Dumb question on Risk Assessment - Include planned mitigations?

D

df_df

I have a question that's been bugging me for a long time on risk management - should you include planned mitigations when doing your initial risk assessment, or do the initial assessment assuming there are no mitigations? Here's an crude example of what I mean using power tools.

Suppose I'm doing a hazard analysis on a circular saw that I am designing. The kind you can buy at a hardware store for cutting plywood.

First, let's assume that the spreadsheet I'm using has the following columns (based on the ISO standard) - hazardous situation, harm, severity, probability, risk (SxP), risk control method, final probability (assuming the risk control method works), final risk. The first 6 columns (through risk control method) are filled out in the first pass of the spreadsheet. The last two are done at the end of the project, after verification testing shows the mitigation is effective.

I'd put the following in the first few columns. The hazardous situation would be the sharp spinning blade. The harm would be cutting off my finger. The severity is high. :mg: Now, what is the probability? There are two ways to do this - should I assume that the movable guard (the one that is on all saws) is on the sytem when I do the initial assessment, or should I assume it's not there and put that in the risk control column?

If I did the former, the probability would be high, and the risk would be "intolerable". I'd then put "add a blade guard" in the risk control method column. The updated probability would be "low" and thus the risk would be "acceptable".

If I did the latter, the probability would be low, the risk would be low and therefore I wouldn't need to implement any other risk control method. The path seems a bit easier and more realistic. But that doesn't document the fact that there is a guard in place and its inclusion in the system may be subsequently overlooked. It also doesn't highlight the fact that you need to "verify the effectiveness" of the mitigation in order to take credit for it.

The end result is the same, there's just two roads to get there.

I know this is a trivial example, but it illustrates a very common situation - how much knowledge of the final system do you assume when you do the initial risk assessment - which should theoretically be done very early in the project.

What would you do?

- Dave
 

Solinas

Involved In Discussions
Re: Dumb question on Risk Assessment

I'd include the guard. I would examine the product, as designed.

If you start looking at stripped down versions you don't intend to manufacture, where would you stop? Do a version without a fuse to capture what would happen if the thing shorted out and burned down a house?

A more complicated example would have you off in a dozen areas that really won't happen, due to the existing design.
 
M

MIREGMGR

Re: Dumb question on Risk Assessment

There are people out there who are teaching the assume-a-really-stupid-design approach, where the obvious safety features you include in your first concept (or for purchased equipment, that are already present for various reasons, including legal requirements) are separately analyzed as if they're mitigations for hazards that otherwise would exist. Our Engineering Manager took some kind of seminar that taught that approach. Now every risk analysis we need to get done, he's a constant pain in the backside, hassling us that we're going about it all wrong.

In case that anecdote doesn't make it obvious, I agree with Solinas. Don't analyze so as to take mitigation-credit for already-mitigated risks.
 

v9991

Trusted Information Resource
Re: Dumb question on Risk Assessment

I do agree with Miregmgr and Solinas,

There ought to be some exclusion criteria defined + yet, a place where its implementation is verified/reviewed.

should the failure modes which are already addressed through design(could be legal or current standards etc) would figure in the design fmea!:confused:
 

Ronen E

Problem Solver
Moderator
Re: Dumb question on Risk Assessment

Hello & welcome to the cove!

I have 2 comments:

1. One of the preliminary stages in any proper risk assessment is to unambiguously identify the design / version you are assessing at a certain risk assessment run. You could do it by referring to a version number or even by attaching design drawings. This way it is very clear what product you are trying to assess (e.g. does it have a blade guard or not).

2. Risk assessment is not a one-off activity. In my opinion, the first run should be held as early as the design concept generation stage, then the assessment revisited and enhanced on significant design milestones (whatever this would mean to you). Therefore - yes, when you do the first runs you have quite little details to go on, and so the analysis and assessment are done essentially on a conceptual level ("who said the saw has to have a blade anyway?..."); then, as the design unfolds you get to review the finer and finer details, and so do your mitigation means become more specific. Also, your ability to verify / measure effectiveness grows accordingly.

Cheers,
Ronen.
 
P

PaulGr

Re: Dumb question on Risk Assessment

I agree with the remarks of Rohen and I personally would be careful to include control measures already in your initial analysis. I have seen clients cited by their notified body for exactly this reason.

When a device design is stable for over 50 years (?) like the circular saw example, the formal ISO14971 approach seems indeed a bit silly, but for more complex devices it will be different.

In my opinion, this is only an issue with updates of devices where initially no proper risk analysis was done or if the initial risk analysis was a little delayed... :)

Cheers, Paul
 
D

df_df

Re: Dumb question on Risk Assessment

Thanks for all your thoughts. I guess there is no clear-cut answer. I guess its a tradeoff between going overboard with analyses of product configurations that will never come to fruition and complying with the requirement to of document (and verify) all mitigations.

Maybe a compromise would be to analyze the as-envisioned design and state the assumptions that go into the initial analysis. The assumptions could be verified along with any subsequent mitigations.

PaulGr - can you give some details on insight on how and why your client got cited?

Dave
 
Last edited by a moderator:
P

PaulGr

Re: Dumb question on Risk Assessment

Dave,

During that audit, there were 2 findings related to ISO14971 (ISO13485 / MDD audit, European firm, German notified body):
1: hazards that do not lead to a control measure were recorded in the risk management file.
2: Not all selected control measures were recorded in the risk management file.

In the discussion, they indicated that when a control measure is not listed in the risk analysis, there is a chance that in future updates, the control measure is 'removed'.

As the firm claimed compliance with ISO14971 in their design files, they got the finding. They updated their risk management SOP.

Cheers, Paul
 
A

Al Dyer

Re: Dumb question on Risk Assessment

df,

There is nothing here that is a dumb question!! We are all seeking answers and thoughts that will help us perform our career wants and needs.:):)

Al...
 

somashekar

Leader
Admin
Re: Dumb question on Risk Assessment

Don't analyze so as to take mitigation-credit for already-mitigated risks.
What a nice learning from this thread ....
Risk assessment is a live document and at design concept stage several such risks do need to be considered and they provide design inputs.
When medical devices are assessed, the residual risks is to assess the risks prevailing or induced that weighs less compared to the benefit for which the medical device is put to use. (aka contraindications)
Ex:
A process for cancer treatment may be very essential to save the life as compared to the hairfall (hairloss) which is the risk when this treatment is provided to the patient. You can do nothing more to reduce this risk but mention clearly this risk to the patient against benefit of cancer treatment.
 
Top Bottom