As a nuclear engineer, risk assessment and management is very important. I wanted to highlight on one of the risk analysis tools used for risk management for nuclear power plants. When I worked at a nuclear power plant, I used Bayesian updating to predict if a system would fail in the plant or not. We would try to turn on the system and every time we tried to turn it on and it either didn't turn on or stalled, we would count that as a fail. We used this raw data to predict when a system would fail so that we could take it out before it failed. I think that it is a very reliable and practical way to assess risk and ensure people are safe.
Another method used is Expected Damage-Cost Analysis (EDCA). This method evaluates how often different hazards occur and ultimately estimates the damage cost per year. Results also include suggestions for precautionary measures such as investments and design/planning. This method takes into account the frequency of different hazards and a factor of vulnerability. Furthermore, human variables, technique, environment and economic consequences for the production environment are studies.
One of the method to use from the design perspective is R & M or reliability and maintainability. As a Design engineer, I want to make sure that the product will be reliable after further use. The product should also have low cost and easy maintainance going forward. The causes for maintenance and operating costs need to be studied in the initial phase of the a projecct. By studying the operation and enviornmental characteristic, wear, tear and degradation causes cost drivers might be identified and evaluated.
For the most part, risk-management methods consist of the following elements, performed, more or less, in the following order.
1.identify, characterize threats
2.assess the vulnerability of critical assets to specific threats
3,determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)
4.identify ways to reduce those risks
5.prioritize risk reduction measures
For medical devices there is an ISO standard which is ISO 14971. ISO 14971 is the Application of Risk Management to medical devices. In general, it states the specification for manufacturers to identify the hazards associated with medical devices, including in vitro diagnostic medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The five steps of Risk Management for Medical Devices given by FDA and/or ISO. Also, Dr.Simon spoke on these briefly as well.
1) Risk Management Framework & Planning
2) Risk Analysis
3) Risk Evaluation
4) Risk Control
5) Reports and Documents
What I find interesting is the Risk Evaluation matrix. A matrix of severity versus occurrence can be used to establish risk. The concept is simple but the effect of visually seeing it helps me to realize if something is high severity vs low occurrence vs high severity and high occurrence.
A few points for risk management: 1) ISO 14971, this standard is accepted throughout the world
2)FMEA is not risk management
3) establish a risk management policy and procedure
4)keep severity, probability, and risk levels simple
45use risk management as a tool during design and development as well as AFTER.
There are a lot of articles online that discusses risk management and common mistakes to avoid.
As we are studying risk management methods. I found a good article that stated points about good risk management technics. There are a variety of techniques that organizations will use during the identification process to establish solid risk management strategies. The following are a few examples of how people identify corporate risk:
1) Brainstorming
2) Interviews and self-assessments
3) Risk surveys
4) Event inventories or loss data
5) Facilitated workshops
6) Root cause and Checklist analysis
7) SWOT analysis
8) Influence diagrams
9) Expert judgement
10) Assumption analysis
There are several approaches used to manage risk in a project as mentioned by many in here. The fundamental steps for risk management are to establish the goals and context, identify risks, analyzing the identified risks, asses or evaluate the risks, manage the risks, monitor and review the risks, and continuously communicate. Communication is essential for the risk management method. some methods also include Expert panels, SWOT analysis, Delphi analysis, PEST analysis, Cross-impact analysis and scenarios of development.
One technique for risk analysis that I came across is a bottom-up approach called HAZOP (Hazard and operability). This is usually used for more complex devices that has a very involved process. In this instance, multiple control factors are identified and evaluated using a risk matrix. Another approach is FTA (fault tree analysis), which is a top-down approach where unwanted consequences or results are discussed and any contributing factor is identified. Then those factors are categorized into logic gates, where if two events combined, it would result in another larger scale event.
There are lots of tools and methods used in managing risk. That been said we do not want to confuse “ways on how to deal with risks” with the actual tools or methods needed to manage or mitigate risk.
The Failure Mode Effects Analysis (FMEA) that has been mentioned about by all and in the course material as well, is a very good tool and can be extremely helpful for design and development teams but FMEA is more of a reliability tool rather than a risk management system. It mainly analyze and evaluate the risk but does not give the solutions on how to manage it. To manage the risk that has been evaluated, Avoidance or Mitigation which are commonly use in medical device can be applied. Sometime “Acceptance” can be one way to manage risk but this can be used depending on the output of the evaluated risk.
Another tool that can be used in managing risk is the “Corporate Governance”. This is a corporate management tool to manage failure control, it is now used a lot in strategic and contingency planning. For example the Y2K treats which can affect medical devices that contain hardwired computer chips or that use date sensitive software. These include X-ray machines, CT and MRI scanners, diagnostic testing and monitoring equipment, IV and infusion pumps, and even pacemakers. Hospital OR, ER, and ICU monitoring systems may malfunction or cease functioning.
In addition to what the others have said, Pareto diagram is a great way to identify which problems should be prioritized based on the cumulative effect it has on a system. While the length of the bars represents the frequency or cost (time or money), the bars are arranged with the longest bars to the right and shortest bars to the right. This way it depicts which situation is the most significant.
There are several methods of project risk management in common use. Some are extremely cost-effective but the subject still attracts a lot of muddled thinking and well-intentioned efforts that can absorb more effort than the benefit they deliver. It is important to be clear about what you want from risk management and how it fits into your organisation’s other processes and tailor your approach to suit. Informal direct assessment of risks – experienced judgement Checklists – lists of risks that have happened before or features of a project generally thought to be risky
Another risk management method is Root Cause Analysis (RCA), which gets to the main reason for risk. It identifies the fundamental risks involved in a project, usually after the problem has come up. RCA asks questions such as: "what happened? how? and why did it happen?", in order to prevent or decrease the chances of the same problem occurring in the future. RCA is most effective when conclusions are backed up by evidence. Furthermore, one typically finds that there are more than one root causes for a problem or event when performing an RCA. Therefore, in risk management, it may be important to go straight to the root causes for certain problems.
Reference: https://www.projectmanager.com/blog/risk-management-tools-techniques
As Dr. Simon has mentioned in this week video lecture, method to analyze risks and one of the method he talked about is Failure Mode, Effects, and Criticality Analysis (FMECA). FMECA is potentially utilized for failure and risks associated with manufacturing processes. It is used to analyze the probability of failure against the severity of their consequences. I would like to discuss some other methods such as
Quality risk management methods and tools
•Basic Risk Management Facilitation Method- organizing data and facilitating decision making such as flowchart, check sheets, process mapping, and cause and effect diagram.
•Fault Tree Analysis (FTA) - a pathway to evaluate system failures one at a time. It is a function as a diagnostic tool to identify and fully solve the issue so it would not cause other issues later on.
•Hazard Analysis and Critical Control Points (HACCP)-a tool for assuring product quality, reliability, and safety. It applies scientific principles to analyze, evaluate, prevent, and control the risk. It is use to identify and manage risks associated with physical, chemical, and biological hazards.
•Risk Ranking and Filtering- evaluate qualitative and quantitative factors for each risk. The potential use is to prioritize manufacturing sites for inspection/audit by regulators or industry.
•Supporting Statistical Tools- support and facilitate quality risk management. They can enable effective data assessment, aid in determining the significance of the data set, and facilitate more reliable decision making.
What are the other risk management methods?
I like to talk about Basic risk management methods. As jp582 mentioned, it is basically making a checklist of factors for the related project. This checklist must-have elements related to 5 basic concepts. These are avoidance, retention, sharing, transferring, and loss prevention & reduction. Avoidance, as the meaning of the word suggests, avoids the activities that are risky and unnecessary to avoid the risk(s) from happening. A great example of this could be eating responsibly not to have diabetes or obesity in the future. Although this doesn't mean you won't have it ever, it reduces the chance you might have it, thus give you the chance to avoid it ever happening. The second is retention. Retention means that you accept a major risk, and if it happens, it will be costly. To reduce the damage, it might have you accept a risk that has more likelihood of happening but not as costly as the previous risk. To give an example of this, we can talk about shopping. Let's say there is a need to buy a car. The choices are either a used one or a new one for the brand and the model you picked. You can buy the cheaper version, but it has a higher risk of getting broken, and, likely, it won't be covered. A new car can get broken too, but it is first less likely second since it will be covered. Yes, the new car will be more expensive than the used car, but if it breaks down, the money you will need to get it fixed will be less to none. Thirdly sharing is another way of the basic risk management method. It gets to be more effective when the number of the sharing parties for the identified risk(s). It is useful for the risks that cannot be avoided with any approach, and by sharing the risks, the out-of-pocket money that needs to be paid if the risk becomes a reality will be less. Another method would be transferring the risks. This is basically the same thing as buying insurance. If the risk happens, the insurance company, according to the agreement, will cover the cost of the risk if it happens. In a way, it is similar to retention but usually with less pay. Lastly, there is loss prevention & reduction methodology. This approach tries to minimize the loss in the event of the risk happening rather than eliminating it. Trying to eliminate risk(s), if possible, can be costly. This way, while accepting there will be a risk, we are making sure it won't be as much as costly if it happens.
FMEA seems intriguing, Roberto. Being able to predict when your gadget will break and then address those faults might lead to a more durable and dependable product. On the other hand, if you are unable to correct those flaws, this might be a sign that the project should be put on the market. This appears to be something that might be beneficial to risk management.