Risk Assessments: The aim of writing one is to evaluate hazards, then remove that hazard or minimise the level of its risk by adding control measures, as necessary.
The five steps of the risk management process are identification, assessment, mitigation, monitoring and reporting.
On the whole, I find people are frightened of writing risk assessments. They are the least popular QMS item to be undertaken and are very often thrown to QA to complete. Writing risk assessments can be a stand-alone exercise or associated with a change control or CAPA.
During audits, when reviewing risk assessments, it is apparent that not everyone understands that the severity of a risk cannot change.
If your Quality System uses the basic RPN (Risk Priority Number) approach of Probability of the Occurrence 1-5 X Severity of the Harm 1-5, the severity of the outcome cannot change.
For example, if you are walking down Oxford Street with your phone in your hand engrossed in finding the best-discounted cocktail, and you step out in front of a bus, the severity you could endure is a 5 out of 5, the highest possible, it could even be fatal.
So, my Probability x Severity score would be 4 x 5 = 20.
Even once you have put mitigating action items in place, eg training people in how to approach roads in busy London through an SOP and looking up local cocktail bars before you set off, the Probability of the Occurrence would (hopefully) drop to a 1 but the Severity of the Harm if you got hit by the bus would still be a 5.
So, my Probability x Severity score would be dropped to a 1 x 5 = 5.
This would take the risk rating number from a high to a low.
Within my risk assessments, I like to record in separate columns the following:
What the risk is
Probability of the Occurrence X Severity of the Harm RPN
Mitigating Action Items
New Probability of the Occurrence X Severity of the Harm RPN
How to communicate it out – eg SOP, QMR meeting, training
Top Tips
Include personnel from all relevant departments.
Do a risk assessment as a joint or group activity – people get braver in numbers.
There is no daft suggestion.
Useful risk tools – RPN, FMEA, Ishikawa.
The amount of effort used for risk control should be proportional to the risk score. Not all risks can be eliminated. Some risks have to be accepted.