Risk Management Process Steps...

The Risk Management Process Steps can be summarized as follows:

Step 1 – Identify the hazards, which involves performing a risk analysis
Step 2 – Estimate and evaluate the risks identified during the risk analysis
Step 3 – Implement a process to reduce and control the identified risks
Step 4 – Monitor the effectiveness of the controls implemented

When you perform a risk assessment, implement risk minimization and monitor ongoing results, you are implementing a Risk Management Process.

Looking at the above four steps in a little more detail.


Step 1 – Identify the hazards. Perform a risk analysis.

Risk Management Process Steps

Risk Management Process Steps

Determine if a risk analysis has already been performed or is there any other relevant information available, for a similar product or process. if yes, then the information which is already available may be useful in developing a new risk analysis.

If the product or process is part of a larger integrated system/process, the risk analysis should consider interface(s) to and combinations with other products and/or accessories.

The basic functional structure and workflow of the product or process should be identified, analyzed and included in the risk analysis.


Step 2 – Estimate and evaluate the risks identified during the risk analysis.


For every risk identified, you need to determine if risk reduction is required. If reduction is required, you need to determine if it is practical and beneficial in terms of cost or reputation or compliance?

Risk acceptability levels should be defined using a “Risk Matrix”. The risk matrix helps to remove subjective judgement and provides a numeric or visual (color coded) indication of the potential risk.


Step 3 – Implement a process to reduce and control the identified risks.


Risk control should reduce the probability of occurrence of harm. A “reduction” of severity is only possible by inherent safe re-design of a specified functionality (i.e., elimination of the underlying hazard).
Risk control measures may need to be applied in terms of combinations with other products and processes. During Risk Control, Critical Quality Attributes (CQA’s)* may be identified and classified.
Critical Quality Attributes (CQA’s)* may need to ensure that safety related risk control measures are implemented to support.
Both implementation of risk control measures and effectiveness of risk control measures should be verified and documented.
A validation study may be used to verify the effectiveness of any risk control measures implemented. Note: Verification or validation activities, by themselves, cannot be considered as a risk control measure. If the residual risk is considered unacceptable, further risk control measures should be applied.

* Critical Quality Attribute (CQA) – A physical, chemical, biological or microbiological property or characteristic that shall be within an appropriate limit, range, or distribution in order to ensure the desired product or process quality.


Step 4 – Monitoring the effectiveness of the controls implemented.


A monitoring system should be established, documented and maintained to actively collect and review information (e.g. post-market surveillance and other data sources) about the product or process or similar products in order to re-assess the effectiveness of the risk controls implemented.

Sources of information can include complaints, non-conformance reports, feedback from users, or from maintenance/service personnel.

When implementing a risk management process, many organizations start with a risk management plan. They also evaluate and develop staff competences on a range of risk analysis techniques such as Cause and Effect Analysis, Fault Tree Analysis, HAZOP, 5 Why’s, etc.
Another key element is the Risk Management File, where all the critical risk documents are held or if not physically located in the file, have pointers maintained in the risk file as to where they can be located.

Risk Management information and training presentation >>>     
Business Improvement and Compliance presentations >>>

ISO 14971 Risk Management explained >>>
Risk Management Principles >>>
Failure Mode Effects Analysis >>>
Risk Assessment and Risk Detectability >>>
Process Cycle Time reduction >>>
Medical Device Risk Management >>>
Quality Assurance and Quality Control >>>
Change Management and Control >>>
Benchmