Risk Management and Layered Process Audits: 4 Things to Know

Layered Process Audits

August 4, 2021

Risk Management and Layered Process Audits

Risk management has taken center stage in manufacturing, with ISO 9001’s new requirements on risk-based thinking a prime example.  

The idea is that by going beyond bare minimum compliance and focusing on risk, companies can uncover what really drives defects and product safety issues impacting customers.  

While there are numerous ways companies can tackle risk management, one method that can certainly contribute at several stages of the process is implementing layered process audits.  

Today we explore how these high-frequency audits can help mitigate risk and demonstrate risk-based thinking, as well as how mobile audit software makes the process simpler.  

1. Risk Assessment Isn’t Risk Management

One mistake that’s common in manufacturing companies is equating risk assessment with risk management.  

The reality, however, is that risk assessment is only one part of the complete risk management process. While organizations may define this process differently, it generally includes the following steps aligned with the Plan-Do-Check-Act process: 

  • Identifying hazards or risks 
  • Assessing risk 
  • Implementing controls 
  • Monitoring and review 

What does this mean in practical terms for manufacturers?  

Risk assessment alone doesn’t count as risk management. At best, you’re only capturing half of the process. Even if you go as far as implementing a new control, your company is still at risk if the control doesn’t work or isn’t held in place.  

2. Layered Process Audits Identify Risks

Layered process audits (LPAs) use daily checks of critical-to-quality process inputs to reduce production defects, with some companies also using them to look at safety items. By checking inputs—and checking them every day, or even every shift—companies are able to prevent problems before they occur. 

Within the risk management process, this gives LPAs a key role in identifying hidden risks in a plant. These risks may exist in areas such as: 

  • Machines or tools: An equipment setting is not correct or an operator has to work with a broken tool. 
  • Methods: An operator is using outdated work instructions or using a workaround in an attempt to help.  
  • Materials: The base materials are defective or an operator isn’t using the part number called out in the work instructions. 
  • Environment: A water leak is dripping onto material racks. 
  • Measurement: A scale doesn’t work or a measuring tool is broken. 
  • People: An operator didn’t complete training.  

By getting more eyes on the process, LPAs help identify risks that contribute to hidden factory processes and actively undermine quality. Once the risks are identified, you can then create a closed-loop process for mitigating them. 

3. Layered Process Audits Verify Controls

Another place in the risk management process where LPAs can play an important role is in the context of verifying controls.  

Let’s say, for example, an LPA identifies a process error where the oil pressure setting isn’t correct on a machine. After asking the question on all similar pieces of equipment, you determine this isn’t a one-off problem but rather a systemic quality issue. Corrective action involves adding a step where operators check the setting, but after three months, how do you know whether they’re still taking this critical step?  

The answer: by periodically checking it on the plant floor.  

LPAs help close the loop on these types of issues by allowing you to check in on controls, making sure that people aren’t backsliding into old habits. Mobile audit software like EASE makes it easier by letting you randomize and rotate questions from your question library, even tagging questions by process, equipment or other categories so they’re specific.  

4. Layered Process Audits Demonstrate Risk-Based Thinking

Risk is a centerpiece of global management standards like ISO 9001 and ISO 14001. However, you won’t find any prescriptive requirements for companies to implement a full risk management process.  

Instead, they require organizations to use risk-based thinking in order to reduce the likelihood and impact of problems. While this sounds good in theory, many companies find it hard to know what exactly qualifies as risk-based thinking.   

When it’s time for a certification audit, whether ISO 9001 or industry-specific standards based like IATF 16949 for the automotive industry, LPAs help by providing documentation of: 

  • Daily audits conducted to identify risks and hazards 
  • Follow-up actions taken to mitigate risks 
  • Verification of controls via auditing 

In other words, you’re likely to make a better impression with auditors when you can pull up records, reports and graphs showing results of daily audits aimed at reducing process risks.  

Risk management is only becoming more important in the context of growing quality risks in manufacturing. As manufacturers look to mitigate these risks, LPAs can help at several points in the process, including identifying risks, verifying controls and demonstrating risk-based thinking.  

The results are ones that any manufacturer can get behind: better products, improved productivity and reduced risk to customers.