Professional Documents
Culture Documents
Risk Management Handbook For Suppliers FCA - 3 Edition
Risk Management Handbook For Suppliers FCA - 3 Edition
Handbook for
Suppliers FCA
3rd Edition: May 30, 2020
PROJECT VALIDATION
REVISION 01
REVISION 02
2
Quality Engineering Suppliers - LATAM
Contents
1. Preface
2. Purpose
3. Scope
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
7. Attachments
3
Quality Engineering Suppliers - LATAM
1. Preface
The most basic risk concept is familiar, as the daily activities expose us to a series of risks,
which we have to live and learn with.
By approaching a little more of the theory, the risk is frequently defined as the combination
between probability of occurrence of a damage and its severity. ISO 31000 defines risk as an
effect of the uncertainty in the objectives. Objective is what we define constantly, whether in
our personal life, in daily processes or in the service and transformation activities.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
The daily characteristics intrinsic to the risk concept combined with the statistical nature of all
the processes which we deal with, brought the acknowledgment of risk management as a
valuable element in business management.
Reaching a common agreement of the application of risk management among the several
stakeholders in a given process is very difficult, as each stakeholder has different perceptions
on the potential damages, and assigns different probabilities to each potential risk, and
different degrees of severity to each one.
Within this context, and considering the diversity of the stakeholders, we considered that the
protection of manufacturing processes and products, via objective management of compliance,
should be considered as primordial.
A well-built approach for Risk Management may assure the quality of processes along the
supply chain, and the final quality of the product for the customer, as it provides means to
identify and control potential quality risks in the development and manufacturing phases. In
addition, when crisis management is required, the quality risks management may optimize the
decision-making process.
Current context
Today, we have clear concepts and common sense on the importance of Risk Management.
The experience shows us an instability and trend to risk, which may surprise us.
Why does the scenario become more critical? Which external and internal factors may
influence the probability, severity of risks and skills of the organizations to deal with them?
4
Quality Engineering Suppliers - LATAM
Social
Education Economical
External
Factors
Regulatory Investments
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
Technology
To evaluate the current context and its influence on the risk scenario, figure 1 shows some
factors external to the organizations. Let’s think briefly on some of these factors.
In this scenario, the investments are postponed or displaced to more promising markets.
Technologies become outdated and do not more represent the state-of-the-art in terms of risk
prevention, and critical processes are maintained with high dependence of labor for the
decision process.
The social scenario, with reduction of employment rates, has direct consequence for loss of
knowledge, also increasing the tension in the operational environment, thus requiring much
more from the managerial systems, attention and discipline for risk mitigation.
Within this context, the educational level is also affected in the medium- and long-terms.
Therefore, the capability to absorb training contents, loss of technological mastering and
reduction of the reaction capability required before crisis management, are all emphasized.
The international legal cooperation may be understood as a formal way to request from other
country any legal, investigative or administrative measure required for a concrete case in
progress. The effectiveness of justice, in a scenario of intensification of relations between the
nations and their people, whether within the business, migratory or information scope, requires
more and more a proactive and collaborative State. Legal relations are not more processed
only within a single Sovereign State; on the contrary, it is necessary to cooperate and request
5
Quality Engineering Suppliers - LATAM
the cooperation of other States to meet the claims for justice from the individual and the
society.1
We may conclude that, by one hand, if the companies and their products are more intensely
monitored by regulatory and consumer protection bodies, by the other hand, they are within a
context that brings greater criticality and trend to risk, if we consider the social-economic
instability and limitations for investments.
Model/
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
Flow/
Protocols
Decision Governance
process
Strategic
Systems Objectives
Internal
Knowledge Factors Structure
Principles
Functions
and values
Resources Responsibiliti
es
Figure 2 – Factors internal to the companies, which are determinant in trend/ severity to risk
The internal scenario of the organizations is also full of factors that influence risk management
in a crucial way. The way by which the business management is organized determines how
the factors shown in figure 2 influence risk management, whether in a positive or negative way.
The existence of governance, with structure, function and responsibility focused on risk
monitoring, is a fundamental pillar for risk management. This governance shall reflect the
company principles and values, and meet the strategic objectives.
With a basic governance structure, an organization may define better the processes, resources
and monitoring and analysis forms, resulting in decision processes more robust and suitable
to the needs.
Then, operational models, flows and protocols are defined, thus assuring practical involvement
of all the organizational levels.
1
Available at: http://www.justica.gov.br/sua-protecao/cooperacao-internacional
6
Quality Engineering Suppliers - LATAM
This internal structuring process is based on the management of knowledge, which is the most
valuable asset of the institutions in planning, verification and maintenance of processes and
products conformity, and consequently in the management of risks inherent to the operations.
An effective risk management may lead to better and more founded decisions, providing to
certification and regulatory bodies greater trust in the ability of an organization to dealing with
potential risks, reflecting directly the perceived value, and thus the business sustainability.
By considering the complexity and adverse situation of the external values, and recognizing
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
the importance of internal factors at companies and in the supply chain, FCA proposes this
guide as a path towards excellence in risk management.
This manual has the aim of offering systematic approach for quality risk management.
Based on the structure of this work, FCA has the initial purpose of inviting you for a thought
script on the trend of your organization to risk, its skills and abilities in the determination,
analysis, prevention and monitoring of risks, and the awareness of the several organizational
levels in terms of risk impacts, and the consequent need for their management.
Then, reserve a fraction of your time in the following issues, and be motivated to drill down the
concepts represented herein.
2. Purpose:
Developed by FCA and a group of automotive Suppliers to be guide for implementation of Risk
Management in the Organization, and a complement of IATF 16949 (see requirement 0.3.3 -
Risk Mindset), this Manual has the purposes below:
Establish requirements to be met in order to enable identification, analysis, evaluation and
treatment of risks related to products and processes.
Provide a tool for periodical analysis of the effectiveness of risk management derived from
the fulfillment of the manual’s requirements.
7
Quality Engineering Suppliers - LATAM
3. Scope
The fulfillment of the requirements in this manual is mandatory for all FCA Direct Materials
Suppliers (hereinafter named as “Organization” or “Organizations”), and their verification shall
meet the conditions stipulated in the own manual.
FCA may, at its discretion, exempt some Organizations from the fulfillment of these
requirements in function of the types of products supplied by these Organizations (products
considered as low risk). When applicable, this exemption will be formally notified by FCA to
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
The risks object of this manual’s content are related, ultimately, to the ones derived from
processing and utilization of the products supplied to FCA, and which make up the vehicles it
produces, considering their whole lifetime. These risks may be related to statutory and
regulatory, personal safety and environment protection aspects. Hereinafter, these risks are
named as “product risks”.
The requirements of this manual are complementary, and do not supersede, the ones of IATF
16949 and other FCA standards.
The present requirements are applicable, in cascade, to the Organizations´ Direct Materials
Suppliers.
8
Quality Engineering Suppliers - LATAM
9
Quality Engineering Suppliers - LATAM
Fully automatic inspection: quality control performed by automatic equipment, also with
automatic product loading and unloading, as well as its destination in case of nonconformity
detection. There is no human interference in this kind of quality control process.
Semi-automatic inspection: quality control performed by automatic equipment, with loading
and/or unloading and/or destination of defective products performed by human operator.
Lessons learned: knowledge acquired from failures or hits, and that can be used to prevent
repetition of failures, or to assure retention of hits.
Homogeneous lot: amount of homogeneous products formed by elements manufactured
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
under the same conditions. For non-complex (single element) products, the lot homogeneity is
determined by the uniformity of the manufacturing process and homogeneity of the raw
materials used. For complex products, in addition of the determinant factors above, it shall be
established the priority and “qualifying” element and/or component, and which homogeneity
qualifies the lot homogeneity.
