RISK MANAGEMENT EVALUATION Evaluated by: FCA Supplier Date:

SUPPLIER LOGO FCA LATAM RISK CLASSIFICATION

Quantity of REQS Quantity of REQS Quantity of REQS

Product Family:
rated 1 rated 3 rated 5

Supplier Name: Supplier Code: Location: SQE FCA:

5.2 - PRODUCT AND 5.3 - RISK PREVENTION IN

5.1 - ORGANIZATIONAL STRUCTURE 5.5 - TRACEABILITY MANAGEMENT 5.6 - SUPPLIERS RISK 5.7 - PROBLEM-SOLVING 5.8 - KNOWLEDGE AND SKILLS
MANUFACTURING PROCESS PRODUCT AND MFG PROCESS 5.4 - PRODUCT RISK MAPPING
AND PRM AND RECORD CONTROL MANAGEMENT MANAGEMENT MANAGEMENT
CONTROLS CHANGES

Organizational Structure Technical Documentation of Product

Change
and Process
Management Process Products Risk Identification, AnalysisTraceability
and Evaluation
Management Structure for Suppliers Risk Management
Methodology Structuring Identification of Knowledge Needs
A

Product Risk Manager (PRM) Assurance of Special Characteristics Conformity

Submission to FCA Prioritization of Product Risks Record Control Suppliers Risk Identification, Analysis
Governance
and Evaluation
and CommunicationEvaluation of the Knowledges Identified
B

Internal Audit and Critical Analysis Manufacturing Capacity Risk Treatment Prioritization of Suppliers Risks Lessons Learned Knowledge Provision
C

Risk Monitoring Suppliers Risk Treatment and Monitoring Knowledge Multiplication, Retention an
D

NA - Not Aplicable 1- HIGH RISK 3- MEDIUM RISK 5- LOW RISK Remarks

Supplier SQE FCA

Supplier PRM: SQE FCA
Manager: Supervisor:

Version 03 - 2020/05/30 Name / Signature Name / Signature Name / Signature Name / Signature
 BACK TO CHECKLIST FORM

ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.1 - ORGANIZATIONAL STRUCTURE AND RISK PRODUCT MANAGER (PRM)

1) The Organization shall define an organizational structure for risk management, which considers, among other activities, the creation of a
Risk Committee formed by multidisciplinary team, minimally composed by representatives of the Sales, Product Development, Manufacturing
Engineering, Manufacturing, Quality and Purchasing/Supplier Quality Engineering. The Risk Management process, including the Risk
Committee proceedings, shall be formally described in the Organization’s management system.

2) The Risk Committee shall be assigned with authority and responsibilities for:

a) Implement actions for full compliance with the requirements of the present manual, assuring management of product risks from the onset of
the development process to the end of its lifetime.
b) Assure that the processes for quotations, feasibility analysis, quality planning and Technical Review meetings with FCA, including product Formalization of the Committee Structure, its Responsibilities
and process change reviews, consider the product risk factors. and Authorities.
1A Organizational Structure c) Assure that, in the Product Development process, the Special Characteristics of the product and the manufacturing process are identified, Organizational Chart
agreed with FCA, and duly handled in terms of assurance of its conformity. Quality Manual
d) Evaluate systematically the results and trends of the performance indicators of products and manufacturing processes (O.E.E. Included - Description of Functions
see section 5.2 later), identifying potential product risks. Description of product development processes
e) Monitor, identify and manage events related to product risks, maintaining the top management of the Organization informed, and when
applicable, FCA and Suppliers.
f) Stop the manufacturing and expedition of products in situations where product risks are identified, acting quickly and effectively for complete
normalization of these situations.
g) Be responsible for the product safety process, provisioned in item 4.4.1.2 of IATF 16949:2016 standard (Product Safety).
h) Promote the internal disclosure in the proper levels, full knowledge and awareness of the civil and criminal liabilities related to potential
failures of the Organization’s products, consequences from Recall Campaigns of the circulating fleet and the need for funding to support these
activities (insurance, reserve fund, etc.).
i) Assure the coverage of this handbook requirements to other units from the Organization that develop, manufacture and supply products to
FCA.

1) The Risk Committee shall be coordinated by the Product Risk Manager (PRM), assigned by the Organization’s board, and that holds the
following minimum competences:
a) Be a manager / senior professional of the company.
b) Know the products manufactured by the Organization, their requirements, function and application, and their manufacturing processes, in
Definition of the RRP function in the Organizational structure
1B addition to FCA requirements.
with description of his responsibilities and skills.
c) Hold qualification for civil liability by the product, safety- and consumer defense-related laws, and specific legislation for the Organization’s
products.
d) Hold knowledge on risk management methodologies (identification, analysis, evaluation and treatment).
e) Be integrated to global technical and Compliance interfaces of the Organization.

1) The Organization shall assure internal audits carried out by qualified internal auditors, at least once a year, to evaluate the compliance to Risk Management audit plans, identification of qualified internal
these handbook requirements (use Annex A - Risk Management Evaluation). auditors and reports of audits and respective action plans.
Internal Audit and Critical
1C
Analysis
2) The results of these audits, as well as indicators and information provided by the Risk Committee, shall be used as inputs in the Top
Minutes of Monthly Top Management Review meetings
Management Monthly Review.
ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.2 - PRODUCT AND MANUFACTURING PROCESS CONTROLS

1) A systematic procedure shall be established for indication of special characteristics in the technical documentation of the product (drawings,
standards and others, including technological drawings), in order to clearly indicate the presence of these characteristics. Specifically for
Product technical documentation
drawings, these indications shall be present in the title block, drawing body and beside each characteristic thus classified (see FCA standards
applicable, indicated in the end of this section).

2) The technical documentation of the process (Work Instructions, Flowcharts, Parameter Sheets, Control Plans, Layouts, etc.) shall contain
clear indication of the special characteristics, by apposition of specific symbols in the first page, and close to the characteristic description. Process technical documentation
This indication shall be deployed in all the manufacturing process steps that affect, directly or indirectly, such characteristics.

Technical Documentation of
2A 3) Quality records (see requirement 5.5.B.1) involving special characteristics shall have similar indication as presented in the requirement 2
Product and Process above.
Records

4) It shall be prepared a List for each product classified as CF1D (or product family, provided that homogeneous), containing all the existing
Report characteristics, as well as their deployment, especially the way their conformity and traceability are assured. This List, filled according Report Characteristics Mapping List
to the Annex B of this manual, shall be submitted to FCA for information and approval, and resubmitted when there are changes/updates.

5) Operations that have impact on the generation of Report characteristics, including the quality control ones, shall have specific identification
Audit in workstations that impact Report characteristics
by apposition of the Report symbol in an ostensive and visible way in the place where they are executed.

1) Characteristics classified as “Special” shall be controlled in order to assure 100% of their conformity and traceability. For characteristics
classified as Report, the conformity shall be assured by the mandatory use of the following quality control methods: Errorproof Devices - Control Plan
DAPE, fully automatic inspection or semi-automatic inspection. Other methods shall be previously and formally agreed with FCA.
Assurance of Special
2B
Characteristics Conformity
2) Non-controllable characteristics in the product, or that require destructive tests (e.g. layer thickness, core hardness, tensile strength, etc.),
shall have their conformity assured via control of process parameters determining these characteristics (temperature, time, pressure, speed, Control Plan
etc.) with ongoing monitoring and self-regulation of effective parameters or alarms upon the occurrence of deviations from specifications.

1) The Organization shall manage the capacity of its manufacturing systems, by systematic determination and monitoring of O.E.E. (Overall
O.E.E. data
Equipment Effectiveness).

2C Manufacturing Capacity 2) A ranking, based on the O.E.E. results of all the manufacturing systems of the Organization shall be established, and improvement plans
for those with worst classification shall be prepared, with expected minimum gain of 10% (ten percent) in this indicator. The improvement O.E.E. Ranking and improvement plans
plans shall be presented and shared with FCA, including eventual justifications for improvement percentages below the minimum value set.
ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.3 - RISK PREVENTION IN PRODUCT AND MANUFACTURING PROCESS CHANGES

1) The Organization shall define and implement a change management procedure for product and manufacturing process, integrated with the
Risk Management process and that assure the fulfillment of fundamental requirements of the Customer, established in the standard
mentioned in the title of this section, especially:
- Identify product and manufacturing process change needs
- Identify, analyze and evaluate potential related risks
- Communicate and achieve agreement of the Customer for the change desired
- Perform change validation activities, including Customer’s approval
- Make the change effective, assuring traceability.
3A Change Management Process
2) The change management process shall cover the situations below:
- Change of product, including components and materials
- Change of raw materials and/or their sources
- Change of Supplier and sub-supplier Management change procedure and its compliance with the
- Change of manufacturing process, including layout, location, facilities, equipment, tools, quality control means, packaging and storage present requirementand and to the SQ.00012 standard.
systems Records of changes occurred.
- Change of control plan
- Other changes that may pose risks to the product

1) The change management process shall use the “Request for Change form, according to Annex C of the present manual, to make
preliminary analyses of the changes desired.

2) This document, validated internally by the Risk Committee of the Organization, shall be notified and submitted to the Customer to achieve
3B Submission to FCA agreement, with minimum advance of 90 (ninety) days of the expected implementation date.

3) The Organization shall wait for prior agreement of the Customer to proceed with the change activities and their formal approval, according
to the existing processes (Full Approval (Qualification, Benestare, PPAP, ...)), for implementation.

5.4 - PRODUCT RISK MAPPING

1) The Risk Management process shall provide systematic elaboration and update of a Product Risk Matrix, according to Annex D of this
manual – see figure 8 with a filled out example – which consider product-related factors deployed in components and respective
Products Risk Identification,
4A manufacturing processes, and performance. This matrix shall enable:
Analysis and Evaluation - Evaluation and objective classification of the risks identified and analyzed
- Prioritization of risks to provide their treatment (prevention and/or mitigation)

1) The Overall Risk Indexes (ORI) shall be classified and prioritized according to the following criteria: Product Risk Matrix updated.

ORI RISK REQUIRED ACTIONS

4B Prioritization of Product Risks > 7,5 a 10 HIGH Unacceptable risk, requiring the definition of measures for elimination of the risk condition, mitigation plans and
contingency actions
> 5,0 a 7,5 MEDIUM Acceptable risk, provided that its factors are submitted to ongoing and systematic monitoring
1,0 a 5,0 LOW Acceptable risk

1) Risk treatment shall be performed in a planned way and according to routine established by the Risk Committee and PRM, considering:
- The definition of risk prevention / elimination actions and / or the possible mitigation of their effects, if they materialize
- Implementation of the actions defined
4C Risk Treatment - Systematic monitoring of the action plan, risk indicators and performance indicators related to risks
Proceedings for product risk treatment.
- Review of the results achieved
- Proposal of enforcement actions or improvements applicable

1) The products with risk indicators and performance indicators related to the risks identified as “HIGH” shall be systematically monitored by Proceedings for monitoring and follow-up by the Risk
the Risk Committee. Committee.
4D Risk Monitoring
2) Occasional changes and/or negative trends identified in these indicators shall be immediately reported to the respective responsible
Fast Response Process.
persons, and included in the daily Fast Response Process meetings.
ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.5 - TRACEABILITY MANAGEMENT AND RECORD CONTROL

1) The Organization shall define a traceability management process that assures the individual identification of each product, in a proper way
Traceability Management Procedures.
to enable reverse traceability of the conditions in which it was produced, controlled and delivered, as well as the homogeneous manufacturing
How products are identified.
lot which it belongs to. These identifications shall meet the design specifications and, when applicable, FCA PF.9.01106 and derived
Perform a “Reverse Traceability” from a finished produt to its
standards, and be durable and indelible during the product warranty period. Note: for safety products (CF1 or CF1D), the marking shall be
manufacturing process, control and material sources.
durable and indelible for, at least, 15 years.

