We all know the story, we need to validate a process/equipment/software so let’s use a risk based approach to apply scientific rationale and just test the components that are critical and key to enhancing patient safety and product quality.

In reality performing a successful quality risk management approach is very difficult and often leads to “Let’s just test everything”.

So why are risk assessments so difficult to get right? Below are some of the key reasons why.

1. Fear of Resistance

People do not like the unkown and putting their head on the chopping block for something that appears to be subjective.

2. Commitment

Often commitment from senior management is limited they just want to see action.

3. SOP’s

Has to be in-built to company policy but often SOP’s are not detailed enough or more often too complicated to follow.

4. Lack of Control

More often than not a tool such as MS Excel is used which is hard to control and maintain accurately.

5. Critical Aspects

Critical aspects are not focused on.

6. Incorrect Tool Used

The incorrect risk process is used (FMEA, HAZOP, FTA etc)

7. Subjectivity

A lot of subjectivity and uncertainty.

8. Availability

SME’s not available or don’t want to take a risk.

9. Scoring

Scoring systems are subjective.

10. Results of Score

What does a certain score actually mean?

11. Challenge of Controls

Insufficient challenging of the controls.

12. Translating Output

Difficult to translate output to a validation protocol.

13. Consistency

Lack of consistency to determine risk scores.

14. Personal Opinions

Judgement based on individual, personal impressions, feelings and opinions rather than external facts.

15. Complicated Forms

Risk assessment forms are long and difficult to fill out.

16. Hard to Collaborate

Collaboration on assessments is difficult – SEM’s always too busy.

17. Everything is High

Easy to say everything is high risk – Cover your back syndrome.

18. Bite-size Chunks

Inability to break down complex process into simple manageable units.

19. No Facilitator

No facilitator or independent entity to manage the process.

20. Too Many Cooks

Too many contributors that don‘t add value.

21. Lack of Training

Lack of training on how to successfully perform a risk evaluation.

22. Challenge Assumptions

Inability to challenge assumptions.