Risk mapping: determination/recognition of current risks in the process, using predefined
methodology (see risk identification)
Risk mitigation: actions to reduce or remediate the impacts from occurrences of risk situations
Risk prioritization: way to classify and determine risks that shall be handled first over the
remaining ones.
Special process: this is the manufacturing process which results cannot (or hardly can) be
verified directly in the products produced. In this case, monitoring of these processes is vital
to assure product conformity. Except otherwise indicated, the special processes considered in
this manual are heat treatment, plating, painting, metallurgical welding, electrical-electronic
welding, molding and casting.
Quality records: all and any records related to activities that affect, whether directly or
indirectly, the product quality. The quality record may refer to the confirmation of execution of
an activity (setup, inspection, etc.), or to the activity result (results from controls,
measurements, etc.).
Risk: Effect from uncertainty in the objectives.
Risk treatment: Selection and implementation of actions to modify risks, which may comprise:
action to prevent risk by the decision of not starting or discontinuing the risk-originator
activity;
assume or increase the risk, to pursue an opportunity;
removal of the risk source;
change of probability;
change of consequences;
risk sharing with other part(ies) (including contracts and financing of risk, insurance for
recall campaign, etc.); and
risk retention by conscious choice.
10
Quality Engineering Suppliers - LATAM
Purpose:
Define a structure that assures implementation, execution and continuous improvement of the
risk management process, by its monitoring and critical analysis of the results achieved, and
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
A) Organizational Structure
1) The Organization shall define an organizational structure for risk management, which
considers, among other activities, the creation of a Risk Committee formed by
multidisciplinary team, minimally composed by representatives of the Sales, Product
Development, Manufacturing Engineering, Manufacturing, Quality and Purchasing/Supplier
Quality Engineering. The Risk Management process, including the Risk Committee
proceedings, shall be formally described in the Organization’s management system.
2) The Risk Committee shall be assigned with authority and responsibilities for:
a) Implement actions for full compliance with the requirements of the present manual,
assuring management of product risks from the onset of the development process to the
end of its lifetime.
b) Assure that the processes for quotations, feasibility analysis, quality planning and
Technical Review meetings with FCA, including product and process change reviews,
consider the product risk factors.
c) Assure that, in the Product Development process, the Special Characteristics of the
product and the manufacturing process are identified, agreed with FCA, and duly
handled in terms of assurance of its conformity.
d) Evaluate systematically the results and trends of the performance indicators of products
and manufacturing processes (O.E.E. Included - see section 5.2 later), identifying
potential product risks.
e) Monitor, identify and manage events related to product risks, maintaining the top
management of the Organization informed, and when applicable, FCA and Suppliers.
f) Stop the manufacturing and expedition of products in situations where product risks are
identified, acting quickly and effectively for complete normalization of these situations.
g) Be responsible for the product safety process, provisioned in item 4.4.1.2 of IATF
16949:2016 standard (Product Safety).
h) Promote the internal disclosure in the proper levels, full knowledge and awareness of the
civil and criminal liabilities related to potential failures of the Organization’s products,
consequences from Recall Campaigns of the circulating fleet and the need for funding
to support these activities (insurance, reserve fund, etc.).
11
Quality Engineering Suppliers - LATAM
i) Assure the coverage of this handbook requirements to other units from the Organization
that develop, manufacture and supply products to FCA.
B) Product Risk Manager (PRM)
1) The Risk Committee shall be coordinated by the Product Risk Manager (PRM), assigned by
the Organization’s board, and that holds the following minimum competences:
a) Be a manager / senior professional of the company.
b) Know the products manufactured by the Organization, their requirements, function and
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
Note:
Figures 3, 4 and 5 below are examples of a typical structure for risk management in an
Organization.
