When my QA colleagues are afraid of small risks, I want to tell them it’s okay and that they have my support to make a decision that keeps things moving forward. Such conversations always make me think about how we think about the processes for controlling risk in our industry, commonly referred to as “Risk Analysis” and “Risk Management”.
For me, Risk Analysis is the inventory and characterization of what can go wrong. It ends with a big list of things that we should worry about, and therefore leaves the participants in an anxious and uncomfortable state. I strongly believe that avoidance of this anxiety is a main reason why many colleagues don’t engage readily in Risk Analysis processes.
Risk Management picks up where Risk Analysis leaves off. Risk Management selects the most significant risks and defines actions we can take to reduce or eliminate those risks. With a love of action and a pursuit of results, we then implement our plans to manage the risks. The problem here is that, for QA professionals at least, and many like-minded colleagues in other disciplines, we lose sight of the risks that might be acceptable.
Acceptable risks might be those that have little or no impact, or low probability. These items with low risk scores (RPN scores, in FMEA terms) are easy to deal with. These are not the risks I’m talking about.
The other acceptable risks are the risks of NOT acting, and these risks are becoming more prominent as we move into novel therapeutic areas with more pressing needs. These risks can look like:
- Risk of releasing a product to a patient when there is some quality concern for that batch/lot, especially when that patient is very sick and has a time-sensitive need for the product.
- Risk of continuing to operate while final risk management CAPAs are not yet implemented.
- Risk of unknown factors (absence of evidence is not evidence of absence).
- And many others!
To be fully effective, QA leaders need to be able to: (1) say “no” to unacceptable risks; (2) define and manage risk so that it is reduced to acceptable levels; and (3) move forward when risks are acceptable. This last part is where we really earn our wages… saying “no” is relatively easy. Saying “Yes, if we manage these risks, weigh the situation in full balance, and follow a defined path, then we can move forward” is more difficult.
But remember, if we want to be fully effective as professionals, the drug we manage must be both safe and effective. Effective means at the patient’s side, when it’s needed. QA has the opportunity and the obligation to guide that process, so safety is assured and effectiveness is maintained to the fullest extent possible. This means that in addition to Risk Analysis and Risk Management, we must also practice careful, wise, and informed Risk Acceptance.
Mark Roache, QxP VP of Cell and Gene Therapies, has spent his 30-plus year career in GXP. Mark was the Chief Quality Officer for AveXis (now Novartis Gene Therapies) at the time of Zolgensma launch. He was previously Senior VP of Quality for KBI (a CDMO with cell-therapy capabilities) and has held other senior Quality roles at Novartis, Merck and Bayer.
Click here to read Part 1 of Mark’s two-part blog series on “Experience is What You Get Just After You Needed It.”