Global risks in the recent past
Over the past 3 years, the COVID-19 pandemic has shown us how important it is for a company to define contingency plans and assess associated risks. The impact on the automotive industry was devastating. The measures taken by public health authorities to contain the spread of the virus had a strong impact on the entire supply chain. This resulted in staff absences, short-time work, delayed deliveries and, in the worst cases, plant closures.
In the past year, the automotive industry appeared to be on the mend until the Ukraine war. Again, areas of the supply chain were hit, especially in supplying wiring harnesses for vehicles. Raw material and energy prices soared, inflation rose and there was another major challenge, including for the automotive industry.
While the problems in the automotive industry may seem insignificant in comparison to the human suffering caused by the latest happenings, it is still necessary for companies to prepare for the negative economic impact.
Requirements for the contingency plans
IATF 16949:2016 (Quality Management System Standard for the Automotive Industry) requires companies to create supply chain contingency plans based on risks and their impact. Following the release of the IATF 16949:2016 version, a number of what are known as “Sanctioned Interpretations” have been published.
They are intended to interpret, or supplement selected requirements. In the latest version, which should apply from June 2022, the following potential risks have been added to the requirements for contingency plans:
- Cyber-attacks on IT systems
The requirements for contingency plans are part of the planning and risk management chapter of IATF 16949:2016. This means that the risks must be methodically identified and assessed in order to take the necessary precautions to ensure production.
Additions to IATF 16949
Pandemics have been correctly added as a separate item. We have learned in the last 2-3 years how powerful such events can impact the automotive industry. Previously, cyber-attacks were seen as the world’s greatest risk. And rightly so! In the age of digitalization and global networking, systems are becoming increasingly vulnerable and must be protected accordingly. Special attention should be paid to test plans that regularly verify the measures in place. The automotive industry has some catching up to do and can learn from the banking sector.
The risks that have been added to the IATF SI-s are part of the so-called global risks. However, we should also mention other risks that may have a more regional character and are not explicitly mentioned in the IATF 16949 requirements. In the introduction to this blog, we mentioned the war in Ukraine. The conflict in the region began almost a decade ago. Of course, in our worst fears we could not have imagined that it could reach such proportions. At least not in the automotive industry unless you are a bigwig at an OEM and have ties to politics. But even then, the politicians didn’t really seem to see the big picture. In theory, however, certain conflict regions could be monitored more closely and the risks to an automotive supplier could be assessed.
Energy shortages and the risk of blackouts in the automotive industry
I would now like to turn to the energy sector. In recent months, the word “blackout” has been used frequently in the media to refer to a total loss of power. Various influences such as the war in Ukraine, the gas and energy crisis, and the growth of cybercrime are also rapidly increasing the risk of blackouts. You can imagine the impact this could have on a production company. Of course, it is necessary to have contingency plans and take appropriate measures (e.g. building buffers) to minimize the damage.
In risk management, it is important not to underestimate the probability of occurrence. The risk of a pandemic will again become much more relevant in the future and must be included in emergency plans. In the past, the probability of occurrence was certainly underestimated in the risk analysis.
When evaluating events that have a regional character and could pose a risk, one will certainly consider domestic or regional suppliers more closely in risk assessments before engaging with distant companies operating in crisis areas.
By Dijaz Maric, Quality Management & Reliability Engineering Consultant