QSP - 08 - Risk Assessment, Management and Contingency Planning Rev 0

QSP-08 RISK ASSESSMENT,
MANAGEMENT AND CONTINGENCY PLANNING
Q.S.P-08
RISK ASSESSMENT, MANAGEMENT AND

CONTINGENCY PLANNING
Rev
0
Issued To
Title
Date
Signed By
ManagementTeam
27/05/14
DATE
SECTIONS REVIEWED
PREPARED
APPROVED BY
270514
FirstIssue
Date of Issue: 27/05/2014

Date of Print: 18/06/2014
QSP / 08 Rev 0
27/05/2014
Page 1 of 11

Procedure
No.QSP - 08
RISK ASSESSMENT, MANAGEMENT AND

CONTINGENCY PLANNING
1. PURPOSE AND SCOPE

Toestablishmethodsforidentifyingandcontrollingrisksassociatedwithimpactondelivery,qualityofproduct,
andcostrequirementsassociatedwiththe manufactureanddeliveryofproductsinaccordancewithcustomer
and/or regulatory requirements. This procedure shall support ###### Quality Policy and assist in achieving
establishedQualityObjectives.
The procedure identifies the techniques, tools and their application for risk identification, assessment and
mitigation.
2. REFERENCES
3. DEFINITIONS

RIS/01 Risk Register A listing of known or perceived risks within the operating
systematCadengwhichmayimpactonproductdeliveryand/orquality
RIS/02RiskAssessmentFormAformusedtorecorddataandinformationrelated
toriskassessment
RiskAnuncertaineventorconditionwhichmayimpactondeliveryand/orqualityof
product
Acceptable Risk Risk that is understood and agreed to by the organization
management and the customer, and is not considered sufficient to impact on the
definedsuccesscriteriawithintheapprovedlevelofresources.
ContingencyPlan Plan(s)determinedtominimizetheidentifiedrisk(Mitigation)
Harm Physical injury or damage to the health of people, or damage to property
and/ortheenvironment
Risk Analysis systematic use of available information to identify hazards and to
estimatetherisk
RiskAssessmentoverallprocesscomprisingariskanalysisandariskevaluation
Risk Evaluation judgment, on the basis of risk analysis, of whether a risk is
acceptableornot
RiskControlprocessthroughwhichdecisionsarereachedandprotectivemeasures
areimplementedforreducingrisksto,ormaintainingriskswithinacceptablelevels
Risk Management systematic application of management policies, procedures and
practicestothetasksofanalyzing,evaluatingandcontrollingrisk
LikelihoodThechanceofaneventoccurring
Consequencetheoutcomeofaneventaffectingobjectives
Grandfathering to be exempt from a new ruling due to a positive history and/or
proventrackrecord.
Residual Risk the risk which remains after actions have been taken to mitigate an
initialrisk
ContingencyPlanAbackuporalternatemeasurewhichcanbeusedifanunplanned
eventoccurswhichmayimpactondeliveryorqualityofproduct
QSP / 08 Rev 0
27/05/2014
Page 2 of 11

4. PROCEDURE
4.1 - General
TheQualityManagementSystemat######,inconjunctionwithAPI,Customerand
Connection Licensor specifications, provides for numerous process controls
designed to ensure conformance to requirements. While these controls may be
adequatetomitigatelowtomoderatelevelrisksassociatedwiththemanufacturing
environment, this procedure shall be used to identify the significant risks to
achieving objectives, and to analyze, evaluate, and apply suitable risk treatment
measures.
For routine tasks such as standard threading and connection makeup, risk
management is conducted informally between the members of the management
team.Risksinvolvedinthesesortoftaskshavebeenrecognisedovermanyyearsof
operation,andarewellknowntoallconcerned.Theformalriskassessmentprocess
described in this procedure applies to tasks or projects which require ###### to
step outside familiar territory, and necessitate the implementation of procedures
notcommonlyutilised.
This procedure should be used in conjunction with other established procedures
andprocessesthroughouttheorganization,suchassales,quoting,contractreview,
production planning, purchasing, manufacturing, and inspection to provide an
integratedplanformanagingriskthroughoutproductrealization.
For the purposes of this process, the components of risk shall be identified as
follows:
Afuturerootcause(yettohappen),which,ifeliminatedorcorrected,
wouldpreventapotentialconsequencefromoccurring,
Aprobability(orlikelihood)assessedatthepresenttime,ofthatfuture
rootcauseoccurring,and
Theconsequence(oreffect)ofthatfutureoccurrence
NoteRisksshouldnotbeconfusedwithissues.Ifarootcauseisdescribedinthe
pasttense,therootcausehasalreadyoccurred,andhence,itisanissuethatneeds
toberesolved,butitisnotarisk.IssuesareresolvedthroughCorrectiveor
PreventiveActionsasdescribedinQSP/05SystemsMonitoringandImprovement.
4.2 - Responsibilities

ToassistwithRiskManagement,theQualityManagermaintainsaRiskRegister,
(RIS/01),whichlistsallknownsignificanteventswhichmayimpactonproduct
deliveryand/orquality.AssociatedrisktreatmentsandContingencyPlanscurrently
usedtoreducetherisktoacceptablelevelsintheseareasareamonginformation
includedintheRiskRegister.
Recordsofriskassessmentandmanagement,includingactionstaken,shallbe
maintainedasperQSP/04DocumentControlandRecordsManagement.
The General Manager shall retain ultimate authority and responsibility for Risk
Management. The Quality Manager is responsible to ensure that the risk
managementframeworkisestablished,implemented,monitored,andreviewedfor
improvement.
TheProductionManagerandtheGeneralmanagershallberesponsibleto:
Establish, use, and assist in the maintenance of the risk management
process.
Ensurethattheriskmanagementprocessiscommunicatedandintegrated
throughout the organization, and that risks are identified, managed and
QSP / 08 Rev 0
27/05/2014
Page 3 of 11

monitoredinaccordancewiththisprocess.
Ensure that adequate resources from all necessary disciplines are
allocatedtosupportthisprocess.
Ensure that risk treatment strategies are developed, implemented and
controlsmaintained.
Employeesatalllevelsshallberesponsibletomanagerisksinaccordancewiththis
processintheirrespectiveareasofconcern.
4.3 - Risk Criteria
Riskcriteriaaredefinedintermsofthefollowing2elements:
1. Thelikelihoodofanevent(rootcause)occurring,and;
2. Theconsequenceofthatevent(rootcause)occurring
Thesecriteriashallbeusedlaterintheprocesstoevaluatethesignificanceofthe
risk.
4.3.1 - Likelihood
TheLevelof Likelihoodelementshall bedeterminedusingthe criteriaspecifiedin

the following Levels of Likelihood Criteria Table (Fig 1.), and assigned a Level
Number. The level should be determined by evaluating all available information,
both current and historical, or by estimating the probability of occurrence using
experience and judgment as a guide. Every effort should be made to ensure the
determinedLevelisaccurate.
LIKELIHOOD
LEVEL
LIKELIHOOD
PROBABILITY
Remote
10%
Unlikely
30%
Probable
50%
HighlyProbable
70%
NearCertainty
90%
Fig1.
4.3.2 - Consequence

TheLevelofConsequenceelementshallbedeterminedusingthecriteriaspecified
in the following Levels and Types of Consequence Criteria table (Fig 2.), and
assignedaLevelNumber.Whilecosthasbeenincludedinthesecriteria,andshould
be considered in the quoting and estimating stages, the inclusion of cost criteria
shouldbeevaluatedforuseafterawardofcontract,(seesection4.8.1).
QSP / 08 Rev 0
27/05/2014
Page 4 of 11

CONSEQUENCE
LEVEL
PRODUCTQUALITY
DELIVERYSCHEDULE
COST
InsignificantRequires minor
rework to bring into full conformity.
NoImpact
1%
Increase
MinorRequires significant
rework to bring into full conformity.
MinorImpact - Internal
schedule slip. Still able to meet
original delivery schedule and
quantity
5%
Increase
ModerateExtensive rework
or remake. Cannot be reworked to
meet conformity requirements.
Requires customer concession to
"Use as is"
SomeImpact Requires
minor schedule (< 7 days) or
quantity concession from
customer.
5%
Increase
MajorMultiple scrapped parts.
MajorImpact Requires
Multiple parts require repair to

restore to acceptable condition.
Requires customer approval.
major schedule (> 7 days) or

quantity concession from
customer. Minor impact to
Customer production schedule.
Customer required Milestones
10%
Increase
SevereAll parts scrapped.

Unable to produce conforming
parts. Unable to obtain required
materials or services.
Catastrophic Unable to
deliver parts. Major impact to
customer production or
program schedule.
20%
Increase
Fig2.
4.3.3 - Overall Risk
Score
TheoverallRiskLevelisdeterminedusingtheRiskAssessmentScoringChart(Fig3.),
andisassignedaLevelofLow(L),Moderate(M),orHigh(H).
LIKELIHOOD
RISKASSESSMENTSCORINGCHART
5
Near
Certainty
4
Highly
Probably
3
Probable
2
Unlikely
1
Remote
1
Insignificant
2
Minor
3
Moderate
4
Major
5
Severe
CONSEQUENCE
Fig3.

QSP / 08 Rev 0
27/05/2014
Page 5 of 11

4.3.4 - Existing Risk
Controls
Existing risk controls (refer to RIS/01 Risk Register) are evaluated against the
following criteria to determine effectiveness, and whether further actions may be
necessary.
EXISTINGCONTROLSASSESSMENT
EFFECTIVE
Indicateseffectiveriskcontrolsareinplaceresultingin
minimalnetrisk.
ADEQUATE
Indicatesriskcontrolsareinplaceandgenerallyeffective,
however,anopportunityforrefinementexiststofurther
reducerisk.Evaluateforfurtherrisktreatment.
FAIR
POOR
Indicatesriskcontrolsarepresentlybeingdeveloped,or
areonlypartiallyeffective.Applicationofrisktreatmentis
requiredtomitigaterisk.
Indicatesriskcontrolshavenotyetbeendeveloped,or
areineffective.Applicationofrisktreatmentisrequired
asamatterofpriority.
Fig4.

QSP / 08 Rev 0
27/05/2014
Page 6 of 11

4.4 - Process Structure
Fig5.

