laboratory risk assessment and risk management methodology

Core Science
Diagnostic Testing
Informatics
Laboratory Fundamentals
Packing and Shipping
Preparedness and Response
Workforce Development

Introduction to Laboratory Risk Management (LRM)

Description.

Introduction to Laboratory Risk Management (LRM) is the first in a series of courses focused on developing risk management strategies for laboratory settings. This basic level eLearning course provides details on applying risk management principles and briefly describes related practices to emphasize the importance of risk management in laboratory settings. Topics covered include risk management goals, terminology, processes, and associated activities.

This online course is designed for new or existing public health and clinical laboratory professionals who handle potentially hazardous materials.

Accessibility

Course content is closed captioned, where applicable, and optimized for a screen reader.

At the end of this course, learners should be able to:

Recognize the importance and benefits of risk management.
Define terms associated with risk management.
List the major processes in risk management and associated activities.
Identify the importance of ensuring dynamic continual improvement.

Continuing Education (CE)

The Centers for Disease Control and Prevention, Division of Laboratory Systems is approved as a provider of continuing education programs in the clinical laboratory sciences by the ASCLS P.A.C.E.® Program. This course is approved for 1.0 contact hour(s) of P.A.C.E.® credit.

P.A.C.E.® Course Number: 288-006-23

Fact sheets
Facts in pictures
Publications
Questions and answers
Tools and toolkits
Endometriosis
Excessive heat
Mental disorders
Polycystic ovary syndrome
All countries
Eastern Mediterranean
South-East Asia
Western Pacific
Data by country
Country presence
Country strengthening
Country cooperation strategies
News releases
Feature stories
Press conferences
Commentaries
Photo library
Afghanistan
Cholera
Coronavirus disease (COVID-19)
Greater Horn of Africa
Israel and occupied Palestinian territory
Disease Outbreak News
Situation reports
Weekly Epidemiological Record
Surveillance
Health emergency appeal
International Health Regulations
Independent Oversight and Advisory Committee
Classifications
Data collections
Global Health Observatory
Global Health Estimates
Mortality Database
Sustainable Development Goals
Health Inequality Monitor
Global Progress
World Health Statistics
Partnerships
Committees and advisory groups
Collaborating centres
Technical teams
Organizational structure
Initiatives
General Programme of Work
WHO Academy
Investment in WHO
WHO Foundation
External audit
Financial statements
Internal audit and investigations
Programme Budget
Results reports
Governing bodies
World Health Assembly
Executive Board
Member States Portal
Publications /

Laboratory biosafety manual, 4th edition: Risk Assessment

The WHO Laboratory Biosafety Manual (LBM) has been in broad use at all levels of clinical and public health laboratories, and other biomedical sectors globally, serving as a de facto global standard that presents best practices and sets trends in biosafety.

The LBM4 suite consists of one core document and 7 subject-specific monographs which were developed in order to accommodate diverse interests and requests for learning more specific details, supplementing the core document. Readers are encouraged to start with the core document and learn the subject explained in each monograph accordingly.

Composition of the manual: how to use LBM4

LBM4 core document
Risk assessment
Laboratory design and maintenance
Biological safety cabinets and other primary containment devices
Personal protective equipment
Decontamination and waste management
Biosafety programme management
Outbreak preparedness and resilience

The document is also available in Ukrainian and Vietnamese, please click the links below to download:

Anatomic Pathology
Clinical Chemistry
Digital Pathology
Flow Cytometry
Hematology & Serology
Immunoassay
Mass Spectrometry
Microbiology
Molecular Diagnostics
Point-of-Care
Urinalysis & Toxicology
Biochemicals & Chemical Reagents
Information Technology
Lab Automation
Lab Equipment
Labware & Consumables
Quality Systems
Allergy & Autoimmune
Cardiovascular
Cerebrovascular
Dementias & Alzheimer’s
Diabetes & Metabolic Diseases
Infectious Diseases
Kidney Disease
Respiratory Disease
Womens Health
Accreditation
Company News
Proficiency Testing
Resource Center
White Papers
Edition Archive

Select Page

Risk Assessment for Clinical Labs

Feb 9, 2015 | Compliance , Quality Systems |

Evaluating risk is the backbone of individualized quality control planning

By Rose Mary Casados, BSMT(ASCP)

In the delivery of quality patient care, laboratory medicine prides itself on performing extensive, effective, and documented quality control (QC), giving healthcare professionals confidence that test results obtained on patient specimens are consistently accurate and reliable. Diagnostic quality control has evolved as laboratory instrumentation and testing technologies have advanced.

The Clinical Laboratory Improvement Amendments of 1988 (CLIA) are the federal regulations that govern all US laboratory testing used for the “diagnosis, prevention, or treatment of any disease or impairment of the health of human beings.” 1 In 1992, when the initial amendments became effective, the minimum requirement for QC established for laboratory diagnostics was to perform two levels of control materials each day of patient testing. However, in 2003, when final CLIA regulations were published, a set of “Interpretive Guidelines for Laboratories” (Appendix C) allowed for an alternative to the performance of daily external quality control, so long as “equivalent quality testing” is conducted. 2

The Appendix C guidelines permitted the Centers for Medicare and Medicaid Services (CMS) to modify its interpretation of the CLIA regulations without making revisions to the actual law, effectively paving the way for new QC ideas, methodologies, and technologies to be considered. In turn, CMS implemented the policy of accepting laboratories’ equivalent quality control (EQC) procedures, which enabled laboratories to decrease their frequency of performing external controls once a successful standardized qualifying study had been performed and documented.

With continued focus on improving quality measures, CMS subsequently challenged the laboratory community to develop a new QC guideline by convening a meeting focusing on “QC for the Future.” In attendance were accrediting organizations (ie, COLA, the College of American Pathologists, and the Joint Commission), government agencies, and industry representatives. The result—a laboratory quality control guideline based on risk management—was used to develop a new alternative QC policy, called Individualized Quality Control Plan (IQCP), which is scheduled to replace EQC on January 1, 2016. It is anticipated that laboratories that formerly used EQC will implement IQCP.

Prior to discussing the elements of an IQCP, it is important to understand that IQCP is quality control based on risk management. By definition, “risk” is a measure of the severity of the impact of a potential error, multiplied by the probability of how likely it is that the error will occur and the ability to detect the error if it should occur. Correspondingly, “risk management” is the sequential process of risk identification, risk assessment, and risk mitigation. Simply stated, risk management includes:

Risk identification: identifying potential errors;
Risk assessment: evaluating errors to determine their impact on patient test results; and
Risk mitigation: controlling errors in such a way that residual risk is manageable.

This article will review the first two phases of this process—risk identification and risk assessment—with an understanding that subsequent to identifying the risk and assessing the severity of the risk, risk mitigation is the ultimate goal.

RISK IDENTIFICATION

Risk identification is the first and perhaps the most important step in the risk management process. Correctly identifying potential sources of error for a particular test reveals valuable information for developing an individualized quality control plan. Identifying the potential risks embedded in laboratory testing processes allows for the implementation of an overarching quality control plan that effectively mitigates errors not addressed by the test system’s internal checks and external quality control.

Medical decisions and effective treatment planning are dependent on laboratory results. Therefore, it is important to understand that in performing an effective risk assessment, “one size does not fit all!” Every diagnostic test carries varied risks and may require varied control measures. Accurate risk identification is essential when developing and implementing a comprehensive and effective individualized quality control plan.

There are several tools available to help laboratorians perform risk identification. The most effective tool will vary from laboratory to laboratory. Therefore, it is important that all options are considered, and that the most effective tool is selected that will positively impact the uniqueness of each laboratory. The following are examples:

Process mapping: A process map is a graphical representation of all the steps in a testing process. This tool is used to analyze a particular testing process by breaking it down into small steps from start to finish (see Figure 1).
Fishbone diagram: A fishbone diagram outlines the cause and effect of a testing process. It may be considered to be a graphical representation of all the major elements in a process. This diagram can help labs identify and organize potential errors in a test system (see Figure 2).
Risk identification table: A risk identification table is a simple table that lists all the errors identified in the different testing phases for a specific test (see Table 1).

Regardless of the tool selected, it is important to consider all phases of sample testing: the preanalytic, analytic, and postanalytic phases. The key objectives in implementing an effective risk management process and, hence, an IQCP, are identifying the potential errors in all phases of testing, and ensuring optimal mitigation by putting in place effective and documented processes.

Results obtained in performing the risk assessment will be used to develop an IQCP. This plan will serve to describe QC practices, resources, and procedures that will be used to monitor and ensure continued quality laboratory testing. As with all laboratory procedures, the laboratory director remains ultimately responsible for the proper development and implementation of each IQCP. The laboratory director is required to approve and sign each IQCP before it is implemented.

RISK ASSESSMENT

Although the goal for all healthcare professionals is to optimize the delivery of quality patient care, error rates are evident and distributed among the three phases of testing: preanalytic, analytic, and postanalytic.

For example, studies have shown that 46% to 68.2% of lab errors occur during the preanalytic phase. Such errors may include, but are not limited to, inappropriate test requests, order entry errors, misidentification of patients, utilization of improper containers, inadequate sample collection and transport procedures, inadequate sample/anticoagulant volume ratio, insufficient sample volume, sorting and routing errors, and labeling errors.

By contrast, roughly 7% to 13% of lab errors occur during the analytic phase. Such errors may include, but are not limited to, equipment malfunction, sample mix interference, undetected failure in quality control, and incorrect testing procedure.

And finally, 18.5% to 47% of errors occur in the postanalytic phase. Such errors may include, but are not limited to, failure in reporting, erroneous validation of analytical data, and improper data entry and reporting. 3

From these examples, one can conclude that greater emphasis has traditionally been placed on risk identification and risk mitigation for the analytic phase of testing versus the preanalytic and postanalytic phases. However, the high error rates apparent in the preanalytic and postanalytic phases demonstrate precisely the need for risk management in all phases of testing. Risk management is an all-inclusive quality management process that guides the laboratorian to evaluate potential risks in all phases of testing, which is the essence of IQCP.

When performing a risk management process and, hence, evaluating the entire testing process, it is important to consider the following key areas within the five components of the diagnostic process that affect the quality patient test results: environment, testing personnel, specimen, testing process, and reagents.

In doing so, how the test is performed, how often relevant errors or undesirable conditions occur, the potential impact of those errors, what control activities are in place to detect or prevent those errors, how the test is used by the physician, patient population, and volume of testing can all be considered in developing the risk assessment. The following sections offer some key examples of risk assessment considerations in each of the five areas.

Environment. Areas of importance that require focus include the following:

Where is testing performed, and what other activities occur nearby?
Are room temperature and humidity stable?
Are testing areas level, and draft- and vibration-free?
Does altitude affect the testing?
Have lighting, electricity, water quality, and other utilities been considered?

Testing Personnel. Individuals performing testing must be evaluated to ensure that their training and competency assessment records can be used to validate the qualifications of testing personnel to accurately perform testing. Key questions to be addressed in this area include the following:

Do testing personnel have laboratory medicine education and experience?
Have testing personnel been adequately trained to perform the test?
Have competency assessments been performed on testing personnel?

Although testing personnel may have been trained to perform specific types of testing, it cannot be assumed that all testing personnel maintain the superior level of performance they initially demonstrated. It is therefore essential that competency assessments be performed on a continuing basis.

Specimen. Ensuring the collection of the right specimen from the right patient is essential.

Review specimen collection, handling, and storage procedures.
Review all instructions that are provided to patients regarding preparation for the self-collection of specimens.

It is important to ensure that all specimens are handled and stored appropriately, and are suitable for testing.

Testing Process. It is important to gather information regarding the measuring system, the instrument, or other test device. Varied types of information can contribute to risk assessment in this area.

For commercialized instruments, tests, and test kits, a great deal of such information is supplied by the manufacturer through a package insert or operator’s manual.
A test system may have safeguards such as lockout functions and error codes that detect and prevent errors.
Laboratory historical data can be considered. Maintenance logs, QA and QC records, verification of performance specifications, and calibration verification records are a few examples of documentation to review.

In addition, an assessment of risk should consider the utilization of test results by the ordering physician when developing a treatment plan for the patient. Some test results represent only a portion of the information that contributes to clinical decisions. Others are used immediately, as the sole decision-making criterion. In the latter situation, an inaccurate result has a much greater potential to cause harm, making an understanding of the clinical use of test results an important element for determining the quality control measures a lab needs to perform.

Reagents. Test reagents can be compromised during shipment, handling, storage, and processing. In addition, consideration should be given to the quality and stability of reagents used directly as part of the QC process:

Calibrators

It is important that package inserts and storage records are gathered and reviewed to assess these potential risks.

Although risk management may appear menacing, laboratorians will soon realize that risk management simply encompasses management processes focused on the delivery of quality laboratory medicine, which have historically been performed on a daily basis. Having performed risk identification and risk assessment sequentially, laboratorians can move on to framing the ultimate outcome of the process—risk mitigation—which will result in the successful completion of an IQCP.

Developing a risk management process does not ensure the complete elimination of risk. However, implementing a thorough risk management process that includes detailed risk identification and assessment will contribute to the reduction of risk and result in the continued delivery of quality patient care.

Rose Mary Casados, BSMT(ASCP), is president of COLA Resources Inc (CRI), an educational and training subsidiary of laboratory accreditor COLA. CRI offers educational resources to help labs transition to the new IQCP environment, including the IQCP E-Optimizer , a software tool that provides laboratories with a guide on how to perform risk assessment and develop an IQCP; and the CRI Implementation Guide , an all-inclusive manual that assists laboratories in implementing an IQCP specific to their needs. For further information, contact CLP chief editor Steve Halasey via [email protected] .

1. Clinical Laboratory Improvement Amendments, Subpart A, Section 493.1 Basis and scope. Available at: http://www.gpo.gov/fdsys/pkg/CFR-2011-title42-vol5/pdf/CFR-2011-title42-vol5-part493.pdf . Accessed January 25, 2015.

2. Centers for Medicare and Medicaid Services. Clinical Laboratory Improvement Amendments, Interpretive Guidelines for Laboratories. Available at: http://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/Interpretive_Guidelines_for_Laboratories.html . Accessed January 25, 2015.

3. Hammerling JA. A review of medical errors in laboratory diagnostics and where we are today. LabMed . 2012;43(2):41–44. Available at: http://labmed.ascpjournals.org/content/43/2/41/T1.expansion.ht ; doi: 10.1309/lm6er9wjr1ihqauy. Accessed January 26, 2015.

Modern pipetting: four centuries in the making.

August 22, 2018

D-Dimer Calibrator Receives FDA Green Light

August 15, 2016

Sample Management and Data Solutions Partnership to Offer Expanded Biobanking Capabilities

March 1, 2019

Bio-Rad Advances InteliQ Quality Controls Product Line

February 1, 2021

Biological Risk Assessment: General Considerations for Laboratories

Introduction.

CDC ’s Divi sion of Laboratory Systems knows that incidents involving biological, chemical, physical, and radiological hazards can have a significant impact on the safety and health of those who work in laborator y settings. Risk management is a continuous process to identify , assess (evaluate) , control , and monitor risks . T he risk assessment components of th e overall risk management process are :

Illustration of the risk management process, a cycle that follows the steps listed on this page.

See ISO 35001 for the complete risk management process.

Step 1:

I dentify the hazards and risks.

Step 2:

E valuate the risk s.

Implement a risk mitigatio n plan, as needed.

E valuate effectiveness of controls.

Many laboratory activities have been linked to undesirable events, including laboratory-acquired infections. These can result from direct contact of the infectious agent with mucous membranes of the eyes, nose or mouth via sprays, splashes, or droplets; inhalation of infectious aerosols generated during activities such as mixing and centrifugation; or from percutaneous inoculation via sharps, needle sticks, or non-intact skin (e.g., scratches and cuts).

To minimize risks and provide a safe work environment, a risk assessment should be performed to evaluate what could go wrong by determining the likelihood that an undesirable incident (e.g., injury, exposure) may occur and the consequences (e.g., infection or disease) if that undesirable incident were to occur.

Formal risk assessments should be performed before work begins, and repeated when any change is introduced into the activity (e.g., changes in practices, personnel, instrumentation, or facilities). Informal risk assessments, which include short discussions among staff about current risks and mitigations, should occur much more frequently, ideally daily.

A team should perform risk assessments to ensure various perspectives are considered and to reduce bias. This team could be comprised of senior leadership, clinical laboratory scientists, safety professionals, facility engineers, and others familiar with the site-specific and activity-specific laboratory and testing activities.

How is it conducted?

In general, risk assessments can be broken down into Steps 1-2 in the figure above. The risk assessment should include considerations about the hazards (e.g., biological agent), the specific processes and procedures, existing control measures, the facility and testing environment, and the competency of the testing personnel.

In this section, learn how to answer these questions:

What, where, and how is the work occurring?
Who is involved in the work?
What can go wrong?

For a specific activity or procedure, identify the hazards in each step or task that must be completed. Ask what, where, and how the work is occurring and who is doing the work. Then, determine what could go wrong in every step of the activity or procedure and the result of the undesirable incident (e.g., injury, exposure, infection, disease). One method of accomplishing this is to perform a job hazard analysis. Examples are depicted below.

Diagram of hazards and related risks, such as sharps that could be needle sticks and potential infection from exposure.

How likely is a risk and how severe is it?
Is the risk acceptable or unacceptable?

a. Characterize the risks

There are various and multiple risks involved in performing laboratory testing. The risk assessment should evaluate each risk against a standard set of criteria so that the assessed risks can be compared against each other. The criteria should focus on both the likelihood of the undesirable incidents occurring and the consequences if those undesirable incidents were to occur.

Diagram of pre-incident likelihood of risk and post-incident consequences associated with the risk.

Source: Sandia National Laboratories Biosafety and Biosecurity Risk Assessment Technical Guidance Document 2014.

Likelihood and Consequences of Risk

The likelihood component of risk includes factors that affect whether or not the incident happens and occurs before the actual incident occurs; the consequences of risk considers factors that affect the severity of an incident after it has occurred.

It is important to define what is being evaluated because some factors can affect the likelihood and consequence s . For example, the availability of appropriate personal protective equipment ( PPE ) can reduce the likelihood of exposure, but wearing the appropriate PPE correctly can also reduce the consequences if an exposure occurs.

Likelihood of Risk

S o me f actors to consider tha t can affect the likelihood of an undesirable incident ( such as exposure to a biological agent in this example) include :

Biological agent factors
Stability in the environment ( e.g. , ability to produce spores , resistance to disinfectants )
Potential routes of transmission (direct mucosal contact, inhal a tion , ingestion , injection)
Endemic ity of biological agent in the local environment and population ( e.g. , endemic or exotic) and host range
Life stage/form of the biological agent (e.g., dimorphic fungi , antigenic shift )
Communicability
Laboratory /testing environment factors
Physical infra structure and e xisting controls : the type of facility , presence of engineering /safety controls , type of equipment used , function/ reliability of ventilation systems
Procedural : existence of administrative controls such as policies and training ; availability of appropriate PPE ; generation of aerosols and use of sharps ; amplification of the biological agent by culturing , and the types and complexity of procedures being conducted
Human factors
Competency of personnel, level of training
Behavioral aspects
S tress , risk perception , risk tolerance
Following safe work practices

To evaluate the consequences after an undesirable incident occurs , assess the characteristics of the hazard(s) or biological agents , the health and immune status of the laboratory /testing personnel, and the availability of vaccines, prophylaxis, or therapies.

Consequences of Risk

S ome f actors to consider that can affect the consequence s of an undesirable incident ( such as infection in this example) include:

Biological agent factors
Virulence factors : adhe sion, invasiveness , toxigenesis , production of exoenzymes, antigenic variation, resistance to antibiotics , tissue tropism, multiple replication sites within – host, ability to elicit autoantibodies against host )
High communicability
S everity of infection/disease (morbidity/mortality rate)
Infectious dose
Administrative controls
A vailability of vaccines, prophylaxis, therapeutic interventions, and emergency response procedures
Host factors
Health and immune status of staff: immunocompetent or immunocompromised, pregnancy , pre-existing medical conditions, allergies, age, l arge susceptible population
Behavioral aspects
Willingness to accept vaccines
Adherence to safe work practices and proper use of PPE

b. Prioritize the risks and determine if risks are acceptable

It is important to acknowledge that risks can be reduced, but generally cannot be completely eliminated unless the work is discontinued entirely (e.g., elimination) or modified to incorporate less harmful activities such as using surrogates (e.g., substitution ) .

Th e risk assessment team should use the results to determine which risks are relatively higher or lower than other risks. Based on the risk assessment, the institution /testing site should determine which risks are acceptable (work can proceed with the existing controls ) , and which risks are unacceptable ( work cannot proceed until additional mitigation controls are implemented to reduce the risk to an acceptable level) .

For risks that are determined unacceptable by the institution , a mitigation control plan should be implemented .

The effectiveness of implementing additional controls (e.g., engineering controls, administrative and work practice controls , and use of PPE) should be reviewed and evaluated .

For more information on mitigation and evaluation of the performance of controls, see Biosafety in Microbiological and Biomedical Laboratories (BMBL) (6 th E dition) .

Biosafety in Microbiological and Biomedical Laboratories (BMBL) (6 th E dition)
APHL Risk Assessment Best Practices and Examples.pdf
APHL-Template.pdf
Guidelines for Safe Work Practices in Human and Animal Medical Diagnostic Laboratories, MMWR 61(01)
Public Health Agency of Canada Pathogen Safety Data S heets
ABSA International Risk Group Database
WHO Laboratory Biosafety Manual, 4 th Edition
ISO 35001 Laboratory biorisk management system for laboratories and other related organizations
CWA 15793 Laboratory biorisk management
CLIA Standards:
Clinical Laboratory Improvement Amendments (42 USC 263a)
Standards and Certification: Laboratory Requirements (42 CFR 493)
Clinical and Laboratory Standards Institute (CLSI)
M29-A4 Protection of Laboratory Workers From Occupationally Acquired Infections-4 th Edition
GP17-A3 Clinical Laboratory Safety-3 rd Edition
EP23 Laboratory Quality Control Based on Risk Management, 1 st Edition
OSHA Job Hazard Analysis
OSHA Mitigation Plan

For more information about this Division of Laboratory Systems biorisk assessment resource, contact us at [email protected]

To receive email updates about this page, enter your email address:

Lab safety : Risk assessment

Risk assessment - start here.

Risk assessment - more resources

<< Previous: Assess and minimize risks
Next: Personal protective equipment >>
New and noteworthy
Safety culture
Safety videos
Hazardous substances
Reactive substances
Nanomaterials
Biosafety & biosecurity
Radiation safety
Reproductive hazards
Risk assessment
Personal protective equipment
Handling and storing chemicals
Waste management
Electrical safety
Laser safety
Lessons learned
Search strategies
Last Updated: Jul 26, 2024 2:07 PM
URL: https://guides.library.stanford.edu/lab-safety

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Ann Saudi Med
v.31(3); May-Jun 2011

Laboratory Quality Control Based on Risk Management

James h. nichols.

From the Tufts University School of Medicine, Springfield, MA, USA

Risk management is the systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling and monitoring risk (the effect of uncertainty on objectives). Clinical laboratories conduct a number of activities that could be considered risk management including verification of performance of new tests, troubleshooting instrument problems and responding to physician complaints. Development of a quality control plan for a laboratory test requires a process map of the testing process with consideration for weak steps in the preanalytic, analytic and postanalytic phases of testing where there is an increased probability of errors. Control processes that either prevent or improve the detection of errors can be implemented at these weak points in the testing process to enhance the overall quality of the test result. This manuscript is based on a presentation at the 2nd International Symposium on Point of Care Testing held at King Faisal Specialist Hospital in Riyadh, Saudi Arabia on October 12-13, 2010. Risk management principles will be reviewed and progress towards adopting a new Clinical and Laboratory Standards Institute Guideline for developing laboratory quality control plans based on risk management will be discussed.

Introduction to Risk and Risk Management

Risk is defined in ISO31000 as the effect of uncertainty on objectives, whether positive or negative. 1 For healthcare, risk is generally understood to mean the chance of suffering or encountering harm or loss. 2 So, risk is essentially the potential for harm to occur to a patient or the possibility of an error that can lead to patient harm. Risk can be estimated through a combination of the probability of harm and the severity of that harm. 3 There are two methods to reduce the risk of harm to a patient:

prevent the error from occurring which averts harm to the patient, or
detect the error before it can harm the patient.

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. 4 , 5 Risk management is essentially the systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling and monitoring risk. 6

The terms risk and risk management may seem unfamiliar in the clinical laboratory, but technical staff and laboratory directors conduct a number of activities that could be considered risk management in the day-to-day operations of a laboratory. The performance of new tests is evaluated before use in patient care, control sample failures are investigated for instrument and reagent problems, and management responds to physician complaints. When incorrect results are reported, the staff must determine and correct the cause, and report the correct results. If patients were treated based on incorrect results, management must estimate the harm that occurred to the patient and take steps to prevent similar incidents in the future. So, risk management is not a new concept, just a formal description of activities that laboratories are already doing as part of their quality assurance program to prevent errors and reduce harm to a patient.

Sources of Laboratory Error

Understanding weaknesses in the testing process is a first step to developing a quality control plan based on risk management. Laboratories should create a process map that outlines all the steps of the testing process from physician order to reporting the result. A process map basically follows the path of the sample from the patient through transportation, receipt and analysis in the lab to reporting of result. This process map should include preanalytic, analytic, and postanalytic processes required to generate a test result that can be acted on by a clinician.

Weak steps in the testing processes are those that have a higher probability of generating an error. These can be identified through prior experience with similar instrumentation or from information collected from the manufacturer and other users about the test and method, how the test will be utilized in diagnosing or managing the patient, the laboratory environment and staff who will perform the test, and local regulatory and accreditation requirements that mandate control over specific aspects of the testing process ( Figure 1 ). This information will be utilized to develop a quality control plan specific to the device, the laboratory, and the health-care setting that reduces the risk of harm to the patient, and meets regulatory requirements for quality of testing by the laboratory. To identify weaknesses in the testing process that could lead to error, laboratories need to acknowledge that all medical devices can fail when subjected to the right conditions (environment, operator or device sources of error). Realizing those conditions that may cause device failure and taking steps to protect a testing device from exposure to those conditions is the foundation of a quality control plan.

An external file that holds a picture, illustration, etc.
Object name is ASM-31-223-g001.jpg

Process to develop and continually improve a quality control plan. (Obtained with permission from CLSI. Laboratory Quality Control Based on Risk Management; Proposed Guideline. CLSI document EP23-P. Wayne, PA: Clinical and Laboratory Standards Institute; 2010.)

Most errors occur in the preanalytic or postanalytic phases of testing, outside of the laboratory and beyond the supervision of laboratory staff. 7 Preanalytic concerns should include the physician order (is there an order and was it transcribed correctly), was the patient prepared for the test (if fasting or withholding medication is required), was the appropriate preservative used to collect the specimen, was the specimen collected at the expected time, and was the specimen promptly transported to the laboratory, (protected from freezing or heating)? Reagents, controls, calibrators and other testing supplies must be shipped to the laboratory where they may be exposed to conditions (heating and freezing) that could compromise test results. Postanalytical processes should consider how the test was reported and communicated to the ordering physician since manual transcription is prone to more errors than automated reporting systems using computer interfaces. But computers are also not foolproof, and instrument interfaces have been known to occasionally report incorrect results to the wrong patients or associate results with the wrong test due to glitches in the interface communication. Verbal communication also has the potential to be misunderstood and communication of critical, life-threatening values can be mixed-up unless the results are written down and confirmed by read-back to the caller. The prevalence of errors in the preanlytic and postanalytic phases does not mean that the laboratory and analytic phase is free of errors. Failure to verify instrument performance prior to patient testing, incorrect maintenance, wrong calibrator setpoints, use of expired reagents, aliquotting errors, flawed calculations and dilution factors can all be sources of analytic error that occur within the laboratory.

There are, thus, many sources of error to consider throughout the testing process. Of primary consideration is the impact of the environment, the operator, and the analysis on the quality of test results. Temperature can freeze or overheat sensitive reagents and compromise results, but so can humidity, light and even altitude. Operators can inadvertently misidentify a patient and associate the labeling of the sample with the wrong patient. So the optimum laboratory control processes will be worthless if the specimen is mislabeled with another patient's identification. Testing by clinical personnel at the point of care is more prone to errors than analyses conducted by experienced laboratory professionals with training in error recognition and prevention. Analyzers can fail despite proper operation if incorrect calibrator factors are programmed or samples are incorrectly applied, aliquoted or diluted. So, considerations for common sources of environmental, operator and analyzer error should be considered when developing a quality control plan.

Control Samples

Weak steps in the testing process are sites for control processes to either prevent errors before they happen or detect errors before they can harm the patient. Historical quality control arose from the industrial setting where factories analyzed samples of a product to ensure that the product met specifications and the production line was operating as expected. In the laboratory, a control sample of known analyte concentration, sometimes called a “quality control” sample or “QC” sample, is analyzed like a patient sample. If the instrument produces a result within an acceptable tolerance of the target concentration, then the measurement system is assumed to be stable and operating as expected. The final result from measurement system is the sum of all factors affecting the result including the instrument, reagent, operator and environment.

Control samples have a number of advantages and disadvantages. A control sample is a sample with known concentration that consists of a matrix similar to a patient sample, like plasma, serum or urine. Unfortunately, not all analytes are stable in a biological matrix, like glucose in whole blood or blood gases. So, preservatives and other stabilizers must be added to control samples to ensure the analyte recovery and test results are stable over time. The additives that stabilize control samples can change the manner in which some instrumentation interacts with the specimen, such that control samples behave differently than patient samples in the same test. This non-commutability of control samples prevents their use as accuracy based materials in determining bias between instruments of different makes and manufacturers, unless the sample is certified commutable and accuracy-based. However, stabilized control samples do offer a target range for analytes specific to make and model of measurment system that allow their use in determining ongoing stability of laboratory instrumentation. Control samples can be analyzed each day of testing (or more frequently for high volume testing) and if the test recovers the expected target results, then the laboratory staff know that the system is stable and patient results are acceptable.

Unfortunately, when control samples fail to recover expected results, something has failed in the testing process and the laboratory must troubleshoot the source of failure and correct it before patient testing can resume. Troubleshooting will work if testing occurs in batches of specimens where results can be held until control results (analyzed with each batch of specimens) are examined and compared to expected target concentrations. If the control results are acceptable, then the patient results can be released. This type of batch analysis can work for low volume patient testing where test results may not be needed on an immediate basis by the physician. With high volume automation and stat testing, patient results are continuously released using autoverification rules based on periodic analysis of control samples interspersed with patient specimens. Should a control sample fail to recover expected results, the laboratory must stop patient testing, correct the problem, then reanalyze patient specimens back to when the system was reporting acceptable results. Repeat testing can be expensive for both labor and reagent costs. Once the problem is found and corrected, some results may need to be corrected, and this can lead to physicians questioning the quality of the laboratory.

Control samples, however, are a good means of detecting systematic errors, but perform poorly in detecting random errors. Systematic errors are those that affect every test in a constant and predictable manner. Many instruments utilize bottles of liquid reagent to perform hundreds of tests. These reagents may stay on an instrument for a number of hours to days, so analysis of control samples periodically or with each day of testing confirms that the reagent is still viable. Analysis of control samples does a good job at detecting errors that affect control samples the same as patient samples, like reagent deterioration, errors in reagent preparation, improper storage, incorrect operator technique, and wrong pipette or calibration settings. However, if a single patient sample should have a clot or drug that interferes with the reagent, the analysis of control samples will not be impacted and cannot detect the error. Such random errors affect individual samples in an unpredictable fashion, like clots, bubbles and interfering drugs and substances. Analysis of control samples does a poor job at detecting random errors.

Optimally, the laboratory needs control processes that function more than periodically. The laboratory needs to get to fully automated analyzers that prevent errors upfront and provide assured quality with every specimen.

Other Control Processes

Newer instrumentation has a variety of control processes built-in the device. There are analyzers with electronic controls and system checks performed automatically to detect electronic operation as well as reagent function. Blood gas analyzers, like the Instrumentation Laboratories GEM and Radiometer's ABL80, detect baseline sensor signals before and after each specimen. If each sensor does not display a characteristic signal, the flow cells may be blocked by a clot or bubble, and the system can initiate corrective action flushing, back-flushing the flow cell until the sensors return to expected operation. If not, the analyzer can shut down individual sensors or the entire sensor array until manual staff intervention. These processes occur with each sample to detect certain types of errors, specimen clots and bubbles that may block specific sensors specimen flow path. Other types of control processes may be engineered by the manufacturer into each test card or strip of unit-use testing devices, like the positive/negative control area on stool guaiac cards, and the control line on pregnancy, rapid strep and drug tests. These built-in controls test the viability of the reagents on the test (storage and expiration), adequate sample application, absence of interfering substances (clots, viscous urines, and drug adulterants), as well as timing and appropriate visual interpretation of test results by the operator with each test. Still other types of control processes may include barcoding of reagents to prevent use past the expiration date, device lockouts that prevent operation if control samples have not been analyzed or fail to recover expected target concentration, security codes to prevent inadvertent changes to instrument settings, and disposable pipette tips to prevent sample carryover. There are thus a variety of control processes available on different models of laboratory instrumentation, and each process is intended to reduce the risk of specific types of errors.

No single control process can therefore cover all devices and types of errors. Laboratory devices differ in design, technology, function and intended use. Some devices have internal checks which are performed automatically with every specimen, while the possibility of other errors is reduced through engineering by the manufacturer into the device. For example, the barcoding of expiration date and lot number on each bottle of reagent prevents use of reagents past their stamped expiration date and the requirement of entering lot number into the instrument reduces the possibility of using a lot number whose performance has not been previously verified. Barcoding of expiration date and lot number, however, does not verify the stability of reagents once they are opened on the instrument. Periodic analysis of control samples may better determine open bottle stability. So, the historical analysis of control samples has provided labs with some degree of assurance and analysis of control samples over the past several decades and will continue to plan an important role in future quality assurance in combination with the built-in controls and on-board chemical and biological control processes found in newer devices.

Developing a quality plan surrounding a laboratory device requires a partnership between the manufacturer and the laboratory. 8 Information about the function of instrument control processes is needed from the manufacturer to increase the user's understanding of overall device quality assurance requirements and so informed decisions can be made regarding which control processes are suitable for certain errors in the laboratory setting. 8 Some sources of error may be detected automatically by the device and prevented, while others may require the laboratory to do something, like analyze control samples periodically and on receipt of reagent shipments, or perform specific maintenance. Clear communication of potential sources of error and delineation of laboratory and manufacturer roles for how to detect and prevent errors is needed in order to develop a quality control plan.

Developing a Quality Control Plan

The Clinical and Laboratory Standards Institute (CLSI) is developing a guideline; Laboratory Quality Control Based on Risk Management. This guideline, EP23, describes good laboratory practice for developing a quality control plan based on manufacturer's risk mitigation information, applicable regulatory and accreditation requirements, and the individual healthcare and laboratory setting. Information collected about the instrument from the manufacturer, peer literature and other users of the product is combined with information about the individual healthcare and laboratory setting, and the unique regulatory and accreditation requirements and processed through a risk assessment to develop a laboratory specific quality control plan ( Figure 1 ). This plan is an optimized balance of control sample analysis combined with manufacturer engineered control processes in the instrument and laboratory implemented control processes to minimize risk of error and harm to a patient when using the instrument for laboratory testing. Once implemented, the QC plan is monitored for continued errors and physician complaints. When trends are apparent, the source of errors is investigated and this new information is processed through a new risk assessment to determine if changes to the QC plan are needed to maintain risk to a clinically acceptable level. This is the corrective action and continual improvement cycle ( Figure 1 ).

A risk assessment starts with identification of a potential risk or error (called hazard identification). Once identified, the probability and severity of harm are estimated. Take, for example, the risk of an untrained operator using a point-of-care testing device. The hazard is “operation by an untrained operator”. The probability of harm can be estimated as frequent=once per week, probable=once per month, or remote=once per year or greater. The severity of harm if the device is run by an untrained operator is unknown, but could be serious=injury or impairment requiring medical intervention, rather than negligible=inconvenience/discomfort or minor=temporary injury or impairment not requiring medical treatment. The risk can be estimated by combining probability of harm with severity of harm in a simple 3×3 matrix to evaluate the clinical acceptability of the risk ( Table 1 ). More detailed 4×4, 5×5, or even 10×10 matrices can be developed to estimate risk, but these necessarily require more granular determinations of the exact probability and severity of harm to the patient. In risk management literature, the ability to detect an error, detectability, is also factored into the estimate, but for simplicity, detectability can be assumed to be zero or worse case scenario. Thus, risk in our simple example will depend only on prevention of the error or severity of harm if an error occurs.

Risk Acceptability Matrix

An external file that holds a picture, illustration, etc.
Object name is ASM-31-223-g002.jpg

In our example, the risk of an untrained operator using the device will depend on the setting. In a central laboratory where the test is performed by medical technologists, all who are well supervised and experienced, the probability of this hazard is remote. However, in a point-of-care setting where operation is by a variety of clinical staff, possibly in a shared department location where there is little supervision, anyone can walk up to the device and attempt to run a test. In this setting the risk of an untrained operator performing testing is much greater (probable to frequent probability of harm). In both settings, if an error occurs from operation by an untrained operator, the harm could be serious to the patient (depending on the test and how the test is used in medical management). Combining the probability and severity of harm, we can estimate the risk in a laboratory setting to be clinically acceptable, but in the point-of-care setting risk is unacceptable and additional control measures will be needed to reduce the risk ( Table 1 ).

Now, consider an instrument that has operator lockout features where the operator must enter their identification before the instrument will unlock and allow testing. If only operator identifications on a list of trained operators can unlock the instrument, the probability of harm may be reduced to probable or even remote, and thus the risk of using such a device with operator lockout features is now clinically acceptable. This example demonstrates how a manufacturer engineered process, like operator lockout, can reduce the risk of certain errors to improve the quality of test results.

This risk assessment process is repeated for each risk or potential for error identified through weak steps in the process map. If the risk of error from manufacturer recommended and engineered control processes is not clinically acceptable, then additional control processes must be implemented by the laboratory to reduce the risk to a clinically acceptable level. The sum of all risks identified and control processes to mitigate those risks (manufacturer provided and laboratory implemented) becomes the laboratory's QC plan specific to this device and laboratory setting. This plan is then checked against regulatory/accreditation requirements to ensure conformance with recommendations and signed by the laboratory director as the QC plan for that instrument. A single QC plan may cover multiple tests on the same instrument or refer to multiple instruments of the same make/model within an institution depending on the clinical application of the specific test results and availability of manufacturer control processes on the device.

Once implemented, the QC plan is monitored for continuous improvement. Physician complaints, instrument failures, or increasing error trends warrant investigation, corrective action and a new risk assessment. The laboratory should ask if the cause of the error is a new risk/hazard not previously considered, or greater probability of error or severity of harm than estimated in the initial risk assessment. This new information can now be factored into the risk analysis to determine if current control processes are adequate to reduce risk to a clinically acceptable level or if additional control processes are required. In this manner, the laboratory's QC plan defines a strategy for continuous improvement and sets benchmarks for monitoring the effectiveness of the QC plan through the frequency of complaints, instrument failures and trends in error rates. The CLSI EP23 document describing how to develop laboratory QC plans based on risk management is currently in the committee voting stages towards publication as an approved guideline.

Risk management is an industrial process for managing the potential for error, and although the terminology may be unfamiliar, the clinical laboratory performs a variety of risk management activities in day-to-day operation. The CLSI EP23 guideline simply formalizes the process. Newer laboratory instrumentation and point-of-care testing devices incorporate a number of control processes, some that rely on traditional analysis of control samples, and others engineered into the device to check, monitor or otherwise control specific aspects of the instrument operation. Risk management is not a means to reduce or eliminate the frequency of analyzing control samples, since laboratories must minimally meet manufacturer recommendations and accreditation agency regulations. Rather risk management helps laboratories find the optimal balance between traditional quality control (the analysis of control samples) and other control processes such that each risk in operating the instrument is rationalized with a control process to reduce that risk. The sum of all control processes represents the laboratory's QC plan, a plan that is scientifically supported by the risk assessment process. Once implemented the effectiveness of the QC plan is monitored through trends in error rates, and when issues are noted, corrective action is taken, risk is reassessed, and the plan is modified as needed to maintain risk to a clinically acceptable level. In this manner, risk management promotes continuous quality improvement. CLSI EP23 thus translates the industrial principles of risk management for practical use in the clinical laboratory, and will be a useful in support of the laboratory's overall quality management systems.

Using a Quality Management System and Risk-based Approach in Observational Studies to Obtain Robust Real-World Evidence

Published: 03 September 2024

Cite this article

laboratory risk assessment and risk management methodology

Reo Tanoshima 1 , 2 ,
Naoko Inagaki 1 , 3 ,
Manabu Nitta 1 , 4 ,
Soichiro Sue 1 , 3 ,
Sayuri Shimizu 2 ,
Tatsuya Haze 1 , 5 ,
Kotaro Senuki 1 ,
Chihiro Sano 1 ,
Hajime Takase 1 , 6 ,
Makoto Kaneko 2 ,
Akito Nozaki 1 , 7 ,
Kozo Okada 1 , 8 ,
Kohei Ohyama 9 ,
Atsushi Kawaguchi 1 , 10 , 11 , 12 ,
Yusuke Kobayashi 1 ,
Hideki Oi 13 ,
Shin Maeda 3 ,
Yuichiro Yano 14 , 15 ,
Yuji Kumagai 16 &
Etsuko Miyagi 1 , 17

The results of observational studies using real-world data, known as real-world evidence, have gradually started to be used in drug development and decision-making by policymakers. A good quality management system—a comprehensive system of process, data, and documentation to ensure quality—is important in obtaining real-world evidence. A risk-based approach is a common quality management system used in interventional studies. We used a quality management system and risk-based approach in an observational study on a designated intractable disease. Our multidisciplinary team assessed the risks of the real-world data study comprehensively and systematically. When using real-world data and evidence to support regulatory decisions, both the quality of the database and the validity of the outcome are important. We followed the seven steps of the risk-based approach for both database selection and research planning. We scored the risk of two candidate databases and chose the Japanese National Database of designated intractable diseases for this study. We also conducted a quantitative assessment of risks associated with research planning. After prioritizing the risks, we revised the research plan and outcomes to reflect the risk-based approach. We concluded that implementing a risk-based approach is feasible for an observational study using real-world data. Evaluating both database selection and research planning is important. A risk-based approach can be essential to obtain robust real-world evidence.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save.

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

Advancing a Framework for Regulatory Use of Real-World Evidence: When Real Is Reliable

Development and Evaluation of the Algorithm CErtaInty Tool (ACE-IT) to Assess Electronic Medical Record and Claims-based Algorithms’ Fit for Purpose for Safety Outcomes

Strategies to address current challenges in real-world evidence generation in japan, data availability.

The data that support the findings of this study are available from the corresponding author upon reasonable request. The provision of some data may be restricted because the study we are supporting is still ongoing.

Nichol AD, Bailey M, Cooper DJ, et al. Challenging issues in randomised controlled trials. Injury. 2010;41(Suppl 1):S20–3.

Article PubMed Google Scholar

Kostis JB, Dobrzynski JM. Limitations of randomized clinical trials. Am J Cardiol. 2020;129:109–15.

Zhu R, Vora B, Menon S, et al. Clinical pharmacology applications of real-world data and real-world evidence in drug development and approval–an industry perspective. Clin Pharmacol Ther. 2023;114(4):751–67.

Minichmayr IK, Smith DM, Giacomini KM, et al. Trends in clinical pharmacology and therapeutics. Clin Pharmacol Ther. 2023;114:11–4.

European Medicines Agency. ICH E6 (R2) Good clinical practice– Scientific guideline. https://www.ema.europa.eu/en/ich-e6-r2-good-clinical-practice-scientific-guideline#current-version--section

U.S. Food & Drug Administration. Real-world evidence. https://www.fda.gov/science-research/science-and-research-special-topics/real-world-evidence

Campbell UB, Honig N, Gatto NM. SURF: a screening tool (for sponsors) to evaluate whether using real-world data to support an effectiveness claim in an FDA application has regulatory feasibility. Clin Pharmacol Ther. 2023;114(5):981–93.

Gatto NM, Campbell UB, Rubinstein E, et al. The structured process to identify fit-for-purpose data: a data feasibility assessment framework. Clin Pharmacol Ther. 2022;111:122–34.

Berger ML, Crown WH, Li JZ et al. ATRAcTR (authentic transparent relevant Accurate Track-Record): a screening tool to assess the potential for real-world data sources to support creation of credible real-world evidence for regulatory decision-making. Health Serv Outcomes Res Method. (2023).

Wang SV, Pottegård A, Crown W, et al. HARmonized Protocol Template to enhance reproducibility of hypothesis evaluating real-world evidence studies on treatment effects: a good practices report of a joint ISPE/ISPOR task force. Pharmacoepidemiol Drug Saf. 2023;32:44–55.

Japan Agency for Medical Research and Development. https://www.amed.go.jp/program/list/16/01/013.html (last accessed Aug 27, 2024)

Download references

Acknowledgements

We thank Melissa Leffler, MBA, from Edanz (https://jp.edanz.com/ac) for editing a draft of this manuscript.

This work is supported by the Japan Agency for Medical Research and Development (JP22yk0126017 and JP23yk0126027) [ 11 ]. Figs. 1 , 3 , 4 , 5 , 6 were translated and amended from the report to the funder [ 11 ]. We thank Melissa Leffler, MBA, from Edanz ( https://jp.edanz.com/ac ) for editing a draft of this manuscript.

Author information

Authors and affiliations.

YCU Center for Novel and Exploratory Clinical Trials, Yokohama City University Hospital, 1-1- 1 Fukuura, Yokohama, Kanagawa, Japan

Reo Tanoshima, Naoko Inagaki, Manabu Nitta, Soichiro Sue, Tatsuya Haze, Kotaro Senuki, Chihiro Sano, Hajime Takase, Akito Nozaki, Kozo Okada, Atsushi Kawaguchi, Yusuke Kobayashi & Etsuko Miyagi

Department of Health Data Science, Graduate School of Data Science, Yokohama City University, Yokohama, Japan

Reo Tanoshima, Sayuri Shimizu & Makoto Kaneko

Department of Gastroenterology, Yokohama City University Graduate School of Medicine, Yokohama, Japan

Naoko Inagaki, Soichiro Sue & Shin Maeda

Department of Cardiology, Yokohama City University Graduate School of Medicine, Yokohama, Japan

Manabu Nitta

Department of Medical Science and Cardiorenal Medicine, Yokohama City University Graduate School of Medicine, Yokohama, Japan

Tatsuya Haze

Department of Neurosurgery, Graduate School of Medicine, Yokohama City University, Yokohama, Japan

Hajime Takase

Gastroenterological Center, Yokohama City University Medical Center, Yokohama, Japan

Akito Nozaki

Division of Cardiology, Yokohama City University Medical Center, Yokohama, Japan

Medical Care Bureau, Yokohama City, Yokohama, Japan

Kohei Ohyama

Department of Pediatrics, St. Marianna University, Kawasaki, Japan

Atsushi Kawaguchi

Department of Anesthesia, Yokohama City University, Yokohama, Japan

CHU Sainte Justine Research Centre, University of Montreal, Montreal, Canada

Department of Clinical Data Science, Clinical Research and Education Promotion Division, National Center of Neurology and Psychiatry, Tokyo, Japan

NCD Epidemiology Research Center (NERC), Shiga University of Medical Science, Shiga, Japan

Yuichiro Yano

Department of General Medicine, Juntendo University Faculty of Medicine, Tokyo, Japan

Kitasato Clinical Research Center, School of Medicine, Kitasato University, Sagamihara, Japan

Yuji Kumagai

Department of Obstetrics and Gynecology, Yokohama City University Hospital, Yokohama, Japan

Etsuko Miyagi

You can also search for this author in PubMed Google Scholar

Contributions

RT, NI, KS, and CS, designed the research. RT, NI, MN, S Sue, S Shimizu, TH, KS, CS, HT, MK, AN, K Okada, K Ohyama, AK, YK, HO, SM, YY, YK, EM participated in the discussion. RT wrote the initial manuscript. All authors read and confirmed the final version of the manuscript.

Corresponding author

Correspondence to Reo Tanoshima .

Ethics declarations

Conflict of interest.

The authors have no competing interests regarding this work.

This project does not require ethical approval because it did not include any human participants.

Electronic Supplementary Material

Below is the link to the electronic supplementary material.

Supplementary Material 1

Rights and permissions.

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Tanoshima, R., Inagaki, N., Nitta, M. et al. Using a Quality Management System and Risk-based Approach in Observational Studies to Obtain Robust Real-World Evidence. Ther Innov Regul Sci (2024). https://doi.org/10.1007/s43441-024-00695-6

Download citation

Received : 14 May 2024

Accepted : 23 August 2024

Published : 03 September 2024

DOI : https://doi.org/10.1007/s43441-024-00695-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quality management systems
Risk-based approach
Observational studies
Real-world data
Real-world evidence
Find a journal
Publish with us
Track your research

ERM Resource Center
Full Resource Center Archive
ERM Fundamentals
ERM Leadership and Governance
ERM and Strategy
Risk Identification and Assessment
Risk Appetite and Response
Risk Monitoring and Communications
ERM Frameworks and Best Practices
ERM Expert Insights
Emerging Risks
ERM Roundtable Summit
Training and Events
Advanced ERM
ERM in Higher Ed
ERM in Non-Profits
ERM Fellows
ERM Custom Training
Master of Management, Risk & Analytics
Master of Accounting, ERM Concentration
ERM Initiative Team
ERM Advisory Board
Contact ERM

Strategic Value of Risk Management

To what extent are risk management practices providing insights for strategic advantage?

To generate higher performance returns, organizations must be willing to take risks. That suggests insights about risks should be important when designing and executing strategies.

In the The State of Risk Oversight Report , which we publish annually in collaboration with AICPA, we ask business executives about the extent to which their organization’s risk management processes are providing strategic advantage—with a particular interest in the extent to which risk considerations are factored into important strategic decisions.

2024 Insights from Data

Less than half (only 46 percent) of organizations substantially consider risk exposures when evaluating new strategic initiatives.
Just about a third (33 percent) of organizations consider risk exposures when making capital allocation decisions.

Discussion Items for Management and Board Consideration

The table below suggests 5 questions that risk leaders can use to prompt conversations with executives and boards about how to better leverage risk management processes as a strategic tool to provide a unique competitive advantage.

1.	To what extent is the output of our risk management process an important input to strategic planning?
2.	What is the level of interaction and engagement between our risk management leaders and those making important strategic decisions? Are all the right people included in our strategic planning process?
3.	How clear is the mapping of our enterprise’s top risks to our key business drivers and strategic initiatives? Which drivers or initiatives are most exposed to key risks? What risk might impact multiple strategic objectives?
4.	What could be done to improve our strategic planning process to more formally embed risk considerations into our strategic planning and decision-making?
5.	When budget allocation decisions are made across the organization, to what extent are differences in risk conditions informing our resourcing decisions?

Related Tools

We’ve created three downloadable tools to help risk leaders integrate risk considerations into your organization’s planning processes.

Click on the resource name to view a detailed page where you can download the tool or template.

Board Risk Oversight
Risk Assessment
Risk Committees
Strategic Risk
Tools and Templates

More From Enterprise Risk Management Initiative

Erm tool: using strategic risk analysis to identify potential risks to strategic initiatives, erm tool: embedding risk considerations in strategic planning and budgeting, maturity of risk management practices.

Home / Resources / ISACA Journal / Issues / 2024 / Volume 5 / Managing the Practical Risk Assessment

Is audit in practice: managing the practical risk assessment.

Jane smiled as she signed the contract—it had been a long time coming. Data availability and data integrity for her organization’s advocacy work had always been an issue. Available public information was controlled by the entities her organization was trying to monitor. Detail was lacking, timeliness was nonexistent. Now their watchdog group would change all that by developing their own data analytics tool for fact-based evidence that could be acted upon. Not that Jane was ready to toast the occasion yet. Although the new contract for a vendor-developed custom data tool would bring the organization from conversation to action, she knew the project posed risk to the tiny advocacy group. Did they have the know-how to pull this off, even with a savvy software vendor? What if the budget projections were off and more capital was needed? And, what if, after all the data collection, the results were inconclusive, or the data integrity was suspect? How would they even know how to detect errors? Jane knew they had taken a huge leap and a risk that everyone was ready to accept, but did they all understand what that risk really was? She thought of the old saying, “be careful what you wish for.”

ISACA ® professionals know that all risk is not the same. Industry dynamics, enterprise culture, and department risk tolerance all impact what an organization is willing to do. But risk is more than a willingness to take something on. Risk needs to be reviewed and scored based on the organization’s objectives, while fact checking the objectives against market trends, regulatory requirements, and more. So how can a risk professional help someone like Jane?

Practically Speaking, Culture Matters

Successful risk management is all about operational acceptance and feasibility. Industry culture plays a significant role in determining risk priorities, and having a structured risk assessment approach is crucial, regardless of industry or organization size. That said, the structure must be tailored to suit the audience. Oftentimes, the leadership teams inadvertently make risk decisions without careful deliberation on benefits and consequences. To an IT professional familiar with the rigor of methodical development, business continuity, and other technology disciplines, it seems inconceivable that planning based on prioritized value and need might be overlooked, but it often is. The standard portfolio of risk categories must be outlined and assigned ratings of importance, including these categories:

Financial risk —Does the project have a clear business case outlining the required expense/capital with projected benefits? If so, that business case can be used to determine what activities may pose too great a financial risk to be considered. If not, a business evaluation is needed to manage general project cost, funds for potential rework, or issues against the expected value to the organization.
Market risk —What is the risk of losing market share by either completing or not completing the project? This risk challenges teams as they consider financial risk, since one must often spend money to get or keep a competitive edge. Understanding the competitive landscape and how actions will positively or negatively impact market share must be evaluated as risk, including financial risk, is identified.
Reputational/client risk —How will the project impact the existing client base and potential new clients? A technology organization may be expected to take a risk and innovate, reducing the potential negative impact from clients. An insurance company may have a very different investor base, one which expects a conservative approach, thereby requiring a higher risk rating for cutting edge projects.
Regulatory/compliance risk —Industries falling under regulatory scrutiny such as banking or healthcare must prioritize regulatory requirements with a high risk score. What might seem like a great idea from a market share perspective may be tempered by what is permissible within the confines of the law or even industry best practices.
Security/privacy risk —A critical risk for many organizations across industries, this risk still varies in priority based on information used to perform the work. Privacy does not become a major concern if all information used is publicly available, for example.
Operational risk —Operational risk includes all the risk factors inherent in getting the work done: employee absence, volunteers who don’t show up, machines that break down, systems that fail, and unforeseen conditions such as weather or utility emergencies. Operational risk must be defined and prioritized to determine appropriate budget allocations for resources to adequately cover the risk while balancing the need to spend wisely across many organizational objectives.

It seems like a lot of work to research and discuss up front, which is why many organizations do a less than thorough job of building a risk framework. Business ideas are raised, teams get excited, and risk isn’t reviewed. Yet doing nothing to assess risk is the biggest risk of all.

It seems like a lot of work to research and discuss up front, which is why many organizations do a less than thorough job of building a risk framework.

Overcoming barriers to successful risk management.

ISACA professionals can help organizations overcome the major barriers to risk profiling by providing and executing a risk framework that’s feasible and practical for each organization. A feasible framework is one that the organization can execute because it has the tools and resources to perform the risk evaluation. A practical framework is one that provides enough value to the organization to merit using resources and tools versus using them on something else. Using resources, whether budget or manpower that is best used elsewhere, only devalues the benefit of the risk assessment. It is an extra step, but understanding what else is going on, what money can be spent, and what the organization’s expectations are will help right-size the risk framework used. The example of Jane’s advocacy group shows what must be considered by the ISACA professional to ensure that the risk assessment itself is valued and prioritized. Taking the following steps for Jane’s not-for-profit can help:

The risk consultant must know the client and their industry well. Knowledge, whether researched, acquired through interviews, or based on experience is the starting point before all other considerations.
Collaboration is crucial. The enterprise, IT, and any vendors involved must review and assess the risk together. In some cases, legal and regulatory will participate to avoid missing any required guidelines. For a more structured evaluation of who should participate, using a responsible, accountable, consulted, and informed (RACI) grid can help ensure that all aspects are covered.
Adequate time must be spent to evaluate all risk factors. Making time, with all the necessary stakeholders present, is a big request to make of any organization. Everyone is busy, but when a decision is needed regarding what risk is the right one to take, all opinions add value and save on potential rework.
Evaluating risk must be a repeat event. Successful risk management occurs when people involved plan to participate more than once. A standard risk review cadence, whether annually, twice a year, or more must be established based on how fast the business or customer base is changing. Looking back at the prior risk ratings to see how close they were to reality also makes the risk review a practical, valuable undertaking.

End Results

Jane did end up hiring a risk professional after signing the data analytics contract. Practically speaking, she knew this was a huge opportunity for her organization to become a trusted advisor to the communities impacted by the big business Jane’s organization monitored. Success required a solid financial assessment, especially for add-on features and functionality they might want. Data integrity was paramount, so a thorough review of security and operational risk were also key priorities for project success. All information used was public, and her organization was a small advocacy group, but the organization they monitored was regulated and Jane wasn’t sure how to tackle compliance risk. It made sense to bring in a knowledgeable professional to not only educate the team and vendor on risk management, but also to help operationalize a risk plan, with appropriate controls and auditing. The result was that risk was prioritized adequately from the start and corrective action was taken in a timely manner for the high priority areas. It was worth the risk of taking on a risk consultant.

CINDY BAXTER | CISA, ITIL FOUNDATION

Is Conservation Manager for Friends of Belle Isle Marsh. She works with environmental organizations, the community, and with developers to promote compliance for a green and resilient environment for the only remaining salt marsh in the city of Boston, Massachusetts. Her work also involves collaboration with municipal and state officials to move legislation forward with the innovation that green technology provides. Baxter is pleased that technology has allowed her to reinvent her career and continue learning at every step. She had the privilege of learning technology and managing Fortune 100 client relationships at AT&T. Baxter then applied her expertise as an IT operations director at Johnson & Johnson before moving to compliance and risk management roles at AIG and State Street Corporation. Baxter continues to accept select consulting assignments through her business What’s the Risk LLC, focusing on environmental risk management, inspection, and compliance enforcement. Baxter is pleased to serve as Operations Officer on the ISACA New England Chapter and is a board member on the Nantucket Lightship LV-112 Museum.

Effective risk assessment: Key steps and best practices

What is a risk assessment, essential steps for conducting a risk assessment, best practices for risk assessments, common risk assessment mistakes to avoid, create risk assessment checklists with workflow automation software.

Risk assessment lies at the heart of a safe and efficient workplace. From fire hazards to vulnerabilities in network security and machine malfunctions, risks are present in every industry–and they can disrupt operations, harm people, and cost money if not identified and managed.

If you’ve landed here, you’re likely searching for ways to tackle these potential hazards in your organization. A thorough risk assessment can reveal these dangers, allowing you to take action before they become expensive problems.

When managers conduct risk assessments regularly, they can pinpoint various risks and implement safety measures to address them promptly. This ensures the well-being of everyone involved, enhances productivity, and maintains compliance with safety regulations. Taking this proactive approach is not just beneficial—it’s essential for the success of any organization.

Dive into our guide below to learn all about how to conduct risk assessments , including essential steps and resources.

Risk assessments are essential for ensuring occupational health and safety in a company. They help prevent accidents and occupational diseases .

In any risk assessment, you would ask yourself if there’s anything in the environment, whether it’s an object, situation, or task, that could pose a danger to the health and wellbeing of workers or anyone else involved. If so, what exactly are the hazards , and how severe are the risks?

Employers are required to perform risk assessments as per various laws, ordinances, and regulations , including the Occupational Safety and Health Act , the Ordinance on Industrial Safety and Health , and the Ordinance on Hazardous Substances . Since different companies face different conditions, these rules don’t define exactly how these procedures should look.

However, a risk assessment must always be complete and factually accurate. It involves conducting standardized inspections, assessing the severity and likelihood of incidents , and implementing control measures to reduce risks. After the assessment, businesses create a risk matrix to evaluate the likelihood of and assign risk ratings to hazards.

A thorough risk assessment allows you to trace risks back to their source and address the root causes of issues. It’s important to note that risk assessments differ from Job Safety Analyses (JSA), and sometimes both are necessary for comprehensive safety management.

Based on the Federal Institute for Occupational Safety and Health (BAuA), a risk assessment features these essential steps. We’ve added some practical tips for each:

1. Define work areas and activities

First, you need to get a clear picture of your workplace. Start by creating a detailed map of your workplace and marking all different areas like offices, production lines, storage spaces, and maintenance zones.

Next, list out the specific activities that occur in each area. For example, in a manufacturing plant, the production line might involve tasks like assembly, quality control, and packaging, while the storage area might involve loading, unloading, and inventory management. By breaking down the activities, you can understand the potential risks associated with each area.

This process allows you to see the big picture and identify zones that might need extra attention because of the tasks performed there.

2. Assess hazards

The next step is to evaluate the severity and likelihood of each hazard that you’ve found. This means looking at how serious the potential harm could be and how likely it is to happen.

Start by asking questions like, “ What are the potential negative outcomes ?” and “What is the extent of the possible harm?” If you’ve identified a slippery floor as a hazard, consider the worst-case scenario—someone could slip, fall, and get injured.

Next, think about how likely each hazard is to occur. This involves looking at past incidents, near-misses, and any existing safety measures. If that slippery floor is in a high-traffic area and has caused falls before, the likelihood is pretty high. On the other hand, if it’s in a rarely used storage room, the risk might be lower.

Combining the severity and likelihood gives you a clearer picture of which hazards need immediate attention and which ones can be monitored over time.

3. Prioritize the hazards with a risk assessment matrix

Once you’ve evaluated each hazard, rank them to determine which ones are the most critical. This way, you can focus right away on the issues that could have the greatest impact, then work your way through the list of hazards.

To prioritize risks, you can use tools like risk matrices or risk scoring systems.

A risk matrix is a common tool that plots the severity of harm against the likelihood of occurrence. It’s essentially a grid where one axis represents the severity of the hazard (ranging from minor to catastrophic) and the other axis represents the likelihood of the hazard occurring (ranging from rare to almost certain).

You can then categorize levels such as low, medium, high, or critical. A high-severity hazard with a high likelihood of occurrence would be considered a critical risk and should be addressed immediately.

Another option is a risk scoring system , where you assign a severity rating and a likelihood rating for each hazard. You’ll then multiply these to produce a risk score so you can rank the hazards. If a hazard has a severity score of 5 (on a scale of 1 to 5) and a likelihood score of 4, the risk score would be 20. A higher score means it’s a higher priority risk that needs immediate action.

4. Determine and execute corrective measures

Now that you’ve prioritized the risks, it’s time to figure out how to tackle them. The goal here is to either reduce the severity and likelihood of the risks or eliminate them altogether.

Start by brainstorming practical solutions for each high-priority hazard. Here are a few examples:

If you’ve identified poor lighting as a risk in a warehouse, you might install brighter lights, adding more light fixtures, or even organize a regular maintenance schedule to make sure all lights are functioning properly.
For chemical exposure risks, make sure all hazardous substances are properly labeled and protected, provide personal protective equipment (PPE) like gloves and masks, and conduct regular training sessions on safe handling procedures.
For cybersecurity threats, implement robust firewalls, update your software regularly, and conduct employee training on recognizing phishing attempts and other cyber threats.

It’s also a good idea to involve your team in this process. Employees often have valuable insights and practical suggestions based on their daily experiences. They might point out simple fixes that you hadn’t considered or highlight areas that need more attention.

Once you’ve identified the corrective measures, document them clearly and assign responsibilities for their implementation. Everyone involved should know their responsibilities and understand the steps they need to take. Set deadlines and follow up to ensure that the actions are carried out effectively.

5. Verify effectiveness and update hazard assessments

After implementing corrective measures, you should check if the actions taken are actually reducing or eliminating the identified risks . Conduct follow-up inspections and get feedback from employees to see if the changes have made a noticeable difference. If you provided new safety training, assess whether employees are applying what they’ve learned in their daily tasks.

Regularly reviewing and updating your risk assessments is equally important. The work environment and activities can change over time, introducing new hazards or altering existing ones. Schedule periodic reviews of your risk assessments so they remain current and relevant. You might revisit areas where changes have occurred, such as new equipment installations.

There are many steps involved in a risk assessment, and following the best practices below will make it much more effective. Your risk assessments will be smoother if you:

Notify employees before conducting an inspection of the workplace . Give a brief overview of what the inspection will involve and why it’s important. This helps them understand the process and encourages their cooperation.
Inspect the workplace and identify potential hazards. During the inspection, use a checklist so you cover all areas and activities. Pay attention to both obvious risks and subtle ones that might not be immediately obvious.
Determine whether accidents have already occurred. Review incident reports or any other records of past accidents . Talk to employees who were involved in these incidents to get a clearer idea of what happened and how to prevent similar events.
Develop a plan to preserve a safe work environment that supports needed corrective actions. This includes specific steps to address each identified hazard, timelines for implementation, and assigned tasks. You can involve employees in the planning process to get their buy-in and insights.

Risk assessments are prone to certain errors. Inspectors and businesses frequently make three mistakes when assessing risks and hazards:

Not repeating the process. A hazard assessment should not be a single inspection; instead, they should be regular and based off the results of previous inspections. Hazard analyses and continuous improvement need to be organizational habits to ensure sustainable health and safety.
Not involving outside contractors. When working with outside companies, third parties are also responsible for employee safety. Make sure your business partners perform risk assessments as well.
Not involving enough inspectors. Risk assessment inspections should be done by several safety officers , to ensure they are as thorough as possible.

In order to keep track of hazards, risks, control measures, and corrective actions properly, you’ll need a good record-keeping system. Documenting your findings helps you improve and is necessary to meet legal obligations.

Instead of writing pen-and-paper risk assessment checklists, save yourself time and increase the utility of your inspections with workflow automation software like Lumiform. By digitizing inspection checklists so they can be used again and again, and creating your own custom checklists to reflect the unique risks present in your company, you’ll work more efficiently and have an easier time developing improvements.

Lumiform’s workflow automation platform:

Lets you convert any existing safety inspections into digital forms easily, or use one of the many premade risk assessment templates to start making your workplace safer
Lets you track everything that happens on site and monitor the tasks you’ve assigned your employees
Guides safety inspectors through your prepared checklists step-by-step so that they don’t miss anything and there are no errors
Empowers you to complete risk assessments about 30%-50% faster overall
Generates automatic reports after each completed risk assessment, making it easy to follow up and to measure improvements

Try Lumiform

Risk and compliance
Risk assessment

Everything you need to boost productivity, safety, and quality.

IMAGES

(PDF) ISO 17025 Lab Risk Assessment
2 RISK ASSESSMENT FLOWCHART
Lab Risk Assessment Based On ISO 17025:2017 For Chemical Labs
Biosafety in TB Laboratory: Risk Assessment Process
Science Lab health-and-safety-risk-assesment final
ISO 27001 Risk Assessment & Risk Treatment: The Complete Guide

VIDEO

How to Conduct A Risk Assessment
Risk Management || Risk Assessment || Risk Reduction || Risk Estimation || HSE STUDY GUIDE
Innovative Risk Management: Expert Elicitation with Role Reversal
Risk Assessment 2
Enterprise Risk Assessments
Risk Assessment

COMMENTS

Biological Risk Assessment: General Considerations for Laboratories
Risk management is a continuous process to identify, assess (evaluate), control, and monitor risks. The risk assessment components of the overall risk management process are: ... There are various and multiple risks involved in performing laboratory testing. The risk assessment should evaluate each risk against a standard set of criteria so ...
A Practical Tool for Risk Management in Clinical Laboratories
Since then, there has been much focus on this subject. We authors aimed to develop a practical tool for risk management in a clinical laboratory that contains five major cyclical steps: risk identification, quantification, prioritization, mitigation, and surveillance. The method for risk identification was based on a questionnaire that was ...
PDF Laboratory Biosafety and Biosecurity Risk Assessment Technical Guidance
A biosafety risk assessment should adhere to a structured and repeatable process and should follow the five-step technical approach described and illustrated below. Factors that affect the likelihood of the biosafety risk are captured in the first step of the risk assessment process, ("Define the situation"). Figure 6.
PDF Laboratory Risk Assessment Tool
assessment that maps onto the scientific method, melding with the process . researchers already use to answer scientific questions. This tool allows researchers to systematically identify and control . hazards to reduce risk of injuries and incidents. Conduct a risk . assessment prior to conducting an experiment for the first time. The risk ...
PDF Risk Management Guide
Risk management can be (1) a project triggered by an occurrence or finding, (2) a proactive project to evaluate potential weaknesses in a new, revised, or complex processes or (3) a continuous assessment based on daily events and observation of what is happening in the laboratory. 3. The risk management process typically involves four key stages:
Evaluating Hazards and Assessing Risks in the Laboratory
A key element of planning an experiment is assessing the hazards and potential risks associated with the chemicals and laboratory operations to be used. This chapter provides a practical guide for the trained laboratory personnel engaged in these activities. Section 4.B introduces the sources of information for data on toxic, flammable, reactive, and explosive chemical substances. Section 4.C ...
Introduction to Laboratory Risk Management (LRM)
This course is approved for 1.0 contact hour (s) of P.A.C.E.® credit. P.A.C.E.® Course Number: 288-006-23. This basic-level eLearning course provides details on applying risk management principles and briefly describes related practices to emphasize the importance of risk management in laboratory settings. Topics covered include risk ...
Risk Management in the Clinical Laboratory
Risk management guidelines recommend that laboratories play a proactive role in minimizing the potential for errors by developing individualized QCPs to address the specific risks encountered with laboratory analysis. Laboratories should map their testing process to identify weaknesses at each testing step.
Laboratory biosafety manual, 4th edition: Risk Assessment
Overview. The WHO Laboratory Biosafety Manual (LBM) has been in broad use at all levels of clinical and public health laboratories, and other biomedical sectors globally, serving as a de facto global standard that presents best practices and sets trends in biosafety. The LBM4 suite consists of one core document and 7 subject-specific monographs ...
PDF Risk Assessment in Medical Laboratories
Risk assessment - overall process comprising a risk analysis and a risk evaluation. Risk estimation - process used to assign values to the probability of occurrence of harm and the severity of that harm. Risk evaluation - process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk:
PDF Biological Risk Assessment: General Considerations for Laboratories
Overview of the Risk Assessment Process. In general, risk assessments can be broken down into Steps 1-2 in the !gure above. The risk assessment should include considerations about the hazards (e.g., biological agent), the speci!c processes and procedures, existing control measures, the facility and testing environment, and the competency of the ...
Risk Assessment for Clinical Labs
Simply stated, risk management includes: Risk identification: identifying potential errors; Risk assessment: evaluating errors to determine their impact on patient test results; and. Risk mitigation: controlling errors in such a way that residual risk is manageable. This article will review the first two phases of this process—risk ...
PDF WHAT IS A RISK ASSESSMENT TOOL?
egins with identifying hazards. A risk assessment tool is one practical approach recommended to identify hazards and ways. to reduce or eliminate hazards. It focuses on the relationship between the researcher, the experiment, the. ools, and the work environment. Ideally, after you identify uncontrolled hazards, you will take steps to eliminate ...
PDF Laboratory Risk Management
Estimate likelihood of hazards, dangers or threats occurring. Determine severity or seriousness of hazards, dangers or threats. Combine likelihood and severity to obtain a risk result; Assess risk, a value judgement against target to decide acceptability; Make improvements to system, process, operation, or activity to achieve an acceptable risk.
Identifying risk management challenges in laboratories
The process of risk management based on the ISO 31000 standard is described, the options for treatment and the techniques that can be applied in the risk management process based on the latest ISO 31010 standard are grouped and indicated. ... After completing the risk assessment stage, the laboratory is asked to select an appropriate treatment ...
PDF APHL
Risk Assessment: a risk assessment an action or series of actions taken to recognize or identify hazards and to measure the risk of probability that something will happen because of that hazard. The severities of the consequences are also taken into account, allowing for assessment of if enough precautions have been taken or more are necessary.
PDF Identifying risk management challenges in laboratories
The goal of any risk management process is to iden-tify, evaluate, address, and reduce the risk to an acceptable level [13]. According to Dikmen et al. [14], risk manage-ment involves identifying sources of uncertainty (risk iden-tification), assessing the consequences of uncertain events/ conditions (risk analysis), thus creating response ...
Risk Assessment & Risk Management
Risk Assessment & Risk Management. The Laboratory Supervisor/Principal Investigator is responsible for performing the first assessment of risk for biohazards handled in the laboratory. This is important as those handling biohazards must be aware of the risks involved in the work and also understand why the control measures have been implemented.
Biological Risk Assessment: General Considerations for Laboratories
Overview of the Risk Assessment Process In general, risk assessments can be broken down into Steps 1-2 in the figure above. The risk assessment should include considerations about the hazards (e.g., biological agent), the specific processes and procedures, existing control measures, the facility and testing environment, and the competency of ...
Risk assessment
Lab safety: Risk assessment. Provides chemical safety information resources and search strategies for students, faculty, and staff working in a lab. ... (EI) comes an invaluable book that puts the focus on a specific qualitative risk management methodology - bow tie barrier analysis. The book contains practical advice for conducting an ...
PDF Laboratory Risk Assessment
Use this table to score your hazard or activity's risk while performing a risk assessment. Use 'L' for low, 'M' for medium, 'H' for high when describing your risk in your Risk Assessment Tool. ty Table 2: This table defines what a low, medium and high severity risk is based on risk to people, environment, operations, and reputation.
Risk Assessment and Analysis Methods: Qualitative and Quantitative
A risk assessment determines the likelihood, consequences and tolerances of possible incidents. "Risk assessment is an inherent part of a broader risk management strategy to introduce control measures to eliminate or reduce any potential risk- related consequences." 1 The main purpose of risk assessment is to avoid negative consequences related to risk or to evaluate possible opportunities.
Laboratory Quality Control Based on Risk Management
Understanding weaknesses in the testing process is a first step to developing a quality control plan based on risk management. Laboratories should create a process map that outlines all the steps of the testing process from physician order to reporting the result. A process map basically follows the path of the sample from the patient through ...
Using a Quality Management System and Risk-based Approach in ...
The results of observational studies using real-world data, known as real-world evidence, have gradually started to be used in drug development and decision-making by policymakers. A good quality management system—a comprehensive system of process, data, and documentation to ensure quality—is important in obtaining real-world evidence. A risk-based approach is a common quality management ...
Pancreatic Cysts
The current approach to management relies on identifying the cyst type and conducting a multimodal assessment of the risk of cancer, an assessment that is mostly noninvasive, with selective use of ...
Strategic Value of Risk Management
Discover insights on how integrating risk management into strategic decision-making can provide a competitive advantage. The 2024 State of Risk Oversight Report reveals that less than half of organizations fully consider risk exposures when evaluating strategic initiatives. Learn key discussion points for executives and boards to enhance risk management's role in driving strategic success.
Risk Factor Analysis in Patients Exhibiting Cerebral Microbleeds and
Objective: To identify the risk factors contributing to cerebral microbleeds (CMBs), analyze the correlation between the quantity and distribution of CMBs and overall cognitive performance, including specific cognitive domains in patients, and investigate the underlying mechanisms by which CMBs impact cognitive function.Methods: Patients diagnosed with cerebral small vessel disease were ...
IS Audit in Practice: Managing the Practical Risk Assessment
Successful risk management is all about operational acceptance and feasibility. Industry culture plays a significant role in determining risk priorities, and having a structured risk assessment approach is crucial, regardless of industry or organization size. That said, the structure must be tailored to suit the audience.
Project risk management: A Comprehensive Guide
Project risk management is a versatile process that can be tailored to fit various industries, each with its unique challenges and requirements. Here's how it functions across different sectors: Construction and technology. In construction, risk management focuses on identifying potential delays, cost overruns, and safety hazards.
Effective risk assessment: Key steps and best practices
A thorough risk assessment allows you to trace risks back to their source and address the root causes of issues. It's important to note that risk assessments differ from Job Safety Analyses (JSA), and sometimes both are necessary for comprehensive safety management. Based on the Federal Institute for Occupational Safety and Health (BAuA), a ...


What are the risks associated with the biohazard?	Good microbiological work practices reduce the risk of exposure.
How do the proposed manipulations affect possible exposure? How will you handle a spill?	Use proper protective clothing and engineering controls or containment equipment.
Who will handle the biohazard? Do they have the proper training and experience?	Review the work location where biohazards will be handled. Ensure that other users of the space will not be at risk for exposure.