation (based on the IPO model, Juran’s
definition of a Process and Ishikawa’s Cause & Effect definition of a Process and Ishikawa’s Cause & Effect
Diagram) Diagram)
Materials Defects per
Spec Limit Percent Opportunity
Man Methods Machine
Man - People Example (traditionally

Inputs to the process PPM)
I +/- 1 sigma
50 Products
30.23
X
control variability
697,700
of the output
Input Process Output N Meth ods
+/- 2 sigma
10 Operations
69.13 308,700
X
P
Machine - Equipment
y = f(x) 10 Orders per Year
Medium Measurement U Measure Syst em

+/- 3 sigma 93.32
X
y
10 Lots/Batches/Units per Order
(many companies)
66,810
X
Measurement
Machine T +/- 4 sigma 12 Months 99.379
(30 days per order)
X
6,210
S Prior Op s
+/- 5 sigma
10 Transactions per Unit per Operation
99.97670
= 233
(x) Method - Process +/- 6 sigma (near
6,000,000 Transactions per year
99.9997 3.4
perfect) (top companies)
Mater ials
Materials
Output
Man
Medium - Environment Variability - source of the “Process” risks to the product

Risk Mgmt – Process Evaluation
Risk Mgmt – Process Evaluation CAPA Example
Value Added and Non-Value Added Activities
(NVA – 7 Wastes known as Over Inventory, Over Production,
Processing, Motion, Waiting, Defects, Transportation)
Work Processes
Normal Abnormal
Value Add Non Value Add
Necessary Unnecessary
Flow Reduce Eliminate
place the value-added reduce the non-value eliminate the abnormal

processes into a natural added but necessary, e.g. and the unnecessary non-
sequence regulatory value added tasks
Source: GHTF. 2005
Quality Risk Management – End

Risk Management For CQE

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Risk Management For CQE

Hochgeladen von

Copyright:

Verfügbare Formate

CQE Body of Knowledge

Certified Quality Engineer # Questions

Materials recommended for this Course

Copyright © 2017 Mark Lindsey 3 Copyright © 2017 Mark Lindsey 4

Copyright © 2017 Mark Lindsey 5 Copyright © 2017 Mark Lindsey 6

Risk Oversight Planning Risk Oversight Planning

Copyright © 2017 Mark Lindsey 7 Copyright © 2017 Mark Lindsey 8

Copyright © 2017 Mark Lindsey 9 Copyright © 2017 Mark Lindsey 10

Risk Oversight Planning Risk Oversight Planning

Copyright © 2017 Mark Lindsey 13 Copyright © 2017 Mark Lindsey 14

Risk Oversight Planning Risk Management Process Overview

– Ensure risks are managed proactively in specific

Copyright © 2017 Mark Lindsey 15 Copyright © 2017 Mark Lindsey 16

Copyright © 2017 Mark Lindsey 17 Copyright © 2017 Mark Lindsey 18

Risk Management Process Steps Risk Management Process Steps

Risk Management Process Steps Risk Management Process Steps

Risk Oversight - Metrics Risk Oversight – Metrics

Copyright © 2017 Mark Lindsey 29 Copyright © 2017 Mark Lindsey 30

Risk Oversight – Mitigation Planning Risk Management Process Steps

Copyright © 2017 Mark Lindsey 31 Copyright © 2017 Mark Lindsey 32

Copyright © 2017 Mark Lindsey 33 Copyright © 2017 Mark Lindsey 34

Hazard Classification Matrix - example Hazard Classification Matrix - example

Copyright © 2017 Mark Lindsey 35 Copyright © 2017 Mark Lindsey 36

FMEA versus FTA Fault Tree Analysis

Copyright © 2017 Mark Lindsey 40

FMEA – RPN (Risk Priority Number)

Copyright © 2017 Mark Lindsey 45 Copyright © 2017 Mark Lindsey 46

Design FMEA – Occurrence of Causes Design FMEA – Detection of Controls

Copyright © 2017 Mark Lindsey 47 Copyright © 2017 Mark Lindsey 48

Likelihood that the cause will occur

P-FMEA Detection Ranking Actions for High RPNs

Copyright © 2017 Mark Lindsey 51 Copyright © 2017 Mark Lindsey 52

Control Plans are used to document and

Hazard Analysis and Critical Control

HACCP is a systematic, proactive, and

Copyright © 2017 Mark Lindsey 55 Copyright © 2017 Mark Lindsey 56

Hazard Analysis and Critical Control Hazard Operability Analysis (HAZOP)

Copyright © 2017 Mark Lindsey 59 Copyright © 2017 Mark Lindsey 60

Is a systematic brainstorming technique for

Copyright © 2017 Mark Lindsey 61 Copyright © 2017 Mark Lindsey 62

Hazard Operability Analysis (HAZOP) Hazard Operability Analysis (HAZOP)

Copyright © 2017 Mark Lindsey 63 Copyright © 2017 Mark Lindsey 64

Copyright © 2017 Mark Lindsey 65 Copyright © 2017 Mark Lindsey 66

Preliminary Hazard Analysis (PHA) Preliminary Hazard Analysis (PHA)

Copyright © 2017 Mark Lindsey 69 Copyright © 2017 Mark Lindsey 70

Potential Areas of Use(s)

Copyright © 2017 Mark Lindsey 71 Copyright © 2017 Mark Lindsey 72

Copyright © 2017 Mark Lindsey 73 Copyright © 2017 Mark Lindsey 74

Aligning Risk Management Tools Aligning Risk Management Tools

Functional Analysis __ System

Item C Potential O Current Current D Responsibility Action Results

Source: ISPE-Boston, Feb. 2005

Copyright © 2017 Mark Lindsey 75 Copyright © 2017 Mark Lindsey 76

Risk control includes decision making to

Copyright © 2017 Mark Lindsey 77 Copyright © 2017 Mark Lindsey 78

Risk Control Risk Control (FDA Q9)

Copyright © 2017 Mark Lindsey 79 Copyright © 2017 Mark Lindsey 80

Risk reduction focuses on processes for

Risk Control Risk Control (FDA Q9)

Risk acceptance can be a formal decision to

Copyright © 2017 Mark Lindsey 83 Copyright © 2017 Mark Lindsey 84

Copyright © 2017 Mark Lindsey 89 Copyright © 2017 Mark Lindsey 90

Copyright © 2017 Mark Lindsey 91 Copyright © 2017 Mark Lindsey 92