Goals,
strategies,
Board guidelines
Risk
Risk management
Committee process,
monitoring,
Leading roles,
professionals, Risk handling
teams
12
Quality Engineering Suppliers - LATAM
Board
Risk Quality
Committee Management
START
No Risk
identified?
Yes
Risk handling
Reporting and
feedback lessons
learnt
13
Quality Engineering Suppliers - LATAM
5.2 Product and Manufacturing Process Controls (IATF 16949 – 4.4.1 and 8.5.1)
Purpose:
Assure that the manufacturing and control processes are capable to assuring the product
conformity.
Requirements:
14
Quality Engineering Suppliers - LATAM
C) Manufacturing Capacity
1) The Organization shall manage the capacity of its manufacturing systems, by systematic
determination and monitoring of O.E.E. (Overall Equipment Effectiveness).
2) A ranking, based on the O.E.E. results of all the manufacturing systems of the Organization
shall be established, and improvement plans for those with worst classification shall be
prepared, with expected minimum gain of 10% (ten percent) in this indicator. The
improvement plans shall be presented and shared with FCA, including eventual
justifications for improvement percentages below the minimum value set.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
15
Quality Engineering Suppliers - LATAM
5.3 Risk Prevention in Product and Manufacturing Process Changes (IATF 16949
– 8.5.6, 8.5.6.1, 8.5.6.1.1, 8.7.1.1)
Purpose:
Prevent the materialization of risks caused by product and/or manufacturing process changes
by initiative of the Organization.
Requirements:
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
16
Quality Engineering Suppliers - LATAM
Figure 6 below shows the flow for change management of product and/or manufacturing
process, under the risk management view.
START END
Change Request
Form
Identify, analyze and
assess eventual
Implement change
related risks (Risk
Committee)
Yes
Risk No No
acceptabl Change
e? validated?
Customer
No
Proceed with change
agrees?
activities
Yes
17
Quality Engineering Suppliers - LATAM
Purpose:
Risk mapping has the purpose of identifying, analyzing, evaluating, classifying and prioritizing
risks in order to define countermeasures for their complete prevention or mitigation, as well as
their management over time. Figure 7 demonstrates this logic.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
ROBUSTNESS
PROCESS
CONTROLS
PRODUCT
EQUIPMENT
FUNCTIONAL CLASSIFICATION
CHANGE MANAGEMENT
TECHNOLOGY TYPE
LOGISTIC PERFORMANCE
PRODUCTION CAPACITY
Requirements:
18
Quality Engineering Suppliers - LATAM
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
19
Quality Engineering Suppliers - LATAM
C) Risk Treatment
1) Risk treatment shall be performed in a planned way and according to routine established by
the Risk Committee and PRM, considering:
The definition of risk prevention / elimination actions and / or the possible mitigation of
their effects, if they materialize
Implementation of the actions defined
Systematic monitoring of the action plan, risk indicators and performance indicators
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
related to risks
Review of the results achieved
Proposal of enforcement actions or improvements applicable
Figure 9 below illustrates the flow of treatment of the risks identified, classified and prioritized
in the Risk Matrix.
START
IDENTIFY
ANALYZE
ASSESS
(CLASSIFY, PRIORITIZE AND PLAN ACTIONS)
HANDLE
(APPLY ACTION PLANS)
MONITOR
Yes No
SATISFACTORY
RESULT?
D) Risk Monitoring
1) The products with risk indicators and performance indicators related to the risks identified
as “HIGH” shall be systematically monitored by the Risk Committee.
2) Occasional changes and/or negative trends identified in these indicators shall be
immediately reported to the respective responsible persons, and included in the daily Fast
Response Process meetings.
20
Quality Engineering Suppliers - LATAM
5.5 Traceability Management and Record Control (IATF 16949 – 7.5.3.1, 7.5.3.2,
7.5.3.2.1, 8.5.2, 8.5.2.1)
Purpose:
The requirements for records and traceability enable, in case of failure (or suspected failure)
of the product, the retrospective analysis of the conditions in which the product was produced,
the quest for failure causes, failure extension (quantity and lots of products involved), thus
providing information for definition of actions to correct the causes and prevent recurrence of
the failure, as well as mitigate its effects, in order to correct the products already produced (in
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
stock, delivered to the customer, and occasionally in the end users hands).
Requirements:
A) Traceability Management
1) The Organization shall define a traceability management process that assures the individual
identification of each product, in a proper way to enable reverse traceability of the conditions
in which it was produced, controlled and delivered, as well as the homogeneous
manufacturing lot which it belongs to. These identifications shall meet the design
specifications and, when applicable, FCA PF.9.01106 and derived standards, and be
durable and indelible during the product warranty period. Note: for safety products (CF1 or
CF1D), the marking shall be durable and indelible for, at least, 15 years.
2) The product lots shall be provided with identification on each individual package, which is
durable and indelible during the utilization period (including transport and storage) and
capable of enabling reverse traceability of the conditions in which the lot was produced,
controlled and delivered, as well as the identification of the homogeneous manufacturing lot
which it belongs to.
3) The factors defining the lot homogeneity (raw material run, batch, determinant component,
operation, etc.) shall be defined for each product/product family and/or operational process,
thus enabling proper planning of the identification and traceability system.
4) The manufacturing system (including quality control, handling, transport and storage) shall
be planned to delimitate the homogeneous manufacturing lots and their relation with the
product/package identification, enabling correct traceability during the operational
processes, utilization process at the customer, assembly plant, and after-sales processes
(replacement products and technical assistance). Note: in the definition of homogeneous
lots, it shall be also considered the economic aspect, i.e. the quantitative dimension of the
lot considered as homogeneous is determinant for definition of the number of vehicles
affected by the failure of any product related to that lot.
5) Traceability shall also assure that the materials (raw material, components, semi-
manufactured products and finished products, etc.) are identified during the operational
processes in a clear and unequivocal way, with accurate indication of the process phase in
which they are, operations performed and to be performed, as well as link to their originating
lots.
6) The start of a product manufacturing and the introduction of modifications of product,
process, control plan and materials sources shall be subject to clear and unequivocal
traceability, by establishing the respective breakpoints (see requirement A.1, section 5.3).
21
Quality Engineering Suppliers - LATAM
7) The identification and traceability requirements shall be extended to products, materials and
services from Suppliers.
B) Record Control
1) Quality records shall be controlled. Quality records are:
Documentation of the critical analysis for preparation of the technical-commercial
proposal
Documentation generated in the product development, validation and approval
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
22
Quality Engineering Suppliers - LATAM
Purpose:
Extend, when applicable, the requirements of the present manual to the Organization’s
Suppliers, and systematize a risk management process throughout the supply chain of direct
materials and service, with criteria for definition of priorities. The figure below demonstrates
this logic.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
PRODUCT TYPES
ORGANIZATION
PROCESS RISKS
PRODUCT AND
APQP
PROCESS ROBUSTNESS LOCATION
RISK
EQUIPMENT AND TOOLS DEPENDENCE DEGREE
FINANCIAL HEALTH
QUALITY PERFORMANCE SGQ/SGI
LOGISTIC PERFORMANCE
PRODUCTION CAPACITY
Requirements:
23
Quality Engineering Suppliers - LATAM
Quality performance
Logistics performance
B) Suppliers Risk Identification, Analysis and Evaluation
1) The Suppliers Risk Management process shall have provisions for systematic preparation
and update of a Suppliers Risk Matrix according to the Annex D of this manual, which
considers factors related to the Supplier, to the product and its respective manufacturing
processes, besides quality and logistic performance (see requirement 2 above). This matrix
shall enable:
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
24
Quality Engineering Suppliers - LATAM
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
25
Quality Engineering Suppliers - LATAM
2) The Suppliers with risk indicators and performance indicators identified as “HIGH” shall be
systematically monitored by the Risk Committee.
