top of page
Search

Risk Assessment 101

Updated: Jun 26

If you can define a robust risk assessment process, then you can build out your Risk-Based Quality Management approach to include this process. Combined with an established Quality by Design process, you are ready to deliver trials with maximum efficiency and success.


Why risks?

This might be easy for you to grasp, since the mindset of many clinical trialists is laser focused on "what might go wrong?". But it's more than that. It's also "how can we maximize our chances of success?". And so we end up with 2 types of risks:


  1. Risks of not delivering are critical and not to be ignored, but these only get us over the finish line, not across the finish line in the top 10%. Still, it is certainly critical to get the drug supplies out to sites!


  2. Risks of not achieving our desired outcome based on "what does success look like?" drives a mindset of setting the bar high, and defining objectives that support a high quality outcome. If our patient population is prone to low mobility we should design a protocol that allows for optional at-home visits (to ensure success of as many patients as possible) and then mitigate the related challenges!


In other words, ask yourself and your team what risks will get in the way of achieving the high bar of success that we are setting for ourselves?



Here is a general process for establishing risk assessment to support your clinical trials:



Step 1. Risk Brainstorming

It is important to define the "jumping off" steps so that study team members can focus and be thoughtful when it comes to defining study-related risks. After all, identifying risks is a learned skill that needs to be taught and encouraged. Here is one approach:


  • Create a risk database that is well organized and searchable so that team members can readily locate historical risks that are relevant to the study design. Walk through it as a team and "tag" or pull out all risks that might be applicable.


  • Develop probing questions related to common areas of risk that prompt the team to come up with a list. Some questions could include:

    • What unique traits of our patient population could hinder their success in completing the study?

    • What are unique and challenging aspects of our study design?

    • Does the study phase require higher rigor regarding data capture and cleaning (e.g. phase I)?

    • Is there anything related to our treatment or dosing that could pose a challenge to sites or participants?

    • Are any of our efficacy endpoints at risk of not being completed? Why?

    • Are there known safety concerns regarding this patient population?

    • Are there known safety concerns related to our treatment?


  • Encourage a "what could possibly go wrong?" mentality by asking study team members to be creative, whiteboarding their ideas. Flooding at a site? ...Maybe during the hurricane season in the Southern US.


  • Utilize risk statements that are easy to comprehend, which can later be formalized and operationalized by defining data-driven Key Risk Indicators. So basically start with the overarching statements, then figure out how to track and manage the details later in the process.

    • A risk statement could be "There is a high likelihood that this patient population will struggle with using wearables."

      • A related KRI could be "Below 75% of week-on-week adherence for the wearable, based on data transmissions and missing data points." (as defined later on as a KRI)

      • A KRI action could be "Central monitoring performs outreach to the site within 24 hours of adherence flag, instructing them to contact the participant and follow the troubleshooting guide." (also defined later on)



Step 2. Risk List

Compile a draft list based on the team's assessment as described in step 1 above. Then whittle it down so that you can focus on the most important risks. Here's how to assess:


  1. Relevance may be obvious or not. If brainstorming risks resulted in some ideas that only relate to other types of studies, phases or designs then "parking lot" those (and add them to your risk database, perhaps as unrealized concepts). If it's less clear, get team input and/or connect with a Subject Matter Expert (SME) to get expert input.


  2. Systemic controls may exist and all but eliminate a given risk. It is not worthwhile recording and tracking a risk if there is already a robust system or automation in place that ensures very low likelihood of that risk occurring. Worry about the risks that might occur.


  3. Historical knowledge may help illuminate the likely realization of a risk, although it's important to be careful applying use cases or scenarios that may not exactly fit the current one. Again, an SME can help with input.


  4. Likelihood or probability is one of the most important aspects of each risk; it might be relevant, and there may not be comprehensive controls in place, but even so the chance of that ECG machine failing is relatively low. Although this might at times require a "finger in the air" approach, get input from the cross-functional team in order to test out your assumptions. Think about historical studies -maybe a certain ECG vendor in a certain country is at a higher risk of failure. Once again talk to SMEs who would have direct experience with the risk.


  5. Impact is arguably the most important aspect of each risk. If the likely impact on quality, scope or timelines is low then you may want to leave it off the list. This is not to say that low impact risks should be fully ignored, however they can often be managed "as needed" if and when they do arise.



Step 3. Risk Management Plan

So you have your risk list. Now it's time to document. Your Risk Management Plan (RMP) should include the following elements, though they could live in other plans or documents as appropriate:


  • Risk log

    • Categories or domains: study design, patient population, site performance...

    • Risk statements as agreed with the study team.

    • Probability/likelihood percentage or score.

    • Assessment of impact e.g. timelines (extending), scope (direct and indirect) and quality (of efficacy, safety, study success).

    • Criticality, including relationship to Critical-to-Quality factors.

    • Monitoring and mitigation plan, which could reference other documents or plans.


  • Key Risk Indicators (KRIs)

  • Location

    • Where the document lives and how it can be accessed: a shared website, FTP site, attached to team meeting minutes...

    • The extended study team should always have access.


  • Updates

    • Who owns updates to the log.

    • Process for informing the risk log owner regarding changes, suggestions.


  • Review cycle

    • Initial review during internal and external kick-off meetings.

    • Periodic reviews based on study milestones or agreed intervals.


  • Communication and escalation

    • Stakeholders, contact information, timetables to alert.

    • Expectation where Quality Tolerance Limits have been met and Critical-to-Quality factors are at-risk or compromised.

    • Expectations where KRIs have exceeded timetables for action or have met escalation levels.



Step 4. Introduce Risk Assessment as part of your Risk-Based Quality Management Process


With a solid process around assessing and defining risks, ultimately resulting in a robust Risk Management Plan, you can then look to implement your RBQM approach.


Risk-Based Quality Management is the operational deployment of an active risk management process for your study. Therefore, assessing risks and defining the RMP become key steps within the RBQM process.



Summary

An effective risk assessment process relies on the following steps:



For each of these main steps there are relevant work instructions, templates and team engagement approaches that can provide effective implementation and ongoing support for your robust risk assessment strategy, both in clinical trials and within the organization at large.


コメント

bottom of page