Risk management is the process of analyzing, identifying and responding to risk factors throughout the course of the project. Managing risks early on in the project is the best way to avoid project catastrophes. Continuously applying the right risk management tools early on and all the way through the life of the project will ensure that risks are aggressively managed.
Aspect of Project Risk Management:
Risk Identification: Likely to affect the project
Risk Quantification: Evaluation of risk to assess the range of possible outcomes
Risk Response Development: Planning response and mitigation
Risk Respond Control: Responding to changes in risk over the course of the project
Risk identification determines which risks are likely to affect the project. This aspect of Project Risk Management includes reviewing the lists of possible risk sources as well as the project team’s experiences and knowledge. Then risks are categorized and prioritized.
How do you identify and prioritize the risks you want to include?
The risk identification process on a project is typically one of brainstorming, and the usual rules of brainstorming apply:
1.The full project team should be actively involved.
2.Potential risks should be identified by all members of the project team.
3.No criticism of any suggestion is permitted.
4.Any potential risk identified by anyone should be recorded, regardless of whether other members of the group consider it to be significant.
5.All potential risks identified by brainstorming should be documented and followed up by the IPT.
Risk identification and assessment can extend towards to human factors as well. The following are a few
Devices used in an improper manner.
Devices not manufactured and developed with appropriate specifications.
Lack of user-friendliness.
In addition to identification, the time period for risk is as long as the product or the device is active. Plan and course of action for the device continues even after it is introduced in the market.
I identify risks from high to low and everything in between. I believe managing risk is a balancing act which takes time and skill to master. What you may not perceive is a high risk and miss-categorize it as a low or medium risk, could come back to bite you later on in the project. Risk avoidance or putting a risk off during each phase of a project does not do you or the project justice. Sooner or later, a risk needs to be addressed and mitigated so it should be managed as early on in the project as possible. If all high risks are mitigated down to mediums and lows, that would be acceptable for some projects and not acceptable for others.
I currently work as an R&D engineer for a medical device company, and have had some experience with working with the QA (quality) department on risk analysis. As our professor has mentioned in this week’s lecture the identification (assessment) of risks usually occurs in a brain storming team meeting. Generally the philosophy I have seen taken in order to try to identify all possible risks associated with the product is by asking the question, “What can possibly go wrong with the product?” From there you try to think about and identify all possible failure modes and misuse scenarios in which can possibly occur. That approach should cover the vast majority of the identification piece, but there may be some additional risks that will need to be identified based on each specific product. Prioritization should generally come from the output of what would happened if the identifies risk actually occurs. If the outcome of a risk could cause death or serious injury it should treated with high priority, and if the outcome of a risk would mainly be related to customer annoyance with minimal adverse effects than it should be treated as low priority.
I also work as an R&D engineer for a medical device company, and one thing I have noticed in my company is a lack of brainstorming to identify potential risks. I have found that many times our QA department just uses a lot of data from previous projects and automatically applies it to the new device since most of our devices are quite similar in their design and application. However, I don't think this is the best way to go about identifying risk, because especially with different surgical approaches there may be the potential for different risks. Therefore I think it is very important to engage the full project team to brainstorm about all the potential risks that could occur.
To add to previous posts on this forum, an approach I have seen is to breakdown risk analysis in three parts; design, manufacturing, and use of finished product. These analyses may involve experts from each area of focus, for example; the risk analysis related to design would include engineers involved in the design of the device to identify ways or modes in which the design might fail, the manufacturing risk analysis would include assembly and automation engineers involved in the device manufacturing process to identify ways or modes in which a failure in the process could lead to a device malfunction, and risk analysis would involve human factors experts assessing use errors i.e. critical and important tasks users need to perform in order to safely use the finished product and consequences in case these tasks are not performed as per the product intended use. Once the failure modes/ use errors are identified they are prioritized based on the company risk criteria and acceptability which is usually defined upfront as part of the risk management plan.
I work for a medical device company as a manufacturing engineer. It is part of every design change procedure to conduct a Cause and Mitigation Impact Assessment where we evaluate the risks associated with the proposed changes. There is a set matrix of potential hazards, their causes, and mitigations. The intent of the meeting is to evaluate any impact to the existing hazards, causes, and mitigations as well as to assess if the design change introduces any new hazards, causes, and mitigations. Risk assessment is typically a cross functional effort. But the meetings are conducted by approved risk management facilitators. I would say, I think my company should provide more training for engineers to better assess risks and priorities independent of the facilitators.
I mentioned in the Risk management meeting thread of a system to follow when brainstorming for potential risks
During the brainstorming process identifying risks, priority should be placed on the risk of the most critical parts of the device that cannot be avoided, followed by the risk on that can be mitigated or transferred, then lastly risks that can be accepted. this same procedure should be taken with level of parts with decreasing criticality until the entire device has been reviewed. by prioritizing types of risks during brainstorming, the risk identification process should require less rounds of analysis to properly document and address all risks involved.
Additionally, as some have mentioned above the entire team should take part in identifying risks. for all participating team members, brainstorming should take place in a two phases. first each individual should attempt to identify risks on their own, writing it down before discussing and brainstorming collectively with the team. this process helps prevent idea "anchoring" and promotes more unique perspectives during the meeting.
Risk identification is an important aspect of medical device development. It is better to prevent than to fix because fixing implies that damage has been dealt. Risk identification is part of risk identification, which is the mitigation of the potential setbacks or complications that may arise during the development that may potentially cost a lot. Risk identification includes the evaluation of the device and the parts and processes that come with it. To accomplish an effective risk identification, different sectors involved involved in the project must meet together in order to evaluate the risks and benefits that accompany the development. It is important to point out the presence of different perspectives in the meetings because they will provide different points of views that will help in the evaluation of the device. It is important to keep an open and critical mind in order to thoroughly make sure that the device is examined. It would also be a good idea to have outside contractors or actual possible users, come in and evaluate the device in order to have a testimonial on the state of the device. After identification, the risks will then be classified and this is done in order to prioritize which problems must be solved first or which risks can be ignored for the mean time. This is also important because in this point, the developers must do a benefit/risk balance since not all problems can be solved.
Project Risk Management works to manage the possible risks a project may have and how to fix it. With Project Risk Management, projects are planned to have fewer risks. With Risk Identification, the risks that could affect the project are identified and listed. As many have already stated, a major factor to consider when doing risk identification is to have the product viewed by potential users. This way they will be able to evaluate the product and determine possible risks it may have. This would the best way to receive feedback firsthand from people who would be using the product. Identifying the risks early on is more effective when it comes to sales. If most risks are recognized before selling of the product, there will be less chance for recalls and problems to arise.
While it is essential for the entire team to identify risks during development, it falls primarily to the Quality Assurance team to ensure that risks are properly identified and accounted for. For this reason, an introductory job quite a few biomedical engineers enter into upon graduation is the QA department, where employees predict how customers will use and, inevitably, break products. My medical sensors instructor's first job was essential to find novel ways to break medical devices to check for their risks and tolerances.
Much like many other aspects of medical device development, the project manager is the next most responsible for risk management, followed by the rest of the team associated with a certain product. As Myton mentioned, this is an absolutely essential job and the consequences of failing to do a good job can be severe (including personal consequences for the team involved).
I agree with ds654 that the full project team should be actively involved in the process of risk identification and that every contribution of each member should be well-documented whether other members consider it significant or not. The best way to identify risks is through past experience, and this includes both negative and positive feedback. Both external and internal risks must be identified, and risks should be clearly defined. Efforts should also be made to identify whether or not the past risks were handled properly. With regards to prioritizing of risks, risks are considered as tools. As such, these tools should be aligned in such a manner that they work for the benefit, not against an individual or an organization.
Risk analysis is a tool to evaluating any risk or incident that can happen to the patients who are using medical devices. Risk identification is the important part the sooner, the risk are identified ,sooner methods or plans can be made to mitigate or avoiding the risks . Risk identification helps to identify the events in early stage which will have negative impact on product's performance. Risk identification should be covered in number of project documents like Statement of work, work breakdown structure, budget, schedule Project team participation and face to face interaction are needed to encourage communication which are essential for effective risk identification. Effective risk identification include input from entire project team and from members outside. The objective of risk identification is identify all possible risk so that solution can be found to mitigate those risks.
Like everyone suggested in the previous posts, Information Gathering techniques are proven for Risk identification. These techniques involve sessions like Checklist analysis where risks in previous devices have been ticked out. Also Assumption analysis help identify any new risks which can be eliminated. These analysis need to be crosschecked with the Risk register. A Risk Register is a living document which is updated regularly throughout the life cycle of the device. It has the documents and historical records that are used for future projects. The risk register includes a list of previous risks and their potential response, root causes of risk and updated risk categories.