As per ICH Q9 “Quality Risk Management is a systematic process for the assessment, control, communication and review of risks to the quality of the product throughout its life cycle.” There are many methods and tools to perform Quality Risk Management. It is important to understand that none of the tool or set of tools are sufficient to address every situation of Quality Risk Management. Some of the important tools are as follows:
- Basic Risk Management Facilitation Methods
- Failure Mode and Effects Analysis (FMEA)
- Failure Mode, Effects and Criticality Analysis (FMECA)
- Fault Tree Analysis (FTA)
- Hazard Analysis and Critical Control Points (HACCP)
- Hazard Operability Analysis (HAZOP)
- Preliminary Hazard Analysis (PHA)
- Risk Ranking and Filtering
- Supporting Quality and Statistical Tools
In this article we shall be discussing about one of the simpler and useful tool i.e. Risk Ranking and Filtering.
What is Risk Ranking and Filtering (RRF)?
Risk Ranking and Filtering (RRF) is a process of comparing and ranking risks. RRF provides focus on critical risks within a system. RRF breaks down the overall risk into various risk components. Each risk component is then evaluated and their individual contributions to overall risk is estimated.
Who perform RRF?
RRF shall be performed by a team of cross functional experts. This helps to bring the knowledge and experience of the people from different fields regarding product and process. It also helps to remove the individual bias if any. Wherever required, additional support may also be sough from external vendors who are Subject Matter Experts. The cross functional team shall be selected based on the requirements of the project. The team may include personnel from research and development, production, quality control, quality assurance, regulatory, projects, engineering, administration etc.
What are the uses of RRF?
RRF can be used to prioritize manufacturing sites for inspection/audit by regulators or industry. Risk ranking methods are particularly helpful in situations in which the portfolio of risks and the underlying consequences to be managed are diverse and difficult to compare using a single tool. Risk ranking is useful for management to evaluate both quantitatively-assessed and qualitatively-assessed risks within the same organizational framework. It is beneficial to use a RRF risk assessment tool when there are many risks to be managed and they are diverse and difficult to compare.
How to perform RRF?
- Defining risk question and scope:
The tool involves breaking down a basic risk question into as many components as needed to capture factors involved in the risk. Answering risk questions represents the ultimate goal of the risk assessment. The examples of risk questions are as follows:
- How many times the firm has been audited?
- What were the types of observations in previous audits (Critical/ Major/ Minor)?
- What is the status of action taken for addressing the observations?
The scope of the RRF should be clearly defined. Too wide scope may lead to teams putting needless efforts.
- Risk Assessment:
The subsequent step in RRF is to perform risk assessment. Foremost step is to identify the source of risks which are further categorized (like 6 M approach of fishbone diagram i.e. Man, Machine, Method, Material, Mother Nature, Measurements etc. or as per department like production, engineering, stores, administration, quality etc.) for the ease of assessment.
All the probable risks shall then be evaluated on the basis of severity and probability of occurrence. In some cases, if required probability of risk detection may also be included. The factors shall then be scored by using appropriate method. The scores shall then be added or multiplied or may be weighted based on the importance of a criteria to the overall risk. On the basis of the scores thus obtained, the risks are then ranked from high priority to low or no priority.
- Risk Control:
Once the risk is identified and ranked, the next task is to identify the means to control the risk. For planning the risk control strategy, the already ranked risks are then filtered into the ones which require highest control strategy and the ones which require medium or lower control strategy. Filtering process may lead to remove the risks which do not require control at all.
- Risk Review:
After the implementation of control strategy, the effectiveness of the same may be evaluated by carrying out the risk review. Rescoring and cross verification may be used to review the risk. Feedbacks, management review, quality management systems may further help to assess whether the RRF strategy adopted was satisfactory and the control strategy thus implemented is effective enough.
- Documentation:
Establish documentation concerning all procedures and keep records appropriate to their application.
Reference: