Risk Assessment and

Risk Assessment and

Management
Management
Allen L. Burgenson
Allen L. Burgenson
Manager, Regulatory Affairs
Manager, Regulatory Affairs
Lonza Walkersville Inc.
Lonza Walkersville Inc.
Standard Disclaimer
Standard Disclaimer
Standard Disclaimer
Standard Disclaimer
:
:
This presentation is the opinion of the presenter,
This presentation is the opinion of the presenter,
and does not necessarily represent the opinions
and does not necessarily represent the opinions
or practices of Lonza Inc. or its subsidiaries.
or practices of Lonza Inc. or its subsidiaries.
Overview
Overview

Concepts
Concepts

Definitions
Definitions

Specific Applications
Specific Applications
What is Risk
What is Risk
Risk and Consequences
Risk and Consequences
Definitions
Definitions
Hazard: Hazard:
The potential source of harm (ISO/IEC Guide 51) The potential source of harm (ISO/IEC Guide 51)
Risk: Risk:
The combination of the probability of occurrence of harm, The combination of the probability of occurrence of harm,
and the severity of that harm (ISO/IEC Guide 51) and the severity of that harm (ISO/IEC Guide 51)
Quality: Quality:
The degree to which a set of inherent properties of a The degree to which a set of inherent properties of a
product, system, or process fulfills requirements. (ICH Q9) product, system, or process fulfills requirements. (ICH Q9)
Definitions
Definitions
Risk Risk Acceptence Acceptence: :
The decision to accept risk (ISO Guide 73) The decision to accept risk (ISO Guide 73)
Risk Analysis: Risk Analysis:
The estimation of the risk associated with the identified The estimation of the risk associated with the identified
hazards (ICH Q9) hazards (ICH Q9)
Risk Assessment: Risk Assessment:
A systematic process of organizing information to support a A systematic process of organizing information to support a
risk decision to be made within a risk management risk decision to be made within a risk management
process. It consists of the identification of the hazards, and process. It consists of the identification of the hazards, and
the analysis and evaluation of risks associated with the the analysis and evaluation of risks associated with the
exposure to these hazards (ICH O9) exposure to these hazards (ICH O9)
Definitions
Definitions
Risk Communication: Risk Communication:
The sharing of information about risk and risk The sharing of information about risk and risk
management between the decision maker and the management between the decision maker and the
stakeholder stakeholder
Risk evaluation: Risk evaluation:
The comparison of the estimated risk to given risk criteria The comparison of the estimated risk to given risk criteria
using a quantitative or qualitative scale to determine the using a quantitative or qualitative scale to determine the
significance of the risk significance of the risk
Risk identification: Risk identification:
The systematic use of The systematic use of informaton informaton to identify potential to identify potential
sources of harm (hazards) referring to the risk question or sources of harm (hazards) referring to the risk question or
problem description. problem description.
Definitions
Definitions
Risk management: Risk management:
The systematic application of quality management policies, The systematic application of quality management policies,
procedures and practices to the tasks of assessing, procedures and practices to the tasks of assessing,
controlling, communicating, and reviewing risk. controlling, communicating, and reviewing risk.
Risk reduction: Risk reduction:
Actions taken to lessen the probability of occurrence of Actions taken to lessen the probability of occurrence of
harm and the severity of that harm. harm and the severity of that harm.
Risk review: Risk review:
Review or monitoring of output/results of the risk Review or monitoring of output/results of the risk
management process considering (if appropriate) new management process considering (if appropriate) new
knowledge and experience about the risk. knowledge and experience about the risk.
Definitions
Definitions
Severity: Severity:
A measure of the possible consequences of a hazard A measure of the possible consequences of a hazard
Stakeholder: Stakeholder:
Any individual, group, or organization that can affect, be Any individual, group, or organization that can affect, be
affected by, or perceive itself to be affected by a risk. affected by, or perceive itself to be affected by a risk.
Decision makers might also be stakeholders. Decision makers might also be stakeholders.
Hazard
Hazard

A real or potential condition, situation, or agent
A real or potential condition, situation, or agent
that could cause immediate or long
that could cause immediate or long
-
-
term harm
term harm
to people or an organization; damage or loss of
to people or an organization; damage or loss of
a system, equipment, property, or the
a system, equipment, property, or the
environment, or other things of value
environment, or other things of value
James L. Vesper James L. Vesper
Risk Assessment and Risk Management in Risk Assessment and Risk Management in
the Pharmaceutical Industry (2006) PDA/DHI the Pharmaceutical Industry (2006) PDA/DHI
Risk
Risk

Risk is the possibility that human activities or
Risk is the possibility that human activities or
natural events will lead to consequences that
natural events will lead to consequences that
affect what people value. It is a measure of the
affect what people value. It is a measure of the
potential ability to achieve overall program
potential ability to achieve overall program
objectives within defined costs, schedule, and
objectives within defined costs, schedule, and
performance criteria. Risk has three
performance criteria. Risk has three
components:
components:
What could go wrong? What could go wrong?
What is the What is the probability probability of failing to achieve a of failing to achieve a
particular outcome? particular outcome?
What is the What is the impact impact of failing to achieve a particular of failing to achieve a particular
outcome? outcome?
The Risk Management Process
The Risk Management Process

System Definition
System Definition

Hazard Identification
Hazard Identification

Risk Estimation
Risk Estimation

Risk Evaluation
Risk Evaluation

Risk Control
Risk Control

Risk Monitoring and Re
Risk Monitoring and Re
-
-
evaluation
evaluation

Risk Communication
Risk Communication
The Risk Management Process
The Risk Management Process
System, Product, or
Process
Definition
Hazard Identification
Risk Estimation
Monitoring and
Re-evaluation
Risk Acceptable?
Control and Mitigation
YES NO
Risk Management
Risk Analysis Tools:
- PRA
- FMEA
- FTA
- HAZOPS
- HACCP
- ETC.
Communication
Vesper, 2006
S
y
s
t
e
m
D
e
s
c
r
i
p
t
i
o
n
R
i
s
k

A
n
a
l
y
s
i
s
R
i
s
k

A
s
s
e
s
s
m
e
n
t
Risk Management Process
Risk Management Process

Establish overall structure, goals
Establish overall structure, goals

Establish team
Establish team

Define the scope for the process/product
Define the scope for the process/product

Identify the potential hazards
Identify the potential hazards

Identify how risk can be expressed and criticality
Identify how risk can be expressed and criticality

Determine if the risk is acceptable
Determine if the risk is acceptable

If risk is to be controlled, identify appropriate
If risk is to be controlled, identify appropriate
methods
methods
Risk Management Process
Risk Management Process

Re
Re
-
-
evaluate the controlled risk to determine if
evaluate the controlled risk to determine if
risk is now acceptable
risk is now acceptable

Implement risk control methods
Implement risk control methods

Compile records to document activities
Compile records to document activities

Monitor the process for effectiveness
Monitor the process for effectiveness

Actively communicate with stakeholders
Actively communicate with stakeholders
throughout the process!
throughout the process!
System Definition
System Definition

What is to be evaluated?
What is to be evaluated?

What stage of production is being evaluated?
What stage of production is being evaluated?

Why is this being evaluated?
Why is this being evaluated?

Assemble cross
Assemble cross
-
-
functional team for assessment
functional team for assessment
Hazard Identification
Hazard Identification

Is there an intrinsic hazard?
Is there an intrinsic hazard?

Are there multiple hazards?
Are there multiple hazards?

Are the hazards immediately detectable, or are
Are the hazards immediately detectable, or are
they long
they long
-
-
term?
term?

Does the hazard trigger a chain reaction of
Does the hazard trigger a chain reaction of
events?
events?

Who or what do the hazards effect?
Who or what do the hazards effect?
Risk Estimation
Risk Estimation

What is the probability that the risk is
What is the probability that the risk is
expressed?
expressed?

Qualitative
Qualitative

Semi
Semi
-
-
quantitative
quantitative

Quantitative
Quantitative

What is the impact of the resulting effects?
What is the impact of the resulting effects?

Local effects
Local effects

End effects
End effects
Risk Evaluation
Risk Evaluation

Is the risk acceptable?
Is the risk acceptable?

Do the risks need to be mitigated or controlled?
Do the risks need to be mitigated or controlled?

ALARA
ALARA

As Low As Reasonably Achievable

As Low As Reasonably Achievable

ALARP
ALARP

As low As Reasonably Practicable

As low As Reasonably Practicable
Risk Control
Risk Control

How can the risk be controlled?
How can the risk be controlled?

Substitution
Substitution

Uncoupling
Uncoupling

Process simplification
Process simplification

Isolation
Isolation

Elimination
Elimination

Changing conditions
Changing conditions

Providing more information
Providing more information
Risk Control
Risk Control

How can the risk be controlled?
How can the risk be controlled?

Decreasing the frequency of an event happening
Decreasing the frequency of an event happening

Decreasing the consequences
Decreasing the consequences

Duplicating assets
Duplicating assets

Changing the source
Changing the source

Implementing standard procedures
Implementing standard procedures

Engineering controls
Engineering controls

Training and preparedness
Training and preparedness
Risk Monitoring and Re
Risk Monitoring and Re
-
-
evaluation
evaluation

Collect data on the process
Collect data on the process

Have any unpredicted risks appeared?
Have any unpredicted risks appeared?

Risk environment changes
Risk environment changes

Company expectations
Company expectations

Regulatory environment
Regulatory environment

Societal expectations
Societal expectations
Risk Communication
Risk Communication

Effective communication should take place
Effective communication should take place
throughout the entire risk management process.
throughout the entire risk management process.

Include ALL stakeholders!
Include ALL stakeholders!
Risk Assessment Tools
Risk Assessment Tools

FMEA and FMECA
FMEA and FMECA

Fault Tree Analysis
Fault Tree Analysis

Event Tree Analysis
Event Tree Analysis

Hazard Operability Studies
Hazard Operability Studies

HACCP
HACCP

Preliminary Risk Analysis
Preliminary Risk Analysis

etc.
etc.
FMEA and FMECA
FMEA and FMECA

Failure Mode Effects Analysis
Failure Mode Effects Analysis

Failure Mode Effects & Criticality Analysis
Failure Mode Effects & Criticality Analysis

Adds criticality analysis to FMEA
Adds criticality analysis to FMEA

Structured inductive tools to identify known or
Structured inductive tools to identify known or
potential failure modes
potential failure modes
FMEA and FMECA
FMEA and FMECA

Benefits:
Benefits:

Used to examine high
Used to examine high
-
-
level systems or small
level systems or small
components
components

Scalable
Scalable

Quantitative or semi
Quantitative or semi
-
-
quantitative
quantitative

Limitations
Limitations

Each event is a separate occurrence
Each event is a separate occurrence

Does not show interactions
Does not show interactions
FMEA and FMECA
FMEA and FMECA
1.
1.
Define what is being analyzed
Define what is being analyzed
2.
2.
Identify the potential failure modes
Identify the potential failure modes
3.
3.
Identify the effects of each failure mode
Identify the effects of each failure mode
4.
4.
Rate each effect for:
Rate each effect for:

Probability of occurrence
Probability of occurrence

Severity
Severity

Detectability
Detectability

Calculate Risk Priority Number
Calculate Risk Priority Number
RPN = probability x severity x detectability* RPN = probability x severity x detectability*
FMEA and FMECA
FMEA and FMECA
5.
5.
Prioritize the effects based on RPN and
Prioritize the effects based on RPN and
determine risk acceptability
determine risk acceptability
6.
6.
If risk acceptable, continue monitoring
If risk acceptable, continue monitoring
7.
7.
If risk must be modified or eliminated,
If risk must be modified or eliminated,
consider appropriate control or mitigation
consider appropriate control or mitigation
strategies
strategies
8.
8.
Prepare report and retain documentation
Prepare report and retain documentation
The PROBABILITY of Occurrence
near certain significant data on similar activities 10
significant likelihood limited prior data on similar activities 9
good likelihood no prior data on similar activities 8
good likelihood limited data on dissimilar activities 7
fair likelihood significant data on dissimilar activities 6
fair likelihood limited data on similar activities 5
fair likelihood significant data on similar activities 4
low likelihood limited data on similar activities 3
very low likelihood significant data on similar activities 2
virtually no likelihood significant data on the same activity 1
Probability of Occurrence Probability of Occurrence
of Adverse Event of Adverse Event
Amount of Data Amount of Data Probability Probability
Rating Rating
IMPACT OF RISK ON THE PERFORMANCE OF THE PRODUCT OR
SERVICE
there is no alternative or solution critically negative impact 10
even the work-arounds present significant risk critically negative impact 9
extensive work-arounds are necessary significant, negative impact 8
extensive work-arounds may be necessary significant, negative impact 7
requires work-arounds to meet acceptable
tolerances
significant, negative impact 6
requires modest changes in production impact negatively 5
requires very minor changes in production impact negatively 4
remains within acceptable tolerances some negative impact 3
remains well within acceptable tolerances some negative impact 2
none no measurable impact 1
Process Changes Product or Service Quality
Impact
Impact
Rating
Impact and Probability The Severity Index
Highest Impact of the Risk Event
P
r
o
b
a
b
I
l
I
t
y
Severity
10 10 20 30 40 50 60 70 80 90 100
9 9 18 27 36 45 54 63 72 81 90
8 8 16 24 32 40 48 56 64 72 80
7 7 14 21 28 35 42 48 56 63 70
6 6 12 18 24 30 36 42 48 54 60
5 5 10 15 20 25 30 35 40 45 50
4 4 8 12 16 20 24 28 32 36 40
3 3 6 9 12 15 18 21 24 27 30
2 2 4 6 8 10 12 14 16 18 20
1 1 2 3 4 5 6 7 8 9 10
1 2 3 4 5 6 7 8 9 10
Risk Level Definition
High
60 & above
Because concerted and continual emphasis and coordination may
not be sufficient to overcome major difficulties, these events must
be placed in the program and fully funded. They are likely to cause
significant disruption in the schedule, increase in cost (relative to the
total production cost of the product), and/or degradation of technical
performance.
Medium
20 - 59
Special emphasis and close coordination will be required to
mitigate this risk. Should this risk occur significant disruption of
schedule, increase in cost (relative to the production cost of the
product) and/or degradation of technical performance is likely.
Low
Below 20
Normal emphasis and close coordination should be sufficient to
mitigate major difficulties. However, should this risk occur, there is
potential for disruption of schedule, increase in cost (relative to the
production cost of the product), and/or degradation of technical
performance. Fund at the risk-adjusted value.
Risk in Project Management
Risk in Project Management
When
everything
everything is a priority,
nothing
nothing is a priority!
The PROBABILITY of Occurrence
near certain significant data on similar activities 10
significant likelihood limited prior data on similar activities 9
good likelihood no prior data on similar activities 8
good likelihood limited data on dissimilar activities 7
fair likelihood significant data on dissimilar activities 6
fair likelihood limited data on similar activities 5
fair likelihood significant data on similar activities 4
low likelihood limited data on similar activities 3
very low likelihood significant data on similar activities 2
virtually no likelihood significant data on the same activity 1
Probability of Occurrence Probability of Occurrence
of Adverse Event of Adverse Event
Amount of Data Amount of Data Probability Probability
Rating Rating
1. A risk event occurs, and has a small, immeasurable impact on the activity
under assessment.
2. A risk event occurs, and the time to complete the activity under assessment
has been extended by 1 month.
3. A risk event occurs, extending the activity schedule by 2 to 3 months.
4. A risk event occurs, extending the activity schedule by 3 to 6 months.
5. A risk event occurs and extends the activity schedule by 6 to 9 months.
6. A risk event occurs and extends the activity schedule by 9 to 12 months.
7. A risk event occurs and extends the activity schedule by 12 to 18 months.
8. A risk event occurs and extends the activity schedule by 18 to 24 months.
9. A risk event occurs and delays the activity schedule by more than two years.
10. A risk event occurs and it stops the program!
IMPACT ON THE ACTIVITY SCHEDULE SHOULD A RISK EVENT OCCUR
Risk Effects on Timelines
Risk Effects on Timelines
Proj ect " A" Ti mel i nes
Pessi mi sti c
Real i sti c
Optomi sti c
0 2 4 6 8 10 12 14 16 18 20
1
HACCP
HACCP

Hazard Analysis and Critical Control Points
Hazard Analysis and Critical Control Points

Originally established for use in the food
Originally established for use in the food
industry
industry

A system of hazard control pioneered by the
A system of hazard control pioneered by the
Pillsbury Co.
Pillsbury Co.

Now accepted internationally as a system of
Now accepted internationally as a system of
food risk assessment.
food risk assessment.

Can easily be adapted to other industries
Can easily be adapted to other industries
HACCP Preliminary Activities
HACCP Preliminary Activities
1. Assemble the HACCP team
2. Describe the product and its distribution
3. Describe the intended use and consumers of
the product
4. Develop a process flow diagram
5. Verify the flow diagram
HACCP Principles
HACCP Principles
1.
1.
Conduct a Hazard Analysis
Conduct a Hazard Analysis
2.
2.
Identify the Critical Control Points in the
Identify the Critical Control Points in the
Process
Process
3.
3.
Establish critical limits associated with each
Establish critical limits associated with each
identified control point
identified control point
4.
4.
Establish CCP monitoring requirements
Establish CCP monitoring requirements
HACCP Principles
HACCP Principles
5.
5.
Establish corrective action when deviation
Establish corrective action when deviation
occurs
occurs
6.
6.
Establish effective recordkeeping to document
Establish effective recordkeeping to document
HACCP system
HACCP system
7.
7.
Establish procedures to verify HACCP system
Establish procedures to verify HACCP system
is working
is working
8.
8.
Establish procedures to verify HACCP system
Establish procedures to verify HACCP system
is working
is working
Conduct a Hazard Analysis
Conduct a Hazard Analysis

Team uses the process flow diagram to identify
Team uses the process flow diagram to identify
any risks that may occur at a given process step.
any risks that may occur at a given process step.

Assess the risks for probability of occurrence
Assess the risks for probability of occurrence
and impact
and impact

Assess potential preventative measures
Assess potential preventative measures
Identify the Critical Control Points in the
Identify the Critical Control Points in the
Process
Process

A critical Control Point is a step or procedure
A critical Control Point is a step or procedure
that can be applied, and a food hazard
that can be applied, and a food hazard
prevented, eliminated, or reduced to an
prevented, eliminated, or reduced to an
acceptable level.
acceptable level.

Example: a specified heat process, at a given
Example: a specified heat process, at a given
time and temperature to destroy a specified
time and temperature to destroy a specified
microbial pathogen, is a CCP.
microbial pathogen, is a CCP.
Establish Critical Limits Associated
Establish Critical Limits Associated
With Each Identified Control Point
With Each Identified Control Point

A critical limit is defined as a criterion that must
A critical limit is defined as a criterion that must
be met for each preventative measure associated
be met for each preventative measure associated
with a CCP.
with a CCP.

Each CCP may have one or more preventative
Each CCP may have one or more preventative
measures for the CCP
measures for the CCP
Establish CCP Monitoring
Establish CCP Monitoring
Requirements
Requirements

Monitoring is a planned sequence of
Monitoring is a planned sequence of
observations to assess if a CCP is under control,
observations to assess if a CCP is under control,
and produce an accurate record.
and produce an accurate record.

If monitoring shows the process to begin to lose
If monitoring shows the process to begin to lose
control, the process can be modified to bring it
control, the process can be modified to bring it
into control.
into control.
Establish Corrective Action When
Establish Corrective Action When
Deviation Occurs
Deviation Occurs

Develop a plan to:
Develop a plan to:

Dispose of non
Dispose of non
-
-
compliant product
compliant product

fix or correct the cause of the deviation
fix or correct the cause of the deviation

maintain records documenting the corrective actions
maintain records documenting the corrective actions

The data must demonstrate that the CCP can be
The data must demonstrate that the CCP can be
brought into control
brought into control
Establish Effective Recordkeeping
Establish Effective Recordkeeping
To Document HACCP System
To Document HACCP System

The HACCP records should:
The HACCP records should:
List the HACCP team and responsibilities List the HACCP team and responsibilities
Describe the product and intended use Describe the product and intended use
Contain a flow diagram indicating the Contain a flow diagram indicating the CCPs CCPs
Identify hazards associated with each CCP and Identify hazards associated with each CCP and
preventative measures preventative measures
Critical limits Critical limits
Describe the monitoring system Describe the monitoring system
Describe corrective action plans Describe corrective action plans
Describe recordkeeping procedures Describe recordkeeping procedures
Describe procedures for verification of HACCP system Describe procedures for verification of HACCP system
HACCP Flowchart
HACCP Flowchart
Risk and Consequences
Risk and Consequences
Risk and Consequences
Risk and Consequences
"Red on yellow, kill a fellow. Red on black, won't hurt Jack."
For Additional Information
For Additional Information
Vesper, James Risk Assessment and Risk Management in Vesper, James Risk Assessment and Risk Management in
the Pharmaceutical Industry Clear and Simple. 2006. the Pharmaceutical Industry Clear and Simple. 2006.
PDA/DHI PDA/DHI
ICH Q9 Quality Risk Management (2006) U.S. Food & ICH Q9 Quality Risk Management (2006) U.S. Food &
Drug Administration. Drug Administration.
HACCP: Establishing Hazard Analysis Critical Control HACCP: Establishing Hazard Analysis Critical Control
Point Programs (1993) Food Processors Institute Point Programs (1993) Food Processors Institute
ISO/IEC Guide 73:2002 ISO/IEC Guide 73:2002 Risk Management Risk Management Vocabulary Vocabulary- -
Guidelines for use in standards Guidelines for use in standards
Stamatis, D.H. Failure Mode and Effect Analysis (1995) Stamatis, D.H. Failure Mode and Effect Analysis (1995)
ASQ Quality Press ASQ Quality Press
Thank You!
Thank You!