1

02/02/2021
QUALITY RISK MANAGEMENT
Part 1: General principle

HUYNH NGOC SANG

TECHNICAL SECTOR
CONTENT 2

02/02/2021
1. Objectives
2. Target group
3. Regulatory background
4. Methodology
1. Objectives 3

02/02/2021
 Understanding the principle of Quality Risk Management
2. Target groups 4

02/02/2021
 Technical Department
 Regulatory Affairs Department
3. Regulatory background 5

02/02/2021
3. Regulatory background 6

02/02/2021
 EudraLex – Volume 4 – Chapter 1
To achieve this quality objective reliably there must be a comprehensively designed
and correctly implemented Pharmaceutical Quality System incorporating Good
Manufacturing Practice and Quality Risk Management
 ICH Q9
Principles and examples of tools for quality risk management
 7

02/02/2021
4. METHODOLOGY
Definition 8

02/02/2021
 Risk = severity x probability (x detectability)

 Hazard: Potential source of Harm

 Harm: Damage to health, including the damage that

can occur from loss of product quality or availability
Fundamental risk concepts 9

22/05/2021
Fundamental risk concepts 10

22/05/2021
Stakeholders 11

02/02/2021
Patient safety

Regulatory conformity

Staff safety
Business
Benefits 12
Risks
managed

02/02/2021
from early
in the
lifecycle
Increased
compliance

QRM

Fewer Higher
surprises efficiency

Knowledge
management

QRM should never be used to deviate from regulations, justify bad practices, defend practices
that need to be corrected, or as a substitute for sound science.
Lợi ích 13

02/02/2021
Tiền cứu
Earlier risk
Identification
More effective
management

Hồi cứu
Not all risks can be
identified prospectively
Principle 14

02/02/2021
 We can’t totally avoid risks
Principle 15

02/02/2021
 The evaluation of the risk to quality should be based on scientific knowledge and
ultimately link to the protection of the patient

 The level of effort, formality and documentation of the quality risk management
process should be commensurate with the level of risk.
Principle 16

02/02/2021
 Effort
 Cost
 Time
 Labor
 Formality
 Technical/Scientific Rationale
 Simple risk assessment (Risk ranking, checklist, decision tree...)
 Detailed risk assessment (FMEA, HACCP, PHA…)
 Documentation
 Stand-alone report, or linked to other controlled GMP documents
 May integrate into existing controlled GMP documents
General process 17

02/02/2021
Initiate QMS Process 18

02/02/2021
 Planning activities should include (depending on formality of assessment):
 Clearly describing the specific problem/ risk question
 Identify a risk management team and resources required
 Determine the best approach and/or tool to use to complete the risk assessment
 Determine how the QRM activities will be documented
 Collecting background information and available data
 Specify a timeline, deliverables and appropriate level of decision making
 Defining a reporting and communication plan
Initiate QMS Process 19

02/02/2021
 Examples of risk question:
 How often should a manufacturing site be audited to assure GMP compliance?
 What root causes of non-conformances should we prioritize for remediation?
 What are the potential risks associated with changing the frequency of weighing device
performance verification testing from the current schedule (e.g. daily) to an alternate,
longer period
Risk Assessment 20

02/02/2021
Three fundamental questions:
1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?

Some forms of risk assessment:

 a technical or scientific rationale developed for a problem statement,
 an impact assessment,
 application of a formal risk management tool or methodology
Risk Identification 21

02/02/2021
 Identify:
 Hazards and the possible consequences
 Failure modes and the possible effect What might go
wrong?
 ….
 Based on:
 historical data,
 theoretical analysis,
 technical analysis,
 advice from technical experts,
 concerns of stakeholders
Risk Identification 22

02/02/2021
 Possible tools:
 process mapping
 fault tree analysis
 and fishbone analysis.
 5M 1E rule:
 Environment
 Machine
 Materials
 Man
Fault Tree Analysis (FTA)
 Methods
 Measurements
Risk Analysis What is the likelihood (probability) it 23
will go wrong?
What are the consequences (severity)?

02/02/2021
 Risk = severity x probability (x detectability)

 Team discussion is particularly useful

 Risk Analysis is the qualitative or quantitative process of linking the likelihood of

occurrence and severity of harms, sometimes detectability.
Risk Analysis 24

02/02/2021
Risk Evaluation 25

02/02/2021
 Output of a risk assessment:
 Quantitative: numerical probability (RPN, risk score…)
 Qualitative: qualitative descriptors (high, medium, low)
 Compare the identified and analyzed risk against given risk criteria
Risk Evaluation 26

02/02/2021
 The quality of the outputs of a risk assessment exercise usually depend on:
 the robustness of the data
 the assumptions
 sources of uncertainty related to the exercise, such as gaps in the level of knowledge
about the sources of harm and in product and process understanding.
Risk Control 27

02/02/2021
 Risk control might focus on the following questions:
 Is the risk above an acceptable level?
 What can be done to reduce or eliminate risks?
 What is the appropriate balance among benefits, risks and resources?
 Are new risks introduced as a result of the identified risks being controlled?
 The amount of effort used for risk control should be proportional to the
significance of the risk:
Risk Control 28

02/02/2021
 Benefit-cost analysis:
 Involves weighing total expected costs against total expected benefit in order to choose
the most profitable option.
Risk Reduction 29

02/02/2021
 Risk = severity x probability (x detectability)
 Strategies:
 First focus on reducing harm to reduce harm
 Reducing the probability of occurrence by adding preventive controls (focusing on
causes)
 increasing the detectability of hazard(s) by adding detection controls (focusing on
controls)

Prevention vs Detection
Risk Reduction 30

02/02/2021
 Output are CAPA plans
 Verify whether the new controls are (or will be) effective
 Ensure proposed risk controls have been examined for new risks
Risk Acceptance 31

02/02/2021
 Risk acceptance is a formal process in which decision makers review the risks
associated with a specific activity and determine whether the risks are acceptable or
need to be reduced further.
 Review both residual risks and new risks resulted from the implementation of a
reduction strategy.
 It is widely acknowledged that risk is rarely completely eliminated.
 Risk acceptance levels are determined by an organization's policy on QRM, and
may be influenced by many factors (e.g., societal, regulatory, scientific) typically
unique to the organization and situation.
 Risk acceptance decisions affecting patient safety and product quality must be made
by appropriate decision makers and associated justification must be documented.
Risk Review 32

02/02/2021
 Risk management should be an ongoing part of the quality management process
 Triggers for initiating a risk review:
 Frequency as defined
 Deviations, non-conformities, complaints, observations,…
 Change control
 New knowledge or experience
 Regulation change
 …..
 The frequency of any review should be based upon the level of risk.
 Risk review might include reconsideration of risk acceptance decisions.
Risk Communication 33

02/02/2021
 Risk communication is the sharing of information about risk and risk management
between the decision makers and others.
 “Others” may be departments, senior management, personnel, authority, suppliers,
equipment manufacturers, patients…
 Parties can communicate at any stage of the risk management process
 Communicating Information:
 Initiating risk assessment: scope, team, roles, responsibility, planning….
 Risk Identification, Analysis, Evaluation, Reduction, Acceptance
 The output/result of the quality risk management process should be appropriately
communicated and documented
Basic risk management facilitation 34

methods

02/02/2021
 Flowcharts;
 Check Sheets;
 Process Mapping;
 Cause and Effect Diagrams (also called an Ishikawa diagram or fish bone
diagram)
Risk Assessment tools 35

02/02/2021
 Basic risk management facilitation methods (flowcharts, check sheets etc.)
 Failure Mode Effects Analysis (FMEA)
 Failure Mode, Effects and Criticality Analysis (FMECA)
 Fault Tree Analysis (FTA)
 Hazard Analysis and Critical Control Points (HACCP)
 Hazard Operability Analysis (HAZOP);
 Preliminary Hazard Analysis (PHA);
 Risk ranking and filtering;
 Supporting statistical tools.
Maturity Model 36

02/02/2021
 Realization of QRM is an evolutionary process. It requires a paradigm shift in
mindset, behaviors and in the way people work.

The earlier risks are identified, the more effective their management can be.
Reference 37

02/02/2021
 Quality Risk Management – Q9, International Conference on Harmonisation of Technical
Requirements for Registration of Pharmaceuticals for Human Use (ICH), www.ich.org.
 Pharmaceutical Quality System – Q10, International Conference on Harmonisation of
Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH),
www.ich.org.
 Technical Report No. 54: Implementation of Quality Risk Management For Pharmaceutical
and Biotechnology Manufacturing Operations, Parenteral Drug Association(PDA), First
Edition, 2012, www.pda.org.
 38

02/02/2021
THANK YOU