Risk management is a central part of any organization's strategic management. It helps understand potential upside and downside factors that can affect the organization. The key aspects of risk management include risk identification, analysis, evaluation, and assessment to understand probability of success, failure, and uncertainty. It then focuses on risk reduction, control, and acceptance. The overall goal is to increase probability of success while reducing probability of failure and uncertainty of achieving objectives.

1. Presented by
Geethasravya.Sunkavalli

2.  Risk can be defined as the
combination of the probability
of an uncertain, sudden or
extreme event and its
consequences
 In all types of undertaking,
there is the potential for events
and consequences that
constitute opportunities for
benefit (upside) or threats to
success (downside).
Risk Management 2

3.  The key word in the
definition of risk is
uncertain event.
 The challenge is to
identify a potential
event which, if it
happened, could trigger
a set of undesirable
consequences for the
Organization
Risk Management 3
Risk is characterized
by an uncertain
event (or
uncertainty) that
may carry a
potential impact on
the organization.

4. With the goal of achieving
sustained benefit within
each activity and across the
portfolio of all activities.
It is the process whereby
organizations methodically
address the risks attached
to their activities
Risk Management 4
Risk
management is a
central part of
any
organization's
strategic
management.

5.  The focus of good risk management
 Is the identification and treatment of these
risks.
 Objective is to add maximum sustainable
value to all the activities of the
organization.
Risk Management 5
Helps understand the potential upside and
downside of all those factors which can
affect the organization
Increases the
probability of
success,
Reduces probability
of failure and the
uncertainty of
achieving objectives

6. Patient
protection
Risk
assessment
Process
understanding
Regulations
Scientific knowledge/ principles

7.  All quality risk evaluations must be based on
Scientific and process-specific knowledge and
ultimately linked primarily to the protection of the
patient.
 The level of effort, formality and documentation of
the QRM process should be commensurate with the
level of risk.
 When applied, processes using QRM methodologies
should be dynamic, iterative and responsive to
change.
 The capability for continual improvement should be
embedded in the QRM process.

9.  Raising the level of protection for the patient
by reduction of the risk to which that patient
is exposed at the time he receive a drug
product.
 Applied in both proactively and
retrospectively.

11. Risk Management 11
Initiate Quality Risk Management Process
RISK IDENTIFICATION
RISK ANALYSIS
RISK EVALUATION
RISK ASSESSMENT
RISK REDUCTION
RISK ACCEPTANCE
RISK CONTROL
Output / Result of Quality Risk Management
Process
REVIEW EVENTS
RISK REVIEW
RISKCOMMUNICATION
UNACCEPTABLE
RISKMANAGEMENTTOOLS

13.  Define problem.
 Assemble the background information / data.
 Identify a leader & necessary resource.
 Specify the time line.

15.  Implementing party, i.e. personnel with
appropriate product-specific knowledge and
experience ( example from user departments
like production, qa, qc and other).
 Person should be able to
 Conduct risk analysis.
 Identify, analyze, evaluate, control,
communicate and review the risk.
 Consider the impact of risk findings on
related or similar products and /or process
Risk Management 15

17.  Risk assessment begins with well-defined
problem description or risk question, which is
more helpful to address the risk question.
 For clearly defining risk, three fundamental
questions are often helpful.
 What might go wrong?
 What is the likelihood (probability) it will go
wrong?
 What are the consequences (severity)?
Risk Management 17

18.  Risk identification addresses the “What
might go wrong?” question, including
identifying the possible consequences. This
provides the basis for further steps in the
quality risk management process.
 Risk identification shall be done after
elaborate team discussions based on prior
knowledge, historical data, theoretical
analysis, literature references and concerns
of stake holders.
Risk Management 18

20.  Risk analysis is the estimation of the risk
associated with the identified hazards.
 Risk analysis is the qualitative or quantitative
process of linking the likelihood of
occurrence and severity of harms.
Risk Management 20

22.  Risk evaluation compares the identified and
analyzed risk against given risk criteria.
 Based on the outcome of the Risk Assessment
the identified risk shall be analyzed /
evaluated for severity and probability of
occurrence.
 Consider the strength of evidence for all the
three fundamental questions before
considering evaluation and ranking the risk.
Risk Management 22

23.  During risk analysis and evaluation, input
material characteristics, control and process
understanding, output characteristics and
controls, factors influencing the product
quality shall be kept in mind.
 Risk shall be assessed and documented .
 When risk is evaluated, a numerical
probability shall be used.
Risk Management 23

24.  Calculate the Risk priority number as the
multiplication of the risk numbers of
severity, probability of occurrence and
detection.
 Risk Priority number =
Severity x Probability x Detection.
Risk Management 24

25. Level Patient Effect Process Effect
10 Patient getting effected Fatally
 Irreparable damage to
batch/product
 Product Quality Attributes
are affected. Possible
regulatory deficiency /
customer query
7
Patient is not affected fatally
but deemed efficacy is not
achieved. BUT the effect is Not
noticeable.
 Reprocessing is possible but
without affecting the quality
attributes
4
Patient is not affected fatally
but deemed efficacy is not
achieved.
BUT the effect is noticeable and
manageable.
 Manufacturing related
Deviations not affecting the
quality of the product.
1 No impact on Patient.
 No impact on Process &
Quality
Risk Management 25

26. Level Patient Effect Process Effect
10
 [Certainty] Availability of
prior
Knowledge/Information/Refe
rence [KIR] that the
phenomenon shall occur
 Irreparable damage to
batch/product
 Product Quality Attributes
are affected. Possible
regulatory deficiency /
customer query
7
 [Uncertain] No KIR available
with possibility of
surprise/stray results.[risk]
Fairly certain of the chances.
4
 [Uncertain] No KIR available,
but needs to studied .
Remote possibility of Chance
1
 Availability of prior [KIR]
that the phenomenon shall
NOT occur
Almost uncertain no
probability to happen
Risk Management 26

27. Level Process Control Analytical Control
10
 In-process Checks /
Parameters / Systems/
Procedural controls are NOT
available.
 No Analytical
Technique/Procedure is
available.
7
 In-Process parameters /
Procedural controls to be
established.
 Qualitative detection
technique.
4
 In-process Parameters /
Procedural controls to be
standardized.
 Quantitative Detection
technique.
1
 In-process Test/Checks/
Parameters / Systems are
available.
 Multiple analytical tests
support
Detection/Measurement of
required attributes.
Risk Management 27

28.  The level of overall risk is calculated as :
 RISK = (S) X (P) X (D)
 The Risk Priority Number (RPN / Over all risk)
changes based upon the risk. The risk assessment
team shall decide the acceptance criteria. For
example the Risk Priority Number (RPN /Over all
risk) is categorized as below:
 RISK PRIORITY NUMBER - RISK LEVELS
 1-64 - Low
 65 – 343 - Medium
 344 – 1000 - High
Risk Management 28

29.  Rational :
 Considering 4 out of 10 for severity, probability
of occurrence and chance of detection the RPN
of 64 is considered as low risk.
 Considering 7 out of 10 for severity, probability
of occurrence and chance of detection the RPN
of 343 is considered as Medium risk and
 above 343 is considered as high risk.
 Based on the process criticality and
requirements, an acceptable risk priority
number shall be fixed to prioritize the risk
control measures.
Risk Management 29

30.  Note: This acceptable level will depend on many
parameters and should be decided on a case-by-
case basis.
 Other appropriate tools, but not limited to like
FMEA, FTA (Fault tree analysis), HACCP, HAZOP,
(Hazard operability) PHA (Preliminary hazard
analysis), Risk ranking, supporting statistical
tools may be used to arrive at a detailed risk
analysis.
 After risk analysis process to mitigate the
evaluated risks, team members shall meet to
arrive at a formal decision to accept the residual
risk.
Risk Management 30

32.  Risk control is decision making to reduce and/or
accept risks and to reduce the risk to an
acceptable level.
 The amount of effort used for risk control should
be proportional to the significance of the risk.
 During risk controlling, the following shall be
focused.
 Is the risk above an acceptable level?
 What can be done to reduce or eliminate risks?
 What is the appropriate balance among benefits, risks
and resources?
 Are new risks introduced as a result of the identified
risks being controlled?
Risk Management 32

33.  Based on the process criticality and
requirements, an acceptable risk priority number
shall be fixed to prioritize the risk control
measures.
 Note: This acceptable level will depend on many
parameters and should be decided on a case-by-
case basis.
 Once the above process is completed, if any
mitigation is required, the actions to be taken,
target date and the responsible person shall be
identified by the user department along with the
team and documented
 If the risk control indicated is not considered
adequate, the risk assessment shall be repeated
with the available new knowledge.
Risk Management 33

35.  Sharing of information about risk and risk
management between the decision makers
and others.
 At any stage of QRM process.
 The output/ results of the QRM process
should be appropriately communicated and
documneted.

37.  Risk management should be an ongoing part
of the quality management process.
 The output/results of the risk management
process should be reviewed to take into
account new knowledge and experience.
 The frequency of any review should be based
upon the level of risk. Risk review might
include reconsideration of risk acceptance
decisions.

38.  During the risk summary /conclusion, the risk
reduction measures /actions taken to
mitigate the severity and probability of harm
shall be reviewed.
 Once all agreed mitigation measures /
actions are completed, the same shall be
checked by the Department Head and
acknowledged in summary and conclusion
report
Risk Management 38

40. Thank you