Manufacturing Technology Committee Risk Management Working Group Risk Management Training Guides

Similar documents
Project Management Session 6.2. Project Initiation Phase Integration Management

American Society for Quality (ASQ) CERTIFIED HACCP AUDITOR (CHA) BODY OF KNOWLEDGE

WHO guidelines on quality risk management

ASA ANNUAL CONFERENCE 2014 WASHINGTON, DC THE 8D DISCIPLINE TO EFFECTIVE PROBLEM SOLVING

25 D.L. Martin Drive Mercersburg, PA (717)

TIPS PREPARING AN EVALUATION STATEMENT OF WORK ABOUT TIPS

DECISION SUPPORT FOR SOFTWARE PACKAGE SELECTION: A MULTICRITERIA METHODOLOGY

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

Prevent Quality System Deficiencies by Conducting Effective Internal Audits. Whitepaper

ISO 22000:2005 SYSTEMKARAN ADVISER & INFORMATION CENTER SYSTEM KARAN ADVISER & INFORMATION CENTER FOOD SAFETY MANAGEMENT SYSTEM ISO 22000:2005

ISO 22000:2005 Standard INTERNATIONAL STANDARDS REGISTRATIONS

Enabling Improvement through the Product Lifecycle: Change Management within a PQS

PRINCESS NOURA UNIVESRSITY. Project Management BUS 302. Reem Al-Qahtani

ADR International ADR s Online Supply Chain Academy (OSCA) elearning Courses

Correlation Matrix & Change Summary

INTRODUCTION TO ISO 14001

PMBOK Guide Fifth Edition Pre Release Version October 10, 2012

CGIAR System Management Board Audit and Risk Committee Terms of Reference

05/14/2008 VS

HSE Integrated Risk Management Policy. Part 3. Managing and Monitoring Risk Registers Guidance for Managers

Guidelines for the assessment of the appropriateness of small interlaboratory comparisons within the process of laboratory accreditation

Quality Manual Revision: C Effective: 03/01/10

Page 1 / 11. Version 0 June 2014

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Getting Started with Risk in ISO 9001:2015

Safety and Performance Grading of Quality Management System Nonconformities

AVNET Logistics & EM Americas. Quality Manual

BCP Methodology Benefits realisation

Managing Project Risk Through Success Criteria

Q10 PHARMACEUTICAL QUALITY SYSTEM

Business Management System Manual Conforms to ISO 9001:2015 Table of Contents

Content Break-up & Methodology for awarding Contact Hours / PDUs

14620 Henry Road Houston, Texas PH: FX: WEB: QUALITY MANUAL

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

REPORT 2016/033 INTERNAL AUDIT DIVISION

Module 1 Introduction. IIT, Bombay

Overview ASTATT5. Prepare and issue the air tightness test report. Prepare and issue the air tightness test report

ISO 9001:2015. Quality Management System. Manual

At the Heart of Rationalizing Application Portfolio

WORK PLAN AND IV&V METHODOLOGY Information Technology - Independent Verification and Validation RFP No IVV-B

Stanley Industries, Inc. ISO 9001:2008 Quality Policy Manual

ICH Quality Implementation Working Group POINTS TO CONSIDER

THE COMPLETE GUIDE TO FDA-REGULATED SUPPLIER QUALIFICATION & QUALITY MANAGEMENT

ISO 9001:2015. October 5 th, Brad Fischer.

Testkings PMP 705q. PMI PMP. Project Management Professional v5

Revision. Quality Manual. Multilayer Prototypes. Compliant to ISO / AS9100 Rev C

INTERNATIONAL STANDARD

Quality Management (PQM01) Chapter 04 - Quality Control

COMPUTERISED SYSTEMS

More than 2000 organizations use our ERM solution

Australian Government Auditing and Assurance Standards Board

Quality Risk Management

COMPARISON OF PROCESS HAZARD ANALYSIS (PHA) METHODS

AB. OUR ISO CONFORMANCE AUDIT QUESTIONNAIRES 8. ASSESS HOW WELL YOU CONFORM TO ISO S REMEDIAL REQUIREMENTS

Machined Integrations, LLC

Internal Audit Performance

O VERVIEW. This evaluation tool will help answer the questions:

The Risk Management + Design Controls Connection: What Device Makers Need to Know

Program Lifecycle Methodology Version 1.7

QuEST Forum. TL 9000 Quality Management System. Requirements Handbook


CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide

AS9003A QUALITY MANUAL

A Discussion About Internal Controls February 2016

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Work Plan and IV&V Methodology

Guidelines for Process Validation of Pharmaceutical Dosage Forms

The IPEC Risk Assessment Guide for Pharmaceutical Excipients. Part 1 Risk Assessment for Excipient Manufacturers

An Overview of the 2013 COSO Framework. August 2013

ISO 14001: 2015 Environmental Gap Analysis

HACCP audit checklist

CERTIFIED SUPPLIER QUALITY PROFESSIONAL

HSE Integrated Risk Management Policy. Part 1. Managing Risk in Everyday Practice Guidance for Managers

Energy Performance Score (EPS): A Path Forward 4/10/2012

1.0 BASIS OF ESTIMATE (BOE) HOW TO

The roadmap to EU-MDR Implementation

CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

Project Planning & Management. Lecture 11 Project Risk Management

Strategies for Risk Based Validation of Laboratory Systems

Test Management Test Planning - Test Plan is a document that is the point of reference based on which testing is carried out within the QA team.

Managing Strategic Initiatives for Effective Strategy Execution

BSA/AML Self-Assessment Tool. Overview and Instructions

Project & Environmental Review. Guidelines Air Emission Management Plan. July 2015

Document Number: QM001 Page 1 of 19. Rev Date: 10/16/2009 Rev Num: 1. Quality Manual. Quality Manual. Controlled Copy

Risk Based Internal Audit Plan

IATF transition. Only 1 year to go for over 69,000 ISO/TS16949 certified organizations to transition to ISO9001: 2015 and IATF 16949: 2016.

Sections of the Standard. Evidence / Comments. (Y) / Nonconforming (NC)

25 D.L. Martin Drive Mercersburg, PA (717)

Pl anning Meetings. The Risk Management Plan

THE COMPLETE GUIDE TO ISO14001

CORPORATE QUALITY MANUAL

Predictive Maintenance Strategy for Building Operations: A Better Approach

Theoretical Condition Indices

Implementation of Performance Coaching Using PPS/RBA

Process and Tools Overview for CSSE Nova Scotia Chapter. Fred Leafloor CHSC, CRSP, CRM February 16, 2012

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

QUALITY MANAGEMENT SYSTEM MANUAL ISO 9001:2008

GUIDEBOOK CODE OF CONDUCT MANAGEMENT SYSTEMS

Transcription:

Manufacturing Technology Committee Management Working Group Management Training Guides Ranking and Filtering 1 Overview Ranking and Filtering is one of the most common facilitation methods used for Management. This method is also known as Relative Ranking, Indexing, and Matrix and Filtering. Its intent is to provide sharper focus to the critical risks within a system typically, from a large and complex set of risk scenarios. Ranking and Filtering works by breaking down overall risk into risk components and evaluating those components and their individual contributions to overall risk. This document presents some guiding principles in the execution of Ranking and Filtering. Successful application of any risk management model requires that tools are used in concert with the quality risk management process. This guide will present the principles of Ranking and Filtering in the context of the accepted Quality Management process consisting of Assessment, Control, Review and Communication. 1.1 Usage Ranking and Filtering: Is most suited to compare and manage a portfolio of complex risks Is facilitated through careful breakdown of a risk into constituent risk scenarios with constituent components Requires agreed-upon sets of risk factors and evaluation criteria Provides a means to prioritize and filter individual risks by combining the evaluations of risk components against set criteria into a single risk score Advantages + Accepts a high degree of complexity + Flexible for any type of risk + Scaleable to include multiple risk factors + May be used with a variety of quantitative and qualitative evaluation criteria Definition: SYSTEM is the subject of a risk assessment and generally includes a process, product, activity, facility or logical system. Disadvantages - May require significant effort in establishing risk factors and evaluation criteria* - May require significant effort in breaking down risk into many components* - Results may be difficult to correlate directly with absolute risks * Level of effort may or may not be significant and depends on the complexity of the issue under study and the expertise of the persons involved; in some cases the analysis may be relatively easy to accomplish. 1.2 Quality Management Applications Ranking and Filtering is well-suited for a variety of applications, including: Prioritizing manufacturing sites for inspections / audits Filtering / prioritizing root causes to non-conformances or other systemic concerns Page 1 of 9

Training Guide: Ranking and Filtering Filtering / prioritizing portfolio risks (e.g., new products, technology transfers, engineering efforts, information system implementations). 2 Preliminary Tasks 2.1 Define Question and Scope of System The first step in any risk management effort is to define the overall risk question. Answering the risk question represents the ultimate goal of the risk assessment. Examples of risk questions include: How often should a manufacturing site be audited to assure GMP compliance? What root causes of non-conformances should we prioritize for remediation? What projects have the greatest probabilities of success? Tip: It is worth the 2.2 Define Scope of System effort to reduce scope as It is also important that scope be carefully defined. Each of early in the risk the examples above could gain clarity through definitions of assessment as possible to avoid needless work. boundaries (e.g., manufacturing sites in a given region, types of non-conformances, new product development projects). Teams may also further narrow scope through qualitative filtering. For example, the list of new product development projects may be narrowed by filtering out low return-on-investment projects. 3 Assessment 3.1 Define Head Topics and Subtopics Once the risk question has been posed, a team of cross-functional experts should define the head topics and subtopics that relate to the risk question. Head topics are broad groupings of risk factors that relate directly to the risk question. Subtopics are factors that directly impact risk associated with a head topic. Figure 1 below depicts these relationships. Page 2 of 9

Training Guide: Ranking and Filtering Figure 1 Sample Question, Head Topics and Subtopics Head topics and subtopics are the sources of risk that will be evaluated and scored. As such, it is very important that teams gain input and consensus from all stakeholders who own the risk. Typical sources for head topics and subtopics for many quality operations are established procedures, regulatory publications, existing activity plans or company measures of performance. In the example of manufacturing site audits, many regulatory and industry publications exist to define structures for audits of regulated organizations. These same structures may be used to develop head topics and subtopics. It is worth noting that, often, subtopics can be broken Tip: A good starting point for defining Head Topics and Subtopics is the 7 M s : Materials Manpower Methods Measures Machines Mother Nature Management down into progressively more detailed risk components. Using the example from Figure 1, Production may be broken own further into workcenters, workcenters may be broken down into unit operations and unit operations may be broken down into process steps. While these additional levels provide greater accuracy, they also generally will require greater effort. Teams must make trade-offs between detail and accuracy versus time and resources. The appropriate level of detail is a matter of judgment dependent on the expertise and / or quantity of resources available for risk management and the nature of the situation to which it is applied. One approach to gauge the appropriate level of detail is to compare the effort required to asses risk at a given level of detail with the resources required to manage and mitigate the risk. Depending on the severity of risk, the effort required to assess risk should be one to many orders of magnitude less than the effort required to manage and mitigate the risk. This rule-of-thumb may help teams decide on an educated Page 3 of 9

Training Guide: Ranking and Filtering estimate of the target amount of time required to assess a given component. The target amount of time should clearly dictate the level of detail. 3.2 Establish Evaluation Criteria Once the major components of overall risk have been categorized through head topics and subtopics, the evaluation criteria should be established. At a minimum, evaluation criteria should address the Probability and Severity of risk scenarios presented by the risk components. In effect, the evaluation criteria should bridge the gap between the risk components and the risk question by asking, How can we gauge the individual contribution of a component to the overall risk? As with all aspects of risk assessment, the level of detail of evaluation criteria must be balanced with the level of effort required to support evaluations. 3.2.1 Two-Criteria Evaluation The simplest evaluation model uses probability or likelihood of a harm and the severity or impact of that harm. This typically lends itself to subjective and qualitative evaluations that sacrifice detail for speed and simplicity. The two-criteria model lends itself to a classical Matrix. Figure 2 shows a Matrix with evaluation levels for probability and severity as they relate to potential GMP failures at a manufacturing site. Severity Probability High potential impact to product quality. Medium potential impact to product quality. Low potential impact to product quality. Low Medium High Medium Medium Low Figure 2 Example Two-Factor Matrix High Medium Low High High Medium 3.2.2 Multi-Factor Evaluation Depending on the level of detail and degree of objectivity required by the risk assessment, multiple factors may be employed to evaluate risks. Often, additional criteria are developed to clarify or justify overall probability or severity. Overall probability may include criteria that relate to the ability to detect a deviation or defect. The table below shows some clarifying criteria for the example of manufacturing site risk assessment. Page 4 of 9

Training Guide: Ranking and Filtering Probability Amount of time since Last Audit Occurrence of Nonconformances Ability to Detect Deviations / Defects Strength of Quality Controls / Support Adequacy of Staffing Levels Severity Potential for Patient Harm (Unit Dose) Manufacturing / Distribution Volume Type of Patient Population Potential for Employee Harm Other evaluation criteria may be added to capture needs from other stakeholders or to facilitate risk review. Examples include: Resources Required Costs Site Location 3.3 Assemble Scoring Models Legal s Schedule s Patient Perception After evaluation criteria have been identified, a scoring model may be developed to incorporate all criteria to yield a single risk score. In general, scoring models use multiplicative or additive means to calculate risk. Very often, criteria are weighted based on the importance of a criteria to the overall risk. Several examples of scoring schemes are presented below. 3.3.1 Matrix The Matrix presented in Figure 2 is a simple scoring model that requires no calculation. The matrix provides an excellent visual model that is easy to understand. This matrix is effective in models where only two criteria are involved. 3.3.2 + / - Scoring Scheme The + / - scoring scheme provides a numerical range centered on zero for various criteria. The ranges are standardized to reflect that values on one side of zero always represent higher risk and values on the opposite side of zero represent lower risk. Scores assigned to each criterion are added together to yield overall risk. The table below shows a sample scoring model using the + / - scoring scheme. Criteria Scoring Range Actual Score Potential for Patient Harm -10 to +10 +5 Level of Non-conformances -3 to +3-2 Ability to Detect Deviations -5 to +5 +3 Adequacy of Staffing Levels -3 to +3-1 TOTAL SCORE (Range: -21 to +21) +5 Page 5 of 9

Training Guide: Ranking and Filtering 3.3.3 Multi-Factor Multiplicative Scheme A multiplicative scheme provides numerical ranges for various criteria and multiplies or divides individual scores to obtain an overall risk score. The table below shows a sample scoring model using the multiplicative scheme. Criteria Scoring Range Actual Score Potential for Patient Harm 0 to 10 5 Level of Nonconformances 0 to 3 2 Ability to Detect Deviations 0 to 5 1 Adequacy of Staffing Levels 0 to 3 2 TOTAL SCORE (Range: 0 to 450) 20 3.3.4 Weighted Scheme The weighted scoring scheme assigns a weighting to each criteria and uses a consistent numerical range for each criteria. The individual weighted scores are either averaged or added. Weighting may be defined as a percentage or as a value in a range. The table below shows a sample scoring model using the weighted scheme. Criteria Actual Score Weight Weighted Score Potential for Patient Harm 5 60% 3 Level of Non-conformances 6 15% 0.9 Ability to Detect Deviations 2 25% 0.5 Adequacy of Staffing Levels 5 10% 0.5 TOTAL SCORE (1 to 10) 4.9 3.4 Score Components 3.4.1 Scoring Once a model or models have been agreed to by the team and, in concept, by risk owners, the process of scoring may commence. Often, a model will be piloted with a limited number of examples to validate the model and to facilitate review and buy-in from stakeholders. The extent to which the criteria reflect tracked data, the quicker and less subjective the scoring sessions will be. In cases where criteria are subjective in nature, team rules should be developed to standardize how consensus is reached. Tip: Providing clarifying detail to your scores will help facilitate scoring and ensure that the model incorporates concerns from all team members Page 6 of 9

Training Guide: Ranking and Filtering 3.4.2 Subtopic Filtering In some cases, a simple Matrix may be used to further narrow the focus of a study. For example, qualitative assessment of the subtopics in Figure 1 using a Matrix might yield results as shown in Figure 3. Severity Probability High potential impact to product quality. Medium potential impact to product quality. Low potential impact to product quality. Low Medium High Calibration Supplier Production Labeling Product Lab. Change Ctrl. Warehousing Maintenance - Release QC Lab. Validation Complaints Packaging Figure 3 Example Matrix used to Filter Subtopics The qualitative assessment shows that Warehousing and Maintenance are two subtopics that pose low risk. The team may be able to use this preliminary assessment to rationalize reduction in scope by eliminating those risk subtopics from the assessment. 3.4.3 Ranking Completed scores for all in-scope systems will yield a simple, numerical ranking. This allows ranking and filtering in a variety of ways. The table below provides some examples of the options to facilitate risk review through ranking. Ranking Category Systems under Study (Sites, Processes, Products, etc.) Head Topics Subtopics Evaluation Criteria Example Use Overall Scores to focus effort on high risk systems Cumulative scores for Head Topics to focus on Departments or Workcenters Scores for Subtopics across many systems to identify areas where competencies or controls are needed Scores for evaluation criteria across many systems to prioritize systemic concerns Page 7 of 9

Training Guide: Ranking and Filtering 4 Control 4.1 Filtering Filtering involves focusing the scope of risk management by selectively reducing risk control for low-risk systems and increasing risk control for high-risk systems. Effectively filtering systems requires a consensus definition of action thresholds. Using the example of auditing manufacturing sites, a simple set of action thresholds might look as follows. Overall Site Score Action Greater than 7 Audit performed annually 3 7, inclusive Audit performed once every two (2) years Less than 3 Internal Audit not needed Filtering can also result in reduced scope through elimination of low-risk criteria from risk control. Assessment of a portfolio of potential new products may be streamlined by eliminating products that are deemed to have higher risk than an established value. 4.2 Evaluate Alternatives 5 Review In addition to providing greater focus to high-risk areas, Ranking and Filtering can also provide a means to evaluate mitigation options. By identifying possible risk mitigation options and re-evaluating the results through the scoring model, teams can identify the mitigation options that will have the most beneficial impact to overall risk. 5.1 Re-score It is important to re-score systems as mitigation options are implemented and/or as factors change. It is also important to gather cross-system scores for subtopics and evaluation criteria to continuously assess whether or not the right criteria are being evaluated. 5.2 Operational Feedback On a long-term basis, operational feedback should confirm that the assessment and control steps are adequately addressing the risk question. If this is not the case, it may be necessary to review all assumptions. Feedback should correspond to ensuring that assumptions made about the level of residual risks are still valid. Residual risks are risks that are expected to remain after risk control strategies have been exercised. It is also important to note that new risks may arise from risk control practices. Sometimes risks that were not originally identified or may have been filtered out during the initial risk assessment can become aggravating factors due to the implementation of risk control measures. Page 8 of 9

Training Guide: Ranking and Filtering 6 Communication Ranking and Filtering is a powerful communication tool. The output of the tool should always be presented at a level of detail appropriate for the various stakeholders. This is important not just for presenting results, but also for obtaining early buy-in on the approach. In cases where the Ranking and Filtering approach is used as the basis for a GxP decision or some other regulated authorization, the approach should be documented in a Standard Operating Procedure. It may not be necessary to include detailed scoring steps or algorithms in the procedure, but they should be documented in a controlled report. Updates to the portfolio should also be controlled. Page 9 of 9

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback