Risk management is not a lifecycle process! I totally agree to this that company should take care of risk management not only in the beginning of the production but during entire time of the production. Biggest example of this is TATA Steel:

The metal giant was fined £1.98m after two workers suffered injuries to their hands in two separate incidents involving machinery. One lost two thirds of his left hand and his middle and ring fingers while trying to clear a blockage on a line manufacturing steel tubes, which had unsuitable guarding; elsewhere a team leader lost part of his little finger when his left hand was caught in a lathe.
Source: 5 companies that got risk wrong - and paid the price.

1) FORGETTING ABOUT THE USER:- Companies usually forget the main reason why they are developing a product. Failing to include the user in the process often starts right at the beginning of the development process, Ideally, you want to have the user involved in the process of documenting user needs from the beginning.
2)FAILING TO DOCUMENT DESIGN CONTROLS OR DHF:- Sometimes developers get so focused on the end goal that they forget about the process and don’t capture or document what they should.
3)DELAYING IMPLEMENTING YOUR QUALITY MANAGEMENT SYSTEM:- it’s never a good plan to delay setting up your QMS, QMS is a basic requirement and you can expect that FDA or the relevant regulatory authority you’re dealing with will want to examine it in an inspection.
4) NOT DEFINING REGULATORY STRATEGIES:- This is a basic, yet common mistake in that developers underestimate the regulatory requirements that they need to follow for their particular device, or they go ahead and take a guess. And for starters, a lot rides on how your product is classified.
5) NOT KEEPING GOOD RECORDS:- There’s failing to document, but then there’s also documenting things poorly. There is a record keeping element to every aspect we’ve talked about in previous sections and it’s important to do this well.
6) RUSHING HUMAN TESTING:- It’s common to want to get human study done quickly, but companies often haven’t done a thorough job of safety testing first. It’s disturbing how casually this often seems to be treated; particularly, where the company acts as though using a country with less regulations for testing makes it ok. I feel like if you’re using your product on humans! There should be evidence of controls during manufacturing, biocompatibility testing etc., to prove the product is safe first.

I don’t agree with this reason. For an effective product design, I believe risk management and design controls should occur in parallel to one another. That way risks can be identified in each step of a design and fixed immediately. The second reason is true. The reason most companies fail to effectively assess risk is because it is approached as another task that needs to be checked off rather than a way to improve product design. In terms of reason three, I believe FMEA and risk management are both necessary in improving over all product design. Finally, risk management should be a never ending process. New risks can always arise even when a product goes out for production.

I think that is anything in industry can easily lose its real purpose in the face of company agenda. Risk management should exist to insure that the used is completely safe and hot harmed at all by the device. However, risk management it use to insure that the devices safe for the company to sell, keeping the company’s agenda as a first priority and the used and as being part of the company agenda. I think that it should be the other way around.

It is always good to have wide variety of inputs from people at all steps of product process to analyse and identify risks because its difficult to know when and how a risk can occur. Even after the product is in the market, a company should keep a track of how the product is functioning, are there any risks which have occured etc. From these data the company should be able to take necessary actions if there are any risk incidents reported.

Risk analysis, risk identification should be done at all points in the product develepoment. It should not be considered as separate task that should be done at the end stage of the product development. And also risk analysis should continue even afer the product is released in the market. This gives better feedback about the product to the company.

I believe this article has a many valid points. Risk management and design control should be used together to make sure everything runs smoothly for the product that is being designed. If they are used separately, many simple mistakes can occur that can cause problems in the future. Some mistakes that occur are not doing documentation when it’s necessary and holding it off for later. The article states to do it right away and not to do it later because you won’t have time later which is absolutely true. Many people think paperwork wastes a lot of time but it’s necessary to do it because when an issue occurs, you can use this paperwork to backtrack and see where the problem happened and solve it. Risk management should also be used during every aspect of the medical device development. If different departments are not looking at risk management for their portion of the design then more risks can arise in the future. Devices are used to help people but it has to be risk proof for people to use it otherwise it’ll be harder to sell or use for patients. I also believe something that is very important for risk management is reviewing everything that is done to make sure nothing was missed in the first place. Taking a second glance from multiple people can help to find mistakes and help the device become safer. Also simple mistakes should never be overlooked because these can cause bigger issues in the future as well.

These are very common causes for risk management mistakes. But in essence, these mistakes are due to lack of comprehensive knowledge of risk management. Here I wanna add one more mistake that could occur in risk management, which is the overestimation or underestimation of a potential risk by misunderstanding its occurrence mechanism, possibility, and chain consequences. This mostly lead to a bad risk measurement that lead the project to failure or over budget, and cost a lot of money to cover for that unexpected risk or unnecessary risk. In my opinion, this mistake also needs to be knowingly avoided.

I agree with the error that risk management is not a life cycle process because it is not something which is at the last step instead it should be a continues process throughout the development of the device. Risk analysis meeting is important it is more than one meeting. Risk should not be relying on the historical data. Risk manager has to identify the risks in any product.

I read another article on risk management and it mentions other errors: 1) Lack of integration: silos between risk management and development 2) Understand and incorporate "intended use" in your risk management process 3) Failing to conduct and document risk-related activities in real time 4) Failing to document design controls or DHF 5) delaying implementing your quality management system. There are so many risk in medical device from start to finish so it's best to analyze risk at every step.

I agree with everyone that says the error is the non-life cycle process of the risk management meetings. I agree with this because one risk meeting in the beginning of the product development does not clear up the other risk that can rise later on. The development of a product does not have one clear path there will be obstacles that would divert the plan causing changes, which can create more risk factor to the product. Risk meeting should be throughout the process because they will help determine and analysis the risk.

I do agree with you guys that risk management meeting or job is not a stage of the project, It goes all allow from the beginning to the end and sometime even after the product is out to the market as Dr. Simon mentioned in our last meeting. Also, I think everything in risk management should not be based on predictions, However more no true input and analysis. Also, I disagree that We assume that risk can be measured by standard deviation, especially when it is based on older data. Standard deviation used more for finance as a measure of investment risk and shouldn’t be used in risk management. I believe this is one of the common mistake or wrong methodology to depend on it.

There is no project that is completed without going through any risk (as a part the process), thus, it is necessary to deal with those associated risks in a well-managed way, and avoid mistakes that others did previously in similar field and projects. As my classmates mentioned many possible mistakes that would hinder the project successful functionality, here I would add more of what I found also in my brief online research:"
1. Considering only threats, not opportunities (few managers fail to consider an opportunity as a risk event)
2. Failing to identify the sources, consequences, and outcome of a risk (identify what is causing the risk)
3. Not considering other possible risky incidents in addition to adopting checklists (identify risk is to maintain a checklist)
4. Belittling impacts of risk events (must consider every aspect while determining the risk impact value of the project)
5. Poor project planning
6. Ignorance about potential risks (prioritize the risks which could help in managing the project threats and opportunities)
7. The terms “risk response planning” or “mitigation” are often used interchangeably
8. Ignoring Contingency plans (could act as a backup plan)
9. Lack of accountability of team members for specific risk events
10. Failure to recognize risk management as a continuous process"

Source: medicaldevicecourses website: Top 10 Risk Mistakes in Project Management: How to avoid them? by Maria Thomas

I think one reason why companies get risk analysis wrong is because they know it requires a lot of work. What I mean by this is that once risks are identified and a plan is put out to deal with those risks, part of doing the risk analysis is to follow up with those tasks. If a new risk is identified along the way that maybe wasn't thought of before, that also requires a plan to be mitigated to be put into the risk matrix. As stated before by others, risk management requires a lot of "up-keep" because you should be updating it along the development process. Other mistakes include trying to find the "easy way out" of completing the risk analysis and not taking into account any small detail that could impact the performance of the product.

I agree with the issues you listed above and there are many ways that risk management can go wrong. One of the ways could be reckless risk taking and it happens when the team is not taking sufficient risk oversight and there is no responsibility or efforts taken to ensure proper risk taking. Having no strategy when integrating risk management is a big issue because it results in unrealistic objectives that the risk management will fail to preform. Also, Normal human bias when considering risk is one and it could lead to failure. Taking the time to plan the risks is a huge step towards success because when decisions are made in a rush further in the development while lacking a thorough plan, causes failures that process down and affects other parts like a ripple effect.