Risk Ranking and Filtering and Its Role in Risk Management
H. Gregg Claycamp, Ph.D., CHP
Center for Veterinary Medicine
July 21, 2004
Risk is a Concept
Risk is intuitive and familiar to everyone, yet it can be sophisticated and elusive when organizations seek definitions of risk for specific risk management programs.
Risk assessment is not a single process, but a systematic approach to organizing and analysing scientific knowledge and information that supports a risk decision. NRC (1994)
Risk management is a systematic process for the identification, assessment, control and communication of risks to life, property, or other valued objects.
As a broad concept, risk inherently has many possible meanings depending on the individual or organization.
Any effort as complex in scope as the FDA’ s risk initiative necessarily defines risk at different contextual levels and can do so without departure from the mission to reduce, manage or control risk to public health.
Levels of Risk Management
Multiple Levels of Risk Management
As used here,
high-level refers to broadly-based, general and principle-driven approaches.
low-level refers to detailed, specific and discipline-driven approaches.
There is a hierarchy in processes and systems.
Risk Ranking and Filtering is a high-level approach (or process).
Sources of Risk from a Medical Product
Sources of Risk from a Medical Product
Dual Impact of Quality Systems
Risk Tools Supporting Quality Systems
Risk Tools for High-Level Prioritization Among Many Products
Risk Questions and Tools Change With the Level of Analysis
Low level: Risk questions focus on identifying and characterizing risks to drug quality for specific drug products or within a specific products classes.
Quantitative and qualitative tools available.
High level: Risk questions focus on how risks within different drug/product classes compare with each other.
Risk analysis tools are essentially customized for each application.
Low Level Modeling (Fault Tree Analysis)
Faults/Pathways Magnified N-fold for a Simple Manufacturing Process!
Why Use High-Level Systems Methods in Risk Management?
Low-level approaches are elegant and capture details, but may miss interactions and relevance across systems.
Complex quantitative models may convey a level of precision and understanding about the system that is unjustified.
Different levels of understanding and quantification may exist for each sub-component of the system. High-level methods seek optimal use of diverse kinds of information to inform risk decisions.
High-Level Models for Risk Management
Risk management of complex systems is
Complex systems exceed human capacity to capture everything in a simple model.
High-Level Risk Management Begins With Brainstorming (HHM)
A High-Level Approach
Drilling Down to Sources of Risk for Model Building
Systematically Developing the Low-Level Details
Sometimes, Only Qualitative Information is Available for a Specific Product or Process
High-Level Combinations of Severity and Probability
Risk Ranking & Filtering (e.g., Haimes, 1998)
Filtering: Policy Meets Risk Management
The Filtering in RRF
Once risks/hazards are ranked a filter may be used to reflect resources limitations and/or programmatic goals.
Filters are policy-derived. For example,
Selecting worst N (or X%) of risks across all organizational units; versus
Selecting worst M (or Y%) of risks for the entire organization.
Filters may have a risk, resource, or other bases, each possibly imparting differential effects on the final ranking of risks for mitigation.
Example: Next slide
Using RRF Results: Filtering
RRF in the Risk Analysis Cycle
Risk management and decision-making are all about [confronting probabilities] and where the balance between measurement and gut becomes the focal point of the whole story.
(P.L. Bernstein, 1996, Against the Gods:
The Remarkable Story of Risk p. 56)