Risks assessment of suppliers' products life cycle processes based on their audit results in accordance with the standard VDA 6.3

: pp. 93-100
Lviv Polytechnic National University, Ukraine
Lviv Politecnic National University

The growing demands of consumers put in front of the management of the quality of the enterprise more and more complex tasks. This is particularly evident in the automotive industry. There is a focus of attention of manufacturers on the processes of the life cycle of products, in particular from suppliers. Here an important tool is the audit of the processes of the life cycle of products. So part of the standards of the German Automobile Manufacturers Association of the VDA are requirements for the audit of processes, during which, following the terminology of the primary source,
assess the risks of their elements. In general, the so-called risk-oriented approach is a modern trend, which is reflected in practically all the latest standards for management systems.
The aim of the study is to coordinate the interpretation of risk terminology that may accompany elements of the life cycle of suppliers' products in accordance with ISO standards and standards and propose a method for their evaluation. Standard [1] highlights elements of work that have a significant impact on product quality. The elements correspond to important questions, grouped into a catalog of questions about the processes by which they are evaluated. The auditor must perform two tasks during the audit: 1) identify the risks of the relevant questions of the directory with the help of open questions to the employee at his workplace; 2) at your own workplace you should select from the catalog the formulation of questions in closed form and independently answer them only “yes” or “no”. Nevertheless, it is necessary to determine the degree of fulfillment of the criterion laid down in the question. Obviously, this refers to the degree of compliance with the requirements of the supplier's product lifecycle processes, rather than the risks, as is interpreted in the standard. Each item or otherwise – the closed question of the catalog the auditor estimates as 0, 4, 6, 8 10 points.
The degree of performance is calculated based on a comparison of the sum of the achieved points with the sum of all possible points. According to the authors of the interpretation of standard [1], the term “risk” and related concepts is not entirely correct and may introduce ambiguity in the  understanding of requirements. According to standard [5], the risk is the effect of uncertainty on the purpose. A risk assessment is the joint process of identification, analysis and evaluation of risk. Risk identification is a process for detecting, recognizing and describing risk. In turn, the risk analysis is to understand the nature of risk and determine the level of risk – its size, expressed as a combination of consequences and their likelihood / likelihood. In order to obtain risk assessment, the results of the risk analysis should be compared with its criteria, which can be established based on the organization's goals, its external and internal direction of activities, requirements of regulatory documents, etc. Therefore, it is possible to track the partial inconsistency between the requirements of standard [1]and standard [5] when [1] subsection 2.3 identifies the concept of risk identification and risk analysis and proposes risk assessments without specifying their criteria, and section 7 uses risk analysis directly to form estimates. It is obvious in this context, under the term “risk”, the authors of the standard [1] understand the notion of “inconsistency” or “non-compliance” that, under certain circumstances, can lead to technical, economic or other adverse consequences – losses. That is, the emergence of risks and non-compliance will
have the same consequences, but this is not a valid reason for identifying these concepts. 

To determine the component of the risk level – the consequences, which usually have a negative “impression”, it is proposed to use a method according to which such effects lead to technical or other losses. Let the process element be a “victim” of the unwanted factor and lose its positive properties – compliance with the purpose, safety, etc. It is known that the listed characterizes the quality of an element that can be estimated using the properties of the process. In our case, these are the indicators that are “sensitive” to the source of the undesirable factor. Having obtained the values of a complex quality indicator for the elements of the process, one can estimate the loss as a rejection of the obtained qualimetric estimate from the “unit”. As a quantitative measure of probability / plausibility it is suggested to use frequency – this is the number of events for a certain period of time. Frequency usually characterizes past events and may become a measure of the likelihood of future events. The enterprise should collect statistical information and apply them to determine the second component of the level of risk. In particular, this may be the frequency of incidents, the
number of detected defects in products, the number of mistakes made by staff, the frequency of unplanned repairs, the frequency of losses or decrease in efficiency, etc. 

Identification and assessment of risks that accompany production processes can be a significant addition to the formation of a supplier's assessment. Therefore, the auditor must have a tool for determining the effectiveness of the quality management methods used by the supplier. The proposed method will allow the auditor to identify those processes that may be subject to increased attention or which should be checked first. In addition, such assessments adequately reflect what standard [5] calls a risk assessment and will enable auditors to process audits in accordance with the requirements of the standard [1], more efficiently and quickly.

[1] VDA 6.3:2010. Quality Management in the Automotive Industry. Part 3 - Process Audit, 2010. [2] ISO 19011:2011. Guidelines for auditing management systems, 2011. [3] IEC 60812:2006. Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2006.
[4] DSTU IEC 60812:2015 Metody analizuvannia nadiinosti system. Analiz naslidkiv vydiv vidmov
[5] ISO Guide 73:2009 Risk management - Vocabulary - Guidelines for use in standards, 2009.
[6] Derzhspozhyvstandart Ukrainy, DSTU ISO Guide 73:2013. Keruvannia ryzykom. Slovnyk terminiv, 2009.
[7] ISO 31000:2009 Risk management - Principles and guidelines, 2009.
[8] T. Boiko, Kh. Dukh, “Ryzyky kharchovoho lantsiuha biolohichno aktyvnykh dobavok (na prykladi vitaminnykh dodatkiv, shcho mistiat askorbinovu kyslotu)”, Measuring Equipment and Metrology, no.76, s.81–88, 2015.
[9] T. Boiko, “Formation of theoretical and normative and technical principles for assessing the quality level of products”, Dr.Sc. thesis, Lviv Polytech. Nat. Un., Lviv, Ukraine, 2010. [10] ISO 22000:2005, IDT. Management systems for food safety and food products - Requirements for any organizations in the supply chain, 2005.