Presented by Geethasravya.Sunkavalli

QUALITY RISK MANAGEMENT

Risk Management 2

WHAT IS RISK? Risk can be defined as the

combination of the probability of an uncertain, sudden or extreme event and its consequences

In all types of undertaking, there is the potential for events and consequences that constitute opportunities for benefit (upside) or threats to success (downside).

Risk Management 3

CAUSES, EFFECTS, UNCERTAINTY

The key word in the definition of risk is uncertain event.

The challenge is to identify a potential event which, if it happened, could trigger a set of undesirable consequences for the Organization

Risk is characterized by

an uncertain event (or uncertainty) that may carry a potential impact

on the organization.

Risk Management 4

RISK MANAGEMENT

With the goal of achieving sustained benefit within each

activity and across the portfolio of all activities.

It is the process whereby organizations

methodically address the risks attached to their

activities

Risk management is a central part of any

organization's strategic

management.

RISK MANAGEMENT The focus of good risk management

Is the identification and treatment of these risks.

Objective is to add maximum sustainable value to all the activities of the organization.

Risk Management 5

Helps understand the potential upside and downside of all those factors which can affect the organization

Increases the probability of

success,

Reduces probability of

failure and the uncertainty of

achieving objectives

PRINCIPLES OF QRM

Patient protectio

n

Risk assessment

Process understanding

Regulations

Scientific knowledge/ principles

PRINCIPLES OF QRM

All quality risk evaluations must be based on

Scientific and process-specific knowledge and

ultimately linked primarily to the protection of the patient.

The level of effort, formality and documentation of the QRM process should be commensurate with the level of risk.

When applied, processes using QRM methodologies should be dynamic, iterative and responsive to change.

The capability for continual improvement should be embedded in the QRM process.

OBJECTIVE OF QRM

OBJECTIVE: Raising the level of protection for the

patient by reduction of the risk to which that patient is exposed at the time he receive a drug product.

Applied in both proactively and retrospectively.

QRM PROCESS

Risk Management 11

Initiate Quality Risk Management Process

RISK IDENTIFICATION

RISK ANALYSIS

RISK EVALUATION

RISK ASSESSMENT

RISK REDUCTION

RISK ACCEPTANCE

RISK CONTROL

Output / Result of Quality Risk Management Process

REVIEW EVENTS

RISK REVIEW

RIS

K C

OM

MU

NIC

ATIO

N

UN

AC

CEPTA

BLE

RIS

K M

AN

AG

EM

EN

T T

OO

LS

INITIATING QRM

INITIATING QRM Define problem. Assemble the background information /

data. Identify a leader & necessary resource. Specify the time line.

TEAM SELECTION

Risk Management 15

TEAM SELECTION Implementing party, i.e. personnel with

appropriate product-specific knowledge and experience ( example from user departments like production, qa, qc and other).

Person should be able to Conduct risk analysis. Identify, analyze, evaluate, control,

communicate and review the risk. Consider the impact of risk findings on

related or similar products and /or process

RISK ASSESSMENT

Risk Management 17

RISK IDENTIFICATION Risk assessment begins with well-

defined problem description or risk question, which is more helpful to address the risk question.

For clearly defining risk, three fundamental questions are often helpful.What might go wrong? What is the likelihood (probability) it will go

wrong? What are the consequences (severity)?

Risk Management 18

RISK IDENTIFICATION Risk identification addresses the “What

might go wrong?” question, including identifying the possible consequences. This provides the basis for further steps in the quality risk management process.

Risk identification shall be done after elaborate team discussions based on prior knowledge, historical data, theoretical analysis, literature references and concerns of stake holders.

RISK ANALYSIS

Risk Management 20

RISK ANALYSIS Risk analysis is the estimation of the risk

associated with the identified hazards. Risk analysis is the qualitative or

quantitative process of linking the likelihood of occurrence and severity of harms.

RISK EVALUATION

Risk Management 22

RISK EVALUATION

Risk evaluation compares the identified and analyzed risk against given risk criteria.

Based on the outcome of the Risk Assessment the identified risk shall be analyzed / evaluated for severity and probability of occurrence.

Consider the strength of evidence for all the three fundamental questions before considering evaluation and ranking the risk.

Risk Management 23

RISK EVALUATION

During risk analysis and evaluation, input material characteristics, control and process understanding, output characteristics and controls, factors influencing the product quality shall be kept in mind.

Risk shall be assessed and documented .

When risk is evaluated, a numerical probability shall be used.

Risk Management 24

RISK EVALUATION

Calculate the Risk priority number as the multiplication of the risk numbers of severity, probability of occurrence and detection.

Risk Priority number = Severity x Probability x Detection.

Risk Management 25

QUANTIFICATION OF SEVERITY, OCCURRENCE AND DETECTION SHALL BE DONE AS GIVEN BELOW: SEVERITY(S) :

Level Patient Effect Process Effect

10 Patient getting effected Fatally

Irreparable damage to batch/product

Product Quality Attributes are affected. Possible regulatory deficiency / customer query

7

Patient is not affected fatally but deemed efficacy is not achieved. BUT the effect is Not noticeable.

Reprocessing is possible but without affecting the quality attributes

4

Patient is not affected fatally but deemed efficacy is not achieved.BUT the effect is noticeable and manageable.

Manufacturing related Deviations not affecting the quality of the product.

1 No impact on Patient. No impact on Process &

Quality

Risk Management 26

QUANTIFICATION OF SEVERITY, OCCURRENCE AND DETECTION SHALL BE DONE AS GIVEN BELOW: PROBABILITY OF OCCURRENCE(P) :

Level Patient Effect Process Effect

10

[Certainty] Availability of prior Knowledge/Information/Reference [KIR] that the phenomenon shall occur

Irreparable damage to batch/product

Product Quality Attributes are affected. Possible regulatory deficiency / customer query

7

[Uncertain] No KIR available with possibility of surprise/stray results.[risk]

Fairly certain of the chances.

4 [Uncertain] No KIR

available, but needs to studied .

Remote possibility of Chance

1 Availability of prior [KIR]

that the phenomenon shall NOT occur

Almost uncertain no probability to happen

Risk Management 27

QUANTIFICATION OF SEVERITY, OCCURRENCE AND DETECTION SHALL BE DONE AS GIVEN BELOW: DETECTION(D) :

Level Process Control Analytical Control

10

In-process Checks / Parameters / Systems/ Procedural controls are NOT available.

No Analytical Technique/Procedure is available.

7 In-Process parameters /

Procedural controls to be established.

Qualitative detection technique.

4 In-process Parameters /

Procedural controls to be standardized.

Quantitative Detection technique.

1 In-process Test/Checks/

Parameters / Systems are available.

Multiple analytical tests support Detection/Measurement of required attributes.

Risk Management 28

RISK EVALUATION The level of overall risk is calculated as :

RISK = (S) X (P) X (D) The Risk Priority Number (RPN / Over all

risk) changes based upon the risk. The risk assessment team shall decide the acceptance criteria. For example the Risk Priority Number (RPN /Over all risk) is categorized as below:

RISK PRIORITY NUMBER - RISK LEVELS 1-64 - Low 65 – 343 - Medium 344 – 1000 - High

Risk Management 29

RISK EVALUATION Rational :

Considering 4 out of 10 for severity, probability of occurrence and chance of detection the RPN of 64 is considered as low risk.

Considering 7 out of 10 for severity, probability of occurrence and chance of detection the RPN of 343 is considered as Medium risk and

above 343 is considered as high risk. Based on the process criticality and

requirements, an acceptable risk priority number shall be fixed to prioritize the risk control measures.

Risk Management 30

RISK EVALUATION Note: This acceptable level will depend on

many parameters and should be decided on a case-by-case basis.

Other appropriate tools, but not limited to like FMEA, FTA (Fault tree analysis), HACCP, HAZOP, (Hazard operability) PHA (Preliminary hazard analysis), Risk ranking, supporting statistical tools may be used to arrive at a detailed risk analysis.

After risk analysis process to mitigate the evaluated risks, team members shall meet to arrive at a formal decision to accept the residual risk.

RISK CONTROL

Risk Management 32

RISK CONTROL Risk control is decision making to reduce

and/or accept risks and to reduce the risk to an acceptable level.

The amount of effort used for risk control should be proportional to the significance of the risk.

During risk controlling, the following shall be focused. Is the risk above an acceptable level? What can be done to reduce or eliminate risks? What is the appropriate balance among benefits,

risks and resources? Are new risks introduced as a result of the

identified risks being controlled?

Risk Management 33

RISK CONTROL Based on the process criticality and requirements,

an acceptable risk priority number shall be fixed to prioritize the risk control measures.

Note: This acceptable level will depend on many parameters and should be decided on a case-by-case basis.

Once the above process is completed, if any mitigation is required, the actions to be taken, target date and the responsible person shall be identified by the user department along with the team and documented

If the risk control indicated is not considered adequate, the risk assessment shall be repeated with the available new knowledge. 

RISK COMMUNICATIO

N

RISK COMMUNICATION Sharing of information about risk and

risk management between the decision makers and others.

At any stage of QRM process. The output/ results of the QRM process

should be appropriately communicated and documneted.

RISK REVIEW

RISK REVIEW Risk management should be an ongoing

part of the quality management process.

The output/results of the risk management process should be reviewed to take into account new knowledge and experience.

The frequency of any review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions.

Risk Management 38

RISK SUMMARY /CONCLUSION During the risk summary /conclusion,

the risk reduction measures /actions taken to mitigate the severity and probability of harm shall be reviewed.

Once all agreed mitigation measures / actions are completed, the same shall be checked by the Department Head and acknowledged in summary and conclusion report

?Thank you