QSP / 08 Rev 0
27/05/2014
Page 7 of 11

4.5 - Risk Identification
Thepurposeofthisstepistoidentifytheriskstoachievingobjectivessotheymay
be managed. Generally this will take place during the Quote and Contract Review
stages;howeverrisksshouldbecontinuouslyreevaluatedthroughouttheproduct
realization process. It is critical to identify risks as early in the life of a project as
possible, because a risk not identified at this stage may be excluded from further
analysis.
Tools for identifying risks may include Fault Tree Analysis (FTA), Failure Mode and
EffectsAnalysis(FMEA),HistoricalDataAnalysis,Brainstorming,informedopinions
andexpertadvicefromemployeesandreputablesourceswithinthemining,andoil
andgasindustry,stakeholderinput.
Potentialsourcesofriskinclude:
Requirements Customer identified or Industry determined special
requirements
Technology The degree to which existing technology has demonstrated
sufficient maturity to be realistically capable of meeting performance
objectives
Deliveryofnonconformingproduct
Production/FacilitiesTheabilitytoachieveperformanceobjectivesbased
onavailablemanufacturingresourcesandprocesses
SupplierperformanceTheabilityofmaterialsupplierstodelivercompliant
productstoadesignatedschedule
OutsourcesTasksTheabilities,experience,knowledge,andavailability,of
outsourcedprocesssuppliers
CostTheabilityofoursystemtoachievecostobjectives.Thisincludesthe
effects of errors in estimating techniques used, the cost of poor quality
associatedwithcustomerfurnishedmaterialsandotherfinancialorbudget
effects
Management The degree to which plans and strategies exist and are
realistic and consistent. Staffing and supervision should be sufficient to
executethetask
AvailabilityofCompetentpersonnel
ScheduleThesufficiencyoftimeallocatedtoachieveobjectives.Shortlead
timesfromcustomers,longleadtimesfromsuppliers,etc.
Having identified what events might occur, it is necessary to determine the root
causesfortheseevents.Theremaybemanywaysaneventcanhappen,however,
using the 5 Why process will allow you to determine the root cause for each
event.
Rootcauses(Risks)shallbedocumentedinRIS/02RiskAssessmentForm.
4.6 - Risk Analysis
Oncetherootcauseshavebeenidentified,theywillneedtobeanalyzedintermsof
theirLikelihoodtooccur,andtheseverityofConsequencesshouldtheyoccur.This
isaccomplishedusingtheLikelihoodandConsequenceCriteriachartsestablishedin
sections4.3.1and4.3.2ofthisprocedure.
EachrootcauseshallbeassignedaLikelihoodLevelandaConsequenceLevelscore.
Thesewillbeusedtoevaluatetheoverallriskassessmentscore,whichinturnwill
determinefurtheraction.
ScoresshallbedocumentedinRIS/02RiskAssessmentForm.

QSP / 08 Rev 0
27/05/2014
Page 8 of 11

4.7 - Risk Evaluation
Usingthescoresdevelopedinsection4.6for"Likelihood"and"Consequence",use
the Risk Assessment Scoring chart to obtain a Risk Assessment Rating. This will
correspond to one of three (3) overall levels of risk, Low (Green), Moderate
(Yellow),orHigh(Red).
ForRisksratingintheLow(Green)category,Risktreatmentisnotrequired.Monitor
andReviewforfuturetreatment.
For Risks rating in the Moderate (Yellow) category, existing controls must be
evaluated for effectiveness. For controls assessed to be less than Adequate,
further risk treatment is required. For controls assessed to be only Adequate,
evaluateforfurtherrisktreatment.(Cost/BenefitRisk/Reward,etc.).
All Risks rating in the High (Red) category shall require risk treatment and / or
furtheranalysis.
OverallRiskRatingsshallbedocumentedinRIS/02RiskAssessmentForm.
4.7.1 - Contingency
Planning
The Quality manager maintains a Risk Register (RIS/01), which identifies all known
significantriskswhichmayimpactondeliveryandqualityofproduct.Includedinthe
Risk Register is a Contingency Plan, which identifies a solution which can be
implemented should a specified event occur. A Contingency Plan mitigates the
consequencesofanunplannedeventtakingplace,andisaformofrisktreatment.
TheexistenceofaContingencyPlancanbeusedtoreduceanunacceptableriskinto
anacceptablerisk.
The Contingency Plan shall encompass the significant risk scenarios associated with
the following:
Facility/equipment availability and maintenance
Supplier performance and Material availability/Supply
Delivery of Non-Conforming Product
Availability of Competent personnel
The Contingency Plan shall include authorities and responsibilities, and both internal
and external communication controls.
The risk scenarios and the actions required shall be updated if required based on
new risks identified.
All other information in this plan shall be updated whenever there is a change in
responsibilities, authorities and/or communication controls.
This contingency plan shall be communicated to all personnel and shall be accessible
to all employees via the Master List of Forms and Documents (DC/01).
4.8 - Risk Treatment
Risktreatmentisprocessofidentifyingtheoptionsformodifyingrisks,selectingand
implementing those options in the form of a risk treatment plan. Once
implemented,treatmentsprovideormodifyriskcontrols.
Risktreatmentinvolvesthecyclicalprocessof:
developingarisktreatment
Decidingwhetherresidualrisklevelsareacceptable
Ifnotacceptable,developinganewrisktreatment
Assessingtheeffectivenessofthattreatment
Risk treatment options are not necessarily mutually exclusive or appropriate in all
circumstances.Theavailableoptionscaninclude:
Avoidingtheriskbydecidingnottostartorcontinueanactivity
Accepting,orevenincreasingtheriskinordertopursueanopportunity
Removingthesourceoftherisk

QSP / 08 Rev 0
27/05/2014
Page 9 of 11

4.8.1 - Selection of Risk

Treatment Options
ChangingtheLikelihoodoftheriskoccurring
ChangingtheConsequenceoftheriskoccurring(Contingency)
Sharingtheriskwithanotherpartyorparties
Retainingtheriskbyinformeddecision
1. Selectingthemostappropriatetreatmentoptionsinvolvesbalancingthecostsof
implementation against the benefits derived. In general, the cost of managing
risk needs to be commensurate with the benefits obtained. When evaluating
costversusbenefit,thecontextshouldbetakenintoaccount.Itisimportantto
considerallcosts,bothdirectandindirect,andallbenefitswhethertangibleor
intangible.
2. Decisionsshouldaccountfortheneedtoconsidercarefullythoserarebutsevere
risks that may warrant risk treatment, that are not justifiable on strictly
economic grounds. Customer, regulatory, or legal requirements may override
simplecost/benefitanalysis.
3. If budgetary constraints exist, the treatment plan should clearly specify the
priority order in which treatments should be implemented. Consider the full
impactofnottakingactionagainstanycostsavings.
4. If after treatment residual risk remains, this risk should be evaluated and a
decision should be made about whether to retain this risk, or repeat the risk
treatmentprocess.
4.8.2 - Preparing and

Implementing
Treatment Plans
Thepurposeofthetreatmentplanistodocumenthowthechosenoptionswillbe
implemented.Theplanmaybedocumentedinanyformat,andmayrequireseveral
formats,however,shouldbeavailabletoallconcernedstakeholdersandcontainas
aminimum:
Theproposedactions
Resourcerequirements
Assignedresponsibilities
Timingandschedulingrequirements
Performancemeasures
Reportingandmonitoringrequirements
Treatment plans should be integrated with other management processes such as
Quoting, Contract Review, Production Planning, Manufacturing, and Verification
activities.
Once a risk treatment has been implemented, all information related to the
assessment and subsequent treatment plan shall be determined and recorded on
theRiskAssessmentForm(RIS/02)bythedesignatedperson.
The designated person shall complete all remaining relevant sections of the Risk
AssessmentFormandforwardittotheQualityManager.
The QA shall transfer the information to the Risk Register (RIS/01) and maintain
relevantdocuments.
AsignificantriskmaybeincludedinContingencyPlan.
4.9 - Monitor and

Review

Ongoing review is essential to ensure that the management plan remains relevant
andeffective.ThefactorsthataffecttheLikelihoodandConsequencesofanevent
may change, as may the factors that affect the suitability or cost of the treatment
QSP / 08 Rev 0
27/05/2014
Page 10 of 11

options.OtherprocessmonitoringsuchasQualityandDeliveryperformance,aswell
as actual progress against treatment plan should provide information about the
effectivenessoftheriskmanagementprocess.
Informationgatheredduringriskassessmentsshallbecollatedandanalysedbefore
being presented at Management Review Meetings for discussion with a view to
possibleimprovementstotheQualityManagementsystem

QSP / 08 Rev 0
27/05/2014
Page 11 of 11

QSP - 08 - Risk Assessment, Management and Contingency Planning Rev 0

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

QSP - 08 - Risk Assessment, Management and Contingency Planning Rev 0

Caricato da

Copyright:

Formati disponibili

QSP-08 RISK ASSESSMENT,

MANAGEMENT AND CONTINGENCY PLANNING

RISK ASSESSMENT, MANAGEMENT AND

Date of Issue: 27/05/2014