How to Read a Risk Profile

The Process FMEA (PFMEA) can be viewed as a ‘risk profile’.  

As an example: 

Let’s say that you’re the customer. You receive product from your vendor. When they give you their PFMEA, there is a unique combination of severity, occurrence, and detection.  

We see these numbers all the time, they are not new to us, and we see them often. This causes them to become white noise, and we begin to blur out what it means. We should be taking a closer look at what these numbers mean from our (the customers) perspective. 


Did the vendor promise you that you wouldn’t be impacted if they got their product wrong?  

Unless severity was a perfect one, them no, they told you there’s a real chance you’re going to be impacted, someway. 


Did they promise you that they would never, ever, ever have it happen?  

Unless occurrence was a perfect one, no, they told you there is a very real chance that it will happen. 


Did they promise you that if it happened, they would always detect it? 

If they gave you a detection value with anything other than a perfect one, no they will not always detect it. 

What does Severity, Occurrence and Detection mean for us? 

Every single permutation of severity, occurrence, and detection is an admission of risk. The vendor has told you there is a very real chance of this particular thing happening, and when you signed the PPAP you signed the part submission warrant, you are taking that risk from that PFMEA into your line. 

When you look at somebody’s PFMEA, be it a machine vendor, maybe it’s a process vendor. Don’t look at it as a risk priority number, an action priority number, but look at it as an admission of risk. 

The question for you as the customer needs to be: 

  • Is this an acceptable risk profile?  
  • If I mitigated it down with the vendor to the lowest it can be, “How do I protect myself now, knowing that this is a reality?”  

Looking at the PFMEA from this perspective allows you to put the control back where you have control, in your facility.  

Let’s be honest. Vendor control is an illusion. You do not have control over another business. You do not have control over your suppliers. The only thing you have control over is your company, your resources, and the PFMEA is the quickest way to look at the risk that that vendor poses, mitigate it with them to the point where you feel it’s okay to bring in, but also, knowing that we can never bring risk to zero. 

Check out the rest of our blog if you want to learn more about how to treat Incoming Materials, IATF 16949, AIAG Core Tools, Aerospace, and much more.  

Stay Ahead of the Curve

Subscribe to our newsletter.