Traceability Management Procedures.

2) The product lots shall be provided with identification on each individual package, which is durable and indelible during the utilization period
How lots are identified.
(including transport and storage) and capable of enabling reverse traceability of the conditions in which the lot was produced, controlled and
Perform a “Reverse Traceability” from a finished lot of a produt
delivered, as well as the identification of the homogeneous manufacturing lot which it belongs to.
to its manufacturing process, control and material sources.

3) The factors defining the lot homogeneity (raw material run, batch, determinant component, operation, etc.) shall be defined for each
Proceedings for definition of lot homogeneity factors.
product/product family and/or operational process, thus enabling proper planning of the identification and traceability system.

5A Traceability Management
4) The manufacturing system (including quality control, handling, transport and storage) shall be planned to delimitate the homogeneous
manufacturing lots and their relation with the product/package identification, enabling correct traceability during the operational processes,
Verify how the traceability is maintained during the production
utilization process at the customer, assembly plant, and after-sales processes (replacement products and technical assistance). Note: in the
process and how the input lots are linked to the output lots.
definition of homogeneous lots, it shall be also considered the economic aspect, i.e. the quantitative dimension of the lot considered as
homogeneous is determinant for definition of the number of vehicles affected by the failure of any product related to that lot.

5) Traceability shall also assure that the materials (raw material, components, semi-manufactured products and finished products, etc.) are Verify how the traceability is maintained during the production
identified during the operational processes in a clear and unequivocal way, with accurate indication of the process phase in which they are, process and how the input material/parts are linked to the
operations performed and to be performed, as well as link to their originating lots. output parts/lots.

6) The start of a product manufacturing and the introduction of modifications of product, process, control plan and materials sources shall be
Proceedings for change traceability.
subject to clear and unequivocal traceability, by establishing the respective breakpoints (see requirement A.1, section 5.3).

7) The identification and traceability requirements shall be extended to products, materials and services from Suppliers. Evidences of extension of these requirements to suppliers.

1) Quality records shall be controlled. Quality records are:

- Documentation of the critical analysis for preparation of the technical-commercial proposal
- Documentation generated in the product development, validation and approval process, including Suppliers
- Documentation of the manufacturing process and control plan, including outdated versions
Procedure (or systematic procedure) for record control.
- Results of manufacturing process parameters monitoring
- Records for confirmation of the execution of mandatory activities for assuring the product quality and conformity (setup, product inspections,
product audit, process audit, calibration of measurement means, periodical maintenance, monthly critical reviews by the board, etc.)
- Records of problem solving in process and product nonconformities
5B Record Control

2) These records shall be archived and protected against deterioration or loss by natural phenomena, such as flood, fire or weather action, by
Record storage and conservation process.
the minimum time required in the FCA 9.01102 standard, and shall provide easy access and consultation whenever required.

Proceedings for relation between records and traceability

3) Quality records shall be compatible and have link with the traceability system adopted for the products.
system.
ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.6 - SUPPLIERS RISK MANAGEMENT

1) The Organization shall define a Supplier Quality Engineering structure (or similar) with quantitative and qualitative sizing of the professional
Structure for support and follow-up of suppliers and the way by
staff suitable for the dimension and complexity of the supply chain, and with the purpose of extending the requirements of this manual to
which the requirements are disseminated in the chain.
Suppliers.

2) The Suppliers of the Organization shall be selected and qualified in accordance with objective criteria, which also consider the risks related
to:
- Geographical location
Structure for Suppliers Risk - Dependency level of major customers
6A - Financial health
Management
- Quality Management System maturity
- Product type
Criteria for selection and qualification of suppliers.
- Know How of the Supplier in product/process development
- Capacity and manufacturing processes control
- Resources for maintenance of manufacturing equipment
- Manufacturing capacity installed
- Quality performance
- Logistics performance

1) The Suppliers Risk Management process shall have provisions for systematic preparation and update of a Suppliers Risk Matrix according
to the Annex D of this manual, which considers factors related to the Supplier, to the product and its respective manufacturing processes,
Suppliers Risk Identification, besides quality and logistic performance (see requirement 2 above). This matrix shall enable:
6B - Evaluation and objective classification of the risks identified and analyzed
Analysis and Evaluation - Prioritization of risks to provide their treatment (prevention and/or mitigation)

Note: this matrix shall be related to the Product Risk Matrix described in section 5.4

Suppliers Risk Matrix updated.

1) The Overall Risk Indexes (ORI) of Suppliers shall be classified and prioritized according to the following criteria:

ORI RISK REQUIRED ACTIONS

Prioritization of Suppliers
6C > 7,5 a 10 HIGH Unacceptable risk, requiring the definition of measures for elimination of the risk condition, mitigation plans and
Risks contingency actions
> 5,0 a 7,5 MEDIUM Acceptable risk, provided that its factors are submitted to ongoing and systematic monitoring
1,0 a 5,0 LOW Acceptable risk

1) Risk treatment shall be performed in a planned way and according to routine established by the Risk Committee and PRM, considering:
- The definition of risk prevention / elimination actions and / or the possible mitigation of their effects, if they materialize;
- Implementation of the actions defined;
- Systematic monitoring of the action plan, risk indicators and performance indicators related to risks;
- Review of the results achieved;
- Proposal of enforcement actions or improvements applicable.
The actions above shall consider (among others):
• Adoption of safe quality control plan according to the FCA standard listed below;
• Insertion of the Supplier in a development program monitored by the Organization; Proceedings for monitoring and follow-up by the Risk
Suppliers Risk Treatment and • Alternative source development to replace low-performance suppliers. Committee.
6D
Monitoring
Fast Response process.

2) The Suppliers with risk indicators and performance indicators identified as “HIGH” shall be systematically monitored by the Risk Committee.

3) Occasional changes and/or negative trends identified in these indicators shall be immediately reported to the respective responsible
persons, and included in the daily Fast Response Process meetings.
ITEM TITLE REQUIREMENTS GUIDELINES FOR AUDIT (SEARCH FOR) EVIDENCES / NOTES SCORE

5.7 - PROBLEM-SOLVING MANAGEMENT

1) The Organization shall have a Problem-Solving process defined and implemented, which enables:
- Identification of approaches for each category of problem (product development problems, internal failures, external failures, nonconformities
in product or process audits, etc.)
- Differentiated handling for “under control failures” and "out of control failures” (see section 4 - Terms and Definitions)
Problem Solving Process procedure, method and qualified
- Resources required for application of the approaches defined
personnel.
- Quick investigation and identification of the root cause
- Definition of the problem magnitude (quantity, identification, other products involved)
7A Methodology Structuring - Implementation of mitigative, anti-recurrence and comprehensive actions (similar products and processes, inclusive at other sites of the
Organization)
- Incorporation of “lessons learned”

2) The methodology used shall provide detailed record of the cause investigation and the solution adopted (containment, correction, anti- Evaluate the application of the systematic procedure in a real
recurrence measures, lessons learned), by standard report/form to be handled as “quality record”. case.

1) The process management shall provide follow-up and monitoring of the “out of control failures” problems by the Risk Committee, assuring
Risk Commitee proceedings facing "out-of-control failures".
organizational support for its effective application.
Governance and
7B
Communication
2) Whenever there are risks considered as significant for the product, the information shall be escalated to the persons responsible for the
Systematic procedure of internal escalation, communication
area directly involved, for Fast Response Meeting, and to Organization top management. When there is risk (or suspected risk) of about
and interaction with the customer.
products already shipped to FCA, it shall be informed promptly and in details.

1) The handling of “out of control failures” shall be considered closed just if there is a clear definition of anti-recurrence measures of Systematic procedure for verification of scope and lessons
comprehensive application for the current and future products, and at all sites within the Organization that supply similar products to FCA. learned.
7C Lessons Learned

2) The product development process shall be fed in a clear and formalized way on lessons learned derived from previous products. Application of lessons learned in the development process.

5.8 - KNOWLEDGE AND SKILLS MANAGEMENT

1) The Organization shall identify the knowledge required for its good organizational performance and for minimization of risks related to its
Proceedings for knowledge identification and its link to risk
processes and products, especially the ones related to safety products and/or with legal requirements, in addition with the Suppliers’ risks.
factors considered in the risk matrices.
This identification shall be coherent with the mapping of processes and the Product Risk Matrix and Suppliers Risk Matrix, and shall also
Proccedings for having the operacional people aware of
include the knowledge required for the professionals directly involved in the technical-operational processes related with safety characteristics
Identification of Knowledge and/or legal requirements, both in terms of execution of their tasks and the consequences of an eventual product or traceability failure.
products and processes risk and consequences of failures.
8A
Needs

2) The knowledge related to the content of the present manual is mandatory for members of the Risk Committee (PRM included) and
Certificate available for all Risk Commitee members, confirming
recommended for other managers in the Organization, and shall be acquired by attendance in specific course provided by institution
they attended a specific training.
accredited by FCA.

Evaluation of the Knowledges 1) The Organization shall review critically the knowledges identified to define priorities and enable planning the activities for provision,
8B Planning of training activities.
Identified multiplication, retention and update of these knowledges.

1) The Organization shall define the actions required for provision of the organizational knowledges considered as critical and priority. Planning of training activities.

8C Knowledge Provision

2) This provision shall consider institutional mechanisms, such as internal standards and manuals, procedures, work instructions and other
Proceedings for provision of knowledge.
similar documents, which compose its intellectual capital.

1) The Organization shall define the actions required for multiplication and retention of organizational knowledges considered as critical for its
risk management process, for continuity and enhancement of this management.
Proceedings for knowledge multiplication and retention.
Note: The retention of a knowledge may occur by its multiplication within a minimum number of people, absorption in documents of the
Knowledge Multiplication,
8D Organization, uninterrupted use and internal activities for qualification, among other ways.
Retention and Update

2) The Organization shall establish actions to verify and provide update of the organizational knowledges considered as critical for its risk
Proceedings for knowledge update.
management process.
 BACK TO CHECKLIST FORM

AUDITOR NOTES (SQE)

RQM RATE GAPS CORRECTIVE ACTION RESPONSIBLE DEADLINE STATUS

Resp. Fornecedor_________________________ SQE________________________

(Nome e assinatura) (Nome e assinatura)
 BACK TO CHECKLIST FORM

Score Classification Audit Result Definitions Actions Required

• Requirement not met, with direct impact in the generation of risks for the
processes and/or products,
and/or
• Immediate definition of plan
1 High Risk • Requirement not met and there is history of failures log related to this of adequacy to the requirement
requirement,
and/or
• Requirement not met without adequacy plan within reasonable deadline

• Requirement not met, or partially met, without direct impact in the

generation of risks for the processes and/or products,
and/or
• Fulfillment of the plan of
3 Medium Risk • Requirement not met, but without history of failures log related to this
adequacy to the requirement
requirement,
and/or
• There is adequacy plan to meet the requirement within reasonable deadlines

5 Low Risk • Requirement fully met • None

 BACK TO CHECKLIST FORM

CONTACT LIST
CELLPHONE
NAME COMPANY DEPARTMENT PHONE NUMBER E-MAIL
NUMBER