I think it is no secret that I inherently view Quality as a progressive endeavor, and do not see eye-to-eye with colleagues who are conservative. How anyone can take our anti-Taylorist endeavor and not get to stands like the importance of human rights and the need to center those whose rights are challenged – like women – is beyond me. How can we stand for autonomy and not fight for the autonomy of all.
The silence of quality organizations is deafening.
What I want to write about now is how the roll-back of Roe in Dobbs should be a real clarion call to the life science industry, which needs to stop funding conservative politicians because those politicians do not have our best interests at heart.
The fight over Mifepristone and Misoprostol has already begun. The religious conservatives will go after it, and this reactionary court will need to gut the FD&C and the rest of the regulatory regime behind drugs in this country to let that happen. This will be really bad. It will cause life science companies to pull research, clinical trials, and manufacturing from this country as we will no longer be the gold standard in the life sciences. We will be a joke.
The risk question established the purpose and scope – the context of the risk assessment. This step is critical since it sets the risk assessment’s direction, tone, and expectations. From this risk question stems the risk team; the degree, extent, or rigor of the assessment; the risk assessment methodologies; the risk criteria; and levels of acceptable risk.
The risk problem needs to be clear, concise, and well understood by all stakeholders. Every successful risk assessment needs a tightly defined beginning and end, so the assessment team can set good boundaries for the assessment with internal (resources, knowledge, culture, values, etc) and external (technology, legal, regulatory, economy, perceptions of external stakeholders, etc) parameters in mind.
To ensure the risk team focuses on the correct elements, the risk question should clearly explain what is expected. For example:
For a risk assessment of potential emergencies/disasters, should the assessment be limited to emergencies/disasters at facility sites or include events off-site? Should it include natural, manmade, or technological emergencies/disasters, or all of them?
If the hazards associated with the job of repairing a porch as to be assessed, would it just cover the actual porch repair, or would it include hazards like setting up the space, bringing materials on site, and the hazards associated with use/not-use of the porch?
If the risk assessment covers getting a new family dog does it include just those associated with the dog, or does it include changes to the schedule or even next year’s vacation?
Setting the scope too narrow on the risk question might prevent a hazard and the resulting risk from being identified and assessed or making it too broad could prevent the risk assessment from getting to the real purpose.
Risk questions can be broken down in a tree structure to more define scopes, which can help drive effective teams.
For example, if we are doing a risk assessment on changing the family’s diet, it might look like this:
The current draft of ICH Q9 places a lot of importance on the risk question, rightfully so. As a tool it helps focus and define the risk assessment, producing better results.
The Preliminary Hazard Analysis (PHA) is a risk tool that is used during initial design and development, thus the name “preliminary”, to identify systematic hazards that affect the intended function of the design to provide an opportunity to modify requirements that will help avoid issues in the design.
Like a fair amount of tools used in risk, the PHA was created by the US Army. ANSI/ASSP Z.590.3 “Prevention through Design, Guidelines for Addressing Occupational Hazards and Risks in Design and Redesign Processes” makes this one of the eight risk assessment tools everyone should know.
Taking the time to perform a PHA early on in the design will speed up the design process and avoid costly mistakes. Any identified hazards that cannot be avoided or eliminated are then controlled so that the risk is reduced to an acceptable level.
PHAs can also be used to examine existing systems, prioritize risk levels and select those systems requiring further study. The use of a single PHA may also be appropriate for simple, less compelx systems.
Like a Structured What-If, the Preliminary Hazard Analysis benefits from an established list of general categories:
by the source of risk: raw materials, environmental, equipment, usability and human factors, safety hazards, etc.
by consequence, aspects or dimensions of objectives or performance
Based on the established list, a preliminary hazard list is identified which lists the potential, significant hazards associated with a design. The purpose of the preliminary hazard list is to initially identify the most evident or worst-credible hazards that could occur in the system being designed. Such hazards may be inherent to the design or created by the interaction with other systems/environment/etc.
A team should be involved in collecting and reviewing.
B. Sequence of Events
Once the hazards are identified, the sequence of events that leads from each hazard to various hazardous situations is identified.
C. Hazardous Situation
For each sequence of events, we identify one or more hazardous situations.
D. Impact
For each hazardous situation, we identify one or more outcomes (or harms).
E. Severity and occurrence of the impact
Based on the identified outcomes/harms the severity is determined. An occurrence or probability is determined for each sequence of events that leads from the hazard to the hazardous situation to the outcome.
Based on severity and likelihood of occurrence a risk level is determined.
From hazard to a variety of harms
I tend to favor a 5×5 matrix for a PHA, though some use 3×3, and I’ve even seen 4×5.
Intended
outcomes
Likelihood of
Occurrence
Severity
Rating
Impact to failure
scale
1
Very unlikely
2
Likely
3
Possible
4
Likely
5
Very Likely
5
Complete
failure
5
10
15
20
25
4
Maximum tolerable
failure
4
8
12
16
20
3
Maximum
anticipated failure
3
6
9
12
15
2
Minimum
anticipated failure
2
4
6
8
10
1
Negligible
1
2
3
4
5
Very high risk: 15 or greater, High risk 9-14, Medium
risk 5-8, Low risk 1-4
F. Risk Control Measures
Based on the risk level risk controls and developed and applied. These risk controls will help the design team create new requirements that will drive the design.
On-going risks should be evaluated for the risk register.
Decentralizing decision-making helps make better and faster decisions while inspiring people to feel needed by the organization and to be empowered. It is a central aspect of democratic leadership and a core way to build a quality culture.
Decentralized decision-making requires psychological safety and a recognition that it just doesn’t happen. Like any behavior, it needs time needs to be spent to develop and nurture.
As a value, decentralized decision-making might look like this:
Value: Decentralized Decision-Making
Definition: Decisions are made by the people who do the work. Everyone is trained to make data-driven decisions by paying attention to the problem, task or numbers, not the person.
I push decision-making to the right people as appropriate.
To make this work, it is critical to teach decision-making. A popular method is RAPID, an acronym of 5 words that refer to the group of people involved in the steps of decision-making -Recommend, Agree, Perform, Input, Decision. This was a framework developed by Bain & Company as a systemized framework to design an action plan regarding a problem.
With the base of how a decision is made, the next step is to decide what sort of decisions exist in the organization, and how they get made. I recommend two axis:
The Scale of the Decision: What is the risk level of the decision
The Level of Process Controls: How well defined is the process around the area of the decision
Investigations of a Dog 