Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Q.S.P-08
Rev
0
Issued To
Title
Date
Signed By
ManagementTeam
27/05/14
DATE
SECTIONS REVIEWED
PREPARED
APPROVED BY
270514
FirstIssue
QSP / 08 Rev 0
27/05/2014
Page 1 of 11
Procedure
No.QSP - 08
2. REFERENCES
3. DEFINITIONS
RIS/01 Risk Register A listing of known or perceived risks within the operating
systematCadengwhichmayimpactonproductdeliveryand/orquality
RIS/02RiskAssessmentFormAformusedtorecorddataandinformationrelated
toriskassessment
RiskAnuncertaineventorconditionwhichmayimpactondeliveryand/orqualityof
product
Acceptable Risk Risk that is understood and agreed to by the organization
management and the customer, and is not considered sufficient to impact on the
definedsuccesscriteriawithintheapprovedlevelofresources.
ContingencyPlan Plan(s)determinedtominimizetheidentifiedrisk(Mitigation)
Harm Physical injury or damage to the health of people, or damage to property
and/ortheenvironment
Risk Analysis systematic use of available information to identify hazards and to
estimatetherisk
RiskAssessmentoverallprocesscomprisingariskanalysisandariskevaluation
Risk Evaluation judgment, on the basis of risk analysis, of whether a risk is
acceptableornot
RiskControlprocessthroughwhichdecisionsarereachedandprotectivemeasures
areimplementedforreducingrisksto,ormaintainingriskswithinacceptablelevels
Risk Management systematic application of management policies, procedures and
practicestothetasksofanalyzing,evaluatingandcontrollingrisk
LikelihoodThechanceofaneventoccurring
Consequencetheoutcomeofaneventaffectingobjectives
Grandfathering to be exempt from a new ruling due to a positive history and/or
proventrackrecord.
Residual Risk the risk which remains after actions have been taken to mitigate an
initialrisk
ContingencyPlanAbackuporalternatemeasurewhichcanbeusedifanunplanned
eventoccurswhichmayimpactondeliveryorqualityofproduct
QSP / 08 Rev 0
27/05/2014
Page 2 of 11
TheQualityManagementSystemat######,inconjunctionwithAPI,Customerand
Connection Licensor specifications, provides for numerous process controls
designed to ensure conformance to requirements. While these controls may be
adequatetomitigatelowtomoderatelevelrisksassociatedwiththemanufacturing
environment, this procedure shall be used to identify the significant risks to
achieving objectives, and to analyze, evaluate, and apply suitable risk treatment
measures.
For routine tasks such as standard threading and connection makeup, risk
management is conducted informally between the members of the management
team.Risksinvolvedinthesesortoftaskshavebeenrecognisedovermanyyearsof
operation,andarewellknowntoallconcerned.Theformalriskassessmentprocess
described in this procedure applies to tasks or projects which require ###### to
step outside familiar territory, and necessitate the implementation of procedures
notcommonlyutilised.
This procedure should be used in conjunction with other established procedures
andprocessesthroughouttheorganization,suchassales,quoting,contractreview,
production planning, purchasing, manufacturing, and inspection to provide an
integratedplanformanagingriskthroughoutproductrealization.
For the purposes of this process, the components of risk shall be identified as
follows:
Afuturerootcause(yettohappen),which,ifeliminatedorcorrected,
wouldpreventapotentialconsequencefromoccurring,
Aprobability(orlikelihood)assessedatthepresenttime,ofthatfuture
rootcauseoccurring,and
Theconsequence(oreffect)ofthatfutureoccurrence
NoteRisksshouldnotbeconfusedwithissues.Ifarootcauseisdescribedinthe
pasttense,therootcausehasalreadyoccurred,andhence,itisanissuethatneeds
toberesolved,butitisnotarisk.IssuesareresolvedthroughCorrectiveor
PreventiveActionsasdescribedinQSP/05SystemsMonitoringandImprovement.
4.2 - Responsibilities
ToassistwithRiskManagement,theQualityManagermaintainsaRiskRegister,
(RIS/01),whichlistsallknownsignificanteventswhichmayimpactonproduct
deliveryand/orquality.AssociatedrisktreatmentsandContingencyPlanscurrently
usedtoreducetherisktoacceptablelevelsintheseareasareamonginformation
includedintheRiskRegister.
