Home > Resources > Articles

Articles


Risk Management

for the Aviation, Defense and Space Industries

By Lee C. Bravener

With the introduction of the latest revision of the AS9100 we are challenged with fresh and amended points for our Quality Management systems. Paramount among these matters is the effective management of risk. Risk is certainly not a new concept to AS9100 or for that matter to ISO 9001 itself. In previous versions of AS9100 were told that the risk of new technology was something to be concerned about when reviewing potential new business and in ISO 9001 every time you were told something should be accomplished "as appropriate" one had to be conscious of the risk what was appropriate. However with AS9100C we are now being advised to "manage" risk, but to suitably manage risk we must first acquire an appreciation of what risk is.

First it is important to understand that risk itself is not a problem, an issue or a crisis. Rather risk is the undesirable circumstance that has the likelihood of occurring and bringing with it a potentially negative consequence. Risk Management is a disciplined approach to dealing with these inherent undesirable circumstances which will be present when conducting business in the aviation, defense and space industries.

As is true with most if not all aspects of a management system, the management of risk will be a process.

  • Plan - Being accepting that risk will exist we can develop the necessary tools to address risk and its impact.
  • Identify - Discover and define risks inherent in the product.
  • Assess - Analyze and prioritize risks against cost, schedule and performance.
    • Likelihood X Impact = Risk
  • Handle - Implement actions to reduce the likelihood or consequence of risk to an acceptable level.
    • Avoidance (eliminate)
    • Reduction (mitigate)
    • Transference (outsource or insure)
    • Retention (accept and control)
  • Monitor - Evaluate the performance of risk handling actions

This management process may be characterized by the full scale documented process/program in the large OEM, with the full range of associated documented plans, forms, charts and automated databases. But it is a process that remains as valid when scaled back to fit the needs of the small organization just as essential to the aviation, defense and space industry. This diminutive model may be represented by a simple but disciplined approach to decision making, brought about by a simple work instruction and training. Simply put, Large or small, risk management is a methodic approach of selecting a cost effective manner of reducing the consequence of the risk to the organization.

Risk will be found throughout any stage of the business life cycle. Risk will be linked directly with the product, and it will related to the business/production processes, and will associated with the people, both outside and within the organization. It is not a question of if risk will be present; it is a question of when and where. Risks will never be fully evaded merely because of financial and practical limitations. Some level of residual risks will always be present. How this risk will impact the organization is what risk management is intended to address

"Risk brings out the ingenuity and resourcefulness which ensure success".
- Robert Rawls

Back to search results