Risk factors are occurrence, severity, and noticeability, as said in the lecture. I think another factor that can be used to assess risks are consequences. While most high severity and high occurrence risks will probably be mitigated or avoided, some low risks may be enticing endeavors to pursue. The consequences should be considered in case of the infrequent failure does occur. A small monetary loss might be more manageable than a full-on lawsuit due to damages. If a risk is small, however comes with a large price tag, that should be assessed and evaluated.
All risk is valued by Failure Mode Effects and Criticality Analysis (FMECA). It is an approach to analyze risk. Certain factors that contribute to determining the risk values are how something can fail, the severity of the consequences, and the probability that it will fail. The severity, significant and minor is evaluated with high, intermediate, or low while occurrence is frequent, infrequent, or occasional. Based on the analysis, companies make a decision whether it is worth to take the risk or terminate the project.
You mentioned two of the big factors: Severity (S) of the failure and Occurrence (O) of the failure. These determine how serious the problem is, and how often it happens. A third factor which my company uses is the Detection (D) which is how likely you are to be able to detect the problem. These three factors are given numerical values and then multiplied together (SxOxD) to get the Risk Priority Number (RPN). The values mentioned are usually discussed in a meeting of representatives from quality and manufacturing engineering departments to make sure the correct prioritization is given to the failure. If a new solution is discovered which lowers the risk, these values can be modified as a reflection of the process or design improvement.
Although severity and number of occurrence are the main large categories that must be looked at for risk management, there should be more evaluation and discussion of other categories such as user's age, quality of life after product failure, cost of replacement, cost of losing or damaging brand name, number of users, shares affected, patterning companies affected, etc.
To elaborate on one of the above mentioned category: User's age, is a very important category that is actually analyzed a lot when evaluating orthopedic implants. About 40-50 years ago, hip and knee replacements were meant for people over 50 years, so failure after 10-20 years was not taken too seriously. Now a days, people as young as 20 or 30 get such replacements, so risk analysis patterns have changed, and failure after 10-20 years is a high risk.
How I remember it from the lecture, the three risk factors are Severity (S), occurrence (O), and noticeability (N) or S.O.N. The product of the numerical values for these three factors is how the Risk Priority Number (RPN) is assigned. For my analogy, you would want to minimize the amount of risks you would both want to take with your son and want your son to take. Similarly, you want to lower the severity, occurrence, and/or noticeability of the risk in order to lower the RPN. The lower you can get the RPN number, the better off you are.
An important factor of determining the value of the risk index is the tolerability of the risk. Often low risks such as mild discomfort associated with the use of the device can receive a low index number even if the chance of occurrence is very high. In this situation both the tolerability and severity of risk make the risk index low. However, if the patient is a child or a toddler, discomfort can impact the completion of treatment and therefore the tolerability of the risk is decreased resulting in a higher risk index.
You have encompassed just about all of what goes into risk assessment with the two categories of "how often the failure occurs" and "severity of the failure." However, both of these could be expanded upon to get a better idea of exactly what amount of risk is involved. For example, "severity of the failure" is quite broad and difficult to quantify, but if it is broken down into how many people effected, how long of delay as a result, and severity of possible injury sustained, there can be a much better idea gotten as to what this risk encompasses.
The factors contributing to risk values include occurrence, severity of the failure and noticeability as given in Dr. Simon’s lecture. The severity is measured based on severe, significant and minor while occurrence is measured based on frequent, infrequent or occasional. Based on the risk matrix, the industries calculate the risk values in analyzing the project outcome.
The definition of risk index is the overall result of a risk assessment. All indicators and indexes can be used in the calculation for the risk index. It is a composite of the likelihood and impact index. Therefore, by definition, the following factors can be considered to help determine the risk index of the product. Including: frequency, severity, product self influence, human factor influence, environmental factor influence, etc.