Recordsofriskassessmentandmanagement,includingactionstaken,shallbe
maintainedasperQSP/04DocumentControlandRecordsManagement.
The General Manager shall retain ultimate authority and responsibility for Risk
Management. The Quality Manager is responsible to ensure that the risk
managementframeworkisestablished,implemented,monitored,andreviewedfor
improvement.
TheProductionManagerandtheGeneralmanagershallberesponsibleto:
Establish, use, and assist in the maintenance of the risk management
process.
Ensurethattheriskmanagementprocessiscommunicatedandintegrated
throughout the organization, and that risks are identified, managed and
QSP / 08 Rev 0
27/05/2014
Page 3 of 11
monitoredinaccordancewiththisprocess.
Ensure that adequate resources from all necessary disciplines are
allocatedtosupportthisprocess.
Ensure that risk treatment strategies are developed, implemented and
controlsmaintained.
Employeesatalllevelsshallberesponsibletomanagerisksinaccordancewiththis
processintheirrespectiveareasofconcern.
Riskcriteriaaredefinedintermsofthefollowing2elements:
1. Thelikelihoodofanevent(rootcause)occurring,and;
2. Theconsequenceofthatevent(rootcause)occurring
Thesecriteriashallbeusedlaterintheprocesstoevaluatethesignificanceofthe
risk.
4.3.1 - Likelihood
LIKELIHOOD
LEVEL
LIKELIHOOD
PROBABILITY
Remote
10%
Unlikely
30%
Probable
50%
HighlyProbable
70%
NearCertainty
90%
Fig1.
4.3.2 - Consequence
TheLevelofConsequenceelementshallbedeterminedusingthecriteriaspecified
in the following Levels and Types of Consequence Criteria table (Fig 2.), and
assignedaLevelNumber.Whilecosthasbeenincludedinthesecriteria,andshould
be considered in the quoting and estimating stages, the inclusion of cost criteria
shouldbeevaluatedforuseafterawardofcontract,(seesection4.8.1).
QSP / 08 Rev 0
27/05/2014
Page 4 of 11
CONSEQUENCE
LEVEL
PRODUCTQUALITY
DELIVERYSCHEDULE
COST
InsignificantRequires minor
rework to bring into full conformity.
NoImpact
1%
Increase
MinorRequires significant
rework to bring into full conformity.
MinorImpact - Internal
schedule slip. Still able to meet
original delivery schedule and
quantity
5%
Increase
ModerateExtensive rework
or remake. Cannot be reworked to
meet conformity requirements.
Requires customer concession to
"Use as is"
SomeImpact Requires
minor schedule (< 7 days) or
quantity concession from
customer.
5%
Increase
MajorImpact Requires
10%
Increase
Catastrophic Unable to
deliver parts. Major impact to
customer production or
program schedule.
20%
Increase
Fig2.
4.3.3 - Overall Risk
Score
TheoverallRiskLevelisdeterminedusingtheRiskAssessmentScoringChart(Fig3.),
andisassignedaLevelofLow(L),Moderate(M),orHigh(H).
LIKELIHOOD
RISKASSESSMENTSCORINGCHART
5
Near
Certainty
4
Highly
Probably
3
Probable
2
Unlikely
1
Remote
1
Insignificant
2
Minor
3
Moderate
4
Major
5
Severe
CONSEQUENCE
Fig3.
QSP / 08 Rev 0
27/05/2014
Page 5 of 11
Existing risk controls (refer to RIS/01 Risk Register) are evaluated against the
following criteria to determine effectiveness, and whether further actions may be
necessary.
EXISTINGCONTROLSASSESSMENT
EFFECTIVE
Indicateseffectiveriskcontrolsareinplaceresultingin
minimalnetrisk.
ADEQUATE
Indicatesriskcontrolsareinplaceandgenerallyeffective,
however,anopportunityforrefinementexiststofurther
reducerisk.Evaluateforfurtherrisktreatment.
FAIR
POOR
Indicatesriskcontrolsarepresentlybeingdeveloped,or
areonlypartiallyeffective.Applicationofrisktreatmentis
requiredtomitigaterisk.
Indicatesriskcontrolshavenotyetbeendeveloped,or
areineffective.Applicationofrisktreatmentisrequired
asamatterofpriority.
Fig4.
QSP / 08 Rev 0
27/05/2014
Page 6 of 11
Fig5.
QSP / 08 Rev 0
27/05/2014
Page 7 of 11
Thepurposeofthisstepistoidentifytheriskstoachievingobjectivessotheymay
be managed. Generally this will take place during the Quote and Contract Review
stages;howeverrisksshouldbecontinuouslyreevaluatedthroughouttheproduct
realization process. It is critical to identify risks as early in the life of a project as
possible, because a risk not identified at this stage may be excluded from further
analysis.
Tools for identifying risks may include Fault Tree Analysis (FTA), Failure Mode and
EffectsAnalysis(FMEA),HistoricalDataAnalysis,Brainstorming,informedopinions
andexpertadvicefromemployeesandreputablesourceswithinthemining,andoil
andgasindustry,stakeholderinput.
Potentialsourcesofriskinclude:
Requirements Customer identified or Industry determined special
requirements
Technology The degree to which existing technology has demonstrated
sufficient maturity to be realistically capable of meeting performance
objectives
Deliveryofnonconformingproduct
Production/FacilitiesTheabilitytoachieveperformanceobjectivesbased
onavailablemanufacturingresourcesandprocesses
SupplierperformanceTheabilityofmaterialsupplierstodelivercompliant
productstoadesignatedschedule
OutsourcesTasksTheabilities,experience,knowledge,andavailability,of
outsourcedprocesssuppliers
CostTheabilityofoursystemtoachievecostobjectives.Thisincludesthe
effects of errors in estimating techniques used, the cost of poor quality
associatedwithcustomerfurnishedmaterialsandotherfinancialorbudget
effects
Management The degree to which plans and strategies exist and are
realistic and consistent. Staffing and supervision should be sufficient to
executethetask
AvailabilityofCompetentpersonnel
ScheduleThesufficiencyoftimeallocatedtoachieveobjectives.Shortlead
timesfromcustomers,longleadtimesfromsuppliers,etc.
Having identified what events might occur, it is necessary to determine the root
causesfortheseevents.Theremaybemanywaysaneventcanhappen,however,
using the 5 Why process will allow you to determine the root cause for each
event.
Rootcauses(Risks)shallbedocumentedinRIS/02RiskAssessmentForm.
Oncetherootcauseshavebeenidentified,theywillneedtobeanalyzedintermsof
theirLikelihoodtooccur,andtheseverityofConsequencesshouldtheyoccur.This
isaccomplishedusingtheLikelihoodandConsequenceCriteriachartsestablishedin
sections4.3.1and4.3.2ofthisprocedure.
EachrootcauseshallbeassignedaLikelihoodLevelandaConsequenceLevelscore.
Thesewillbeusedtoevaluatetheoverallriskassessmentscore,whichinturnwill
determinefurtheraction.
ScoresshallbedocumentedinRIS/02RiskAssessmentForm.
QSP / 08 Rev 0
27/05/2014
Page 8 of 11
Usingthescoresdevelopedinsection4.6for"Likelihood"and"Consequence",use
the Risk Assessment Scoring chart to obtain a Risk Assessment Rating. This will
correspond to one of three (3) overall levels of risk, Low (Green), Moderate
(Yellow),orHigh(Red).
ForRisksratingintheLow(Green)category,Risktreatmentisnotrequired.Monitor
andReviewforfuturetreatment.
For Risks rating in the Moderate (Yellow) category, existing controls must be
evaluated for effectiveness. For controls assessed to be less than Adequate,
further risk treatment is required. For controls assessed to be only Adequate,
evaluateforfurtherrisktreatment.(Cost/BenefitRisk/Reward,etc.).
All Risks rating in the High (Red) category shall require risk treatment and / or
furtheranalysis.
OverallRiskRatingsshallbedocumentedinRIS/02RiskAssessmentForm.
4.7.1 - Contingency
Planning
The Quality manager maintains a Risk Register (RIS/01), which identifies all known
significantriskswhichmayimpactondeliveryandqualityofproduct.Includedinthe
Risk Register is a Contingency Plan, which identifies a solution which can be
implemented should a specified event occur. A Contingency Plan mitigates the
consequencesofanunplannedeventtakingplace,andisaformofrisktreatment.
TheexistenceofaContingencyPlancanbeusedtoreduceanunacceptableriskinto
anacceptablerisk.
The Contingency Plan shall encompass the significant risk scenarios associated with
the following:
Facility/equipment availability and maintenance
Supplier performance and Material availability/Supply
Delivery of Non-Conforming Product
Availability of Competent personnel
The Contingency Plan shall include authorities and responsibilities, and both internal
and external communication controls.
The risk scenarios and the actions required shall be updated if required based on
new risks identified.
All other information in this plan shall be updated whenever there is a change in
responsibilities, authorities and/or communication controls.
This contingency plan shall be communicated to all personnel and shall be accessible
to all employees via the Master List of Forms and Documents (DC/01).
Risktreatmentisprocessofidentifyingtheoptionsformodifyingrisks,selectingand
implementing those options in the form of a risk treatment plan. Once
implemented,treatmentsprovideormodifyriskcontrols.
Risktreatmentinvolvesthecyclicalprocessof:
developingarisktreatment
Decidingwhetherresidualrisklevelsareacceptable
Ifnotacceptable,developinganewrisktreatment
Assessingtheeffectivenessofthattreatment
Risk treatment options are not necessarily mutually exclusive or appropriate in all
circumstances.Theavailableoptionscaninclude:
Avoidingtheriskbydecidingnottostartorcontinueanactivity
Accepting,orevenincreasingtheriskinordertopursueanopportunity
Removingthesourceoftherisk
QSP / 08 Rev 0
27/05/2014
Page 9 of 11
ChangingtheLikelihoodoftheriskoccurring
ChangingtheConsequenceoftheriskoccurring(Contingency)
Sharingtheriskwithanotherpartyorparties
Retainingtheriskbyinformeddecision
1. Selectingthemostappropriatetreatmentoptionsinvolvesbalancingthecostsof
implementation against the benefits derived. In general, the cost of managing
risk needs to be commensurate with the benefits obtained. When evaluating
costversusbenefit,thecontextshouldbetakenintoaccount.Itisimportantto
considerallcosts,bothdirectandindirect,andallbenefitswhethertangibleor
intangible.
2. Decisionsshouldaccountfortheneedtoconsidercarefullythoserarebutsevere
risks that may warrant risk treatment, that are not justifiable on strictly
economic grounds. Customer, regulatory, or legal requirements may override
simplecost/benefitanalysis.
3. If budgetary constraints exist, the treatment plan should clearly specify the
priority order in which treatments should be implemented. Consider the full
impactofnottakingactionagainstanycostsavings.
4. If after treatment residual risk remains, this risk should be evaluated and a
decision should be made about whether to retain this risk, or repeat the risk
treatmentprocess.
Thepurposeofthetreatmentplanistodocumenthowthechosenoptionswillbe
implemented.Theplanmaybedocumentedinanyformat,andmayrequireseveral
formats,however,shouldbeavailabletoallconcernedstakeholdersandcontainas
aminimum:
Theproposedactions
Resourcerequirements
Assignedresponsibilities
Timingandschedulingrequirements
Performancemeasures
Reportingandmonitoringrequirements
Treatment plans should be integrated with other management processes such as
Quoting, Contract Review, Production Planning, Manufacturing, and Verification
activities.
Once a risk treatment has been implemented, all information related to the
assessment and subsequent treatment plan shall be determined and recorded on
theRiskAssessmentForm(RIS/02)bythedesignatedperson.
The designated person shall complete all remaining relevant sections of the Risk
AssessmentFormandforwardittotheQualityManager.
The QA shall transfer the information to the Risk Register (RIS/01) and maintain
relevantdocuments.
AsignificantriskmaybeincludedinContingencyPlan.
Ongoing review is essential to ensure that the management plan remains relevant
andeffective.ThefactorsthataffecttheLikelihoodandConsequencesofanevent
may change, as may the factors that affect the suitability or cost of the treatment
QSP / 08 Rev 0
27/05/2014
Page 10 of 11
QSP / 08 Rev 0
27/05/2014
Page 11 of 11