3) Occasional changes and/or negative trends identified in these indicators shall be
immediately reported to the respective responsible persons, and included in the daily Fast
Response Process meetings.
Guidelines:
The examples below may summarize strategies and actions to promote the development of
Suppliers in function of their risk classification:
Increase of frequency of product/process audits in Suppliers;
Promote training in automotive tools to Suppliers;
Providing workshops and meetings with Suppliers to present performance strategies
and objectives;
Promote the dissemination of best practices among Suppliers;
Establish program for development of Suppliers, considering the transfer of
methodologies applied by the Organization.
26
Quality Engineering Suppliers - LATAM
Purposes
The fulfillment of the requirements of this manual prevents, but does not eliminate, the
materialization of risk situations resulting in product failures. The Organization shall provide
methodological, technological and human resources to face these situations and assure return
to normality.
Requirements
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
A) Methodology Structuring
1) The Organization shall have a Problem-Solving process defined and implemented, which
enables:
Identification of approaches for each category of problem (product development
problems, internal failures, external failures, nonconformities in product or process
audits, etc.)
Differentiated handling for “under control failures” and “out of control failures” (see
section 4 - Terms and Definitions)
Resources required for application of the approaches defined
Quick investigation and identification of the root cause
Definition of the problem magnitude (quantity, identification, other products involved)
Implementation of mitigative, anti-recurrence and comprehensive actions (similar
products and processes, inclusive at other sites of the Organization)
Incorporation of “lessons learned”
2) The methodology used shall provide detailed record of the cause investigation and the
solution adopted (containment, correction, anti-recurrence measures, lessons learned),
by standard report/form to be handled as “quality record”.
C) Lessons Learned
1) The handling of “out of control failures” shall be considered closed just if there is a clear
definition of anti-recurrence measures of comprehensive application for the current and
future products, and at all sites within the Organization that supply similar products to FCA.
2) The product development process shall be fed in a clear and formalized way on lessons
learned derived from previous products.
27
Quality Engineering Suppliers - LATAM
5.8 Knowledge and Skills Management (IATF 16949 – 7.1.6, 7.2, 7.2.1, 7.2.2)
Purpose
The following requirements show how to develop an organizational knowledge management process
considering the knowledge that is fundamental to the success of the business and to the
management of the FCA supply chain, in addition to correctly defining the awareness and training
needs.
The figure below shows a logical presentation for management of the organizational knowledge:
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
Knowledge
Management
Supplier
Chain
Identification
Assessment
Retention
Provision
Update
Process
Product
Requirements
28
Quality Engineering Suppliers - LATAM
C) Knowledge Provision
1) The Organization shall define the actions required for provision of the organizational
knowledges considered as critical and priority.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
2) This provision shall consider institutional mechanisms, such as internal standards and
manuals, procedures, work instructions and other similar documents, which compose its
intellectual capital.
29
Quality Engineering Suppliers - LATAM
The verification of compliance with the requirements of the present manual occurs by the
conduction of first and second party audits, as provisioned in the Risk Management Evaluation
checklist, in section 7 – Annexes. This checklist has the same requirements described in the
section 5 of this manual.
The risk management process of the Organization is considered appropriate when the result
of the evaluation is classified as “Low Risk”.
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
If this classification is not achieved, this shall be object of an adequacy plan to be conducted
by the Risk Committee of the Organization, and presented to EQF FCA.
The classification criteria for the requirements is described in the figure below:
The figure below shows an example of Risk Management Evaluation score matrix completed:
30
Quality Engineering Suppliers - LATAM
RISK MANAGEMENT HANDBOOK FOR SUPPLIERS FCA
31
Quality Engineering Suppliers - LATAM
7. Annexes
Revision control:
32