Another factor contributing to risk values is the percentage of false-positives or false negatives, particularly for diagnostic devices. For example, if a patient is scanned (with X-ray, MRI, ultrasound, etc.) and the result is actually a false positive, then the patient would be falsely diagnosed and may receive unnecessary treatment. This is dangerous, since the patient may either have a different medical problem which uses a different treatment, or the patient may be paying for unnecessary costs of treatment. On the other hand, if the patient is scanned and the result is actually a false negative, then the patient could have a disease but the device could not correctly detect it, thus causing the patient to not receive treatment at all. Both cases are not only misleading, but carry risks as well, thus must be factored into the risk index.
Another factor contributing to risk values is the percentage of false-positives or false negatives, particularly for diagnostic devices. For example, if a patient is scanned (with X-ray, MRI, ultrasound, etc.) and the result is actually a false positive, then the patient would be falsely diagnosed and may receive unnecessary treatment. This is dangerous, since the patient may either have a different medical problem which uses a different treatment, or the patient may be paying for unnecessary costs of treatment. On the other hand, if the patient is scanned and the result is actually a false negative, then the patient could have a disease but the device could not correctly detect it, thus causing the patient to not receive treatment at all. Both cases are not only misleading, but carry risks as well, thus must be factored into the risk index.
I want to talk about Magnetic Resonance Imaging (MRI) or Functional MRI (fMRI) in risk management. Although both MRI and fMRI were really useful both in research and diagnosis purposes, they are currently not counted as an exact science in medical doctors' eyes. One of the main reasons for this is that both MRI and fMRI are not single patient dependable. As my colleague suggested, it can give you false negative or false positive results; thus, whenever there is a positive result on the scans, it must be backed up by bloodwork, symptoms, etc. The reason it can produce false negative or false positive results is mainly the noise factor. There are different kinds of noises within an MRI machine. Some of them can be managed; thus, still, it can produce false-positive or false-negative results. The best way to deal with random noise is to do a group study, which is the main reason why MRI and fMRI are not single patient dependable. Of course, there are other factors, too, but the topic is risk management in fMRI and MRI. As I mentioned earlier, although both MRI and fMRI widely used and still getting to be used around the world both for research and diagnoses purposes, in terms of diagnoses, it either must be a scan with a really significant cluster, or it must be backed up by additional factors supporting the same diagnoses to be an effective tool so it can be applicable with risk management procedures and rules.
In medical devices specifically, I would think that the nature of how a device may fail and harm an individual and the extent of the harm would impact and contribute to the risk value. While the likelihood of failure/risk is also important, I think that, for example, a risk that could result in death may be higher than a risk that could result in minor injury even if the minor injury may be slightly more likely. Similarly to how the FDA organizes medical products, if one risk is higher or more substantial than another then it should be ranked higher.
I too agree with the comments above. The probability of occurrence and the severity of the risk drive the risk values. The occurrence can be frequent, infrequent or occasional, and the severity can be severe, significant or minor. These factors are inputted into a risk matrix to determine high, intermediate or low levels of risk. The corresponding risk levels will help determine the benefit analysis of risk for a device.
Risk impact and probability are used to calculate the risk score value (Calculated risk) for a particular risk. Risk impact and probability are lookup values in the system that have numeric values (LOOKUP_ENUM) assigned to them. In order to calculate risk you take the Risk Index (R) The Risk Index is calculated as follows: R = (1- C/100*Q/100*S/100)*100 and is expressed in percent. If a negative number is calculated (due to having a Completeness greater than 100%), round R up to 0.
What factors contribute to determining values for risk index numbers.
Two examples are 'how often the failure occurs'? and 'what is the severity of the failure?'.
There are several factors that contribute to determining values for risk index numbers. Factors such as the number of dangerous events per year, the probability of damage to the structure, and the losses in case of a damages are a few examples. These factors can also be broken down. In the number of dangerous events per year, things considered are events in the structure, events near the structure, events in the power line that affect the structure, and events near the power line that affect the structure. The probability of damages include direct injuries to living beings, physical damage to the structure, and damage to electrical and electronic systems. The losses are divided into 4 types: human losses, losses of service, losses of cultural heritage, and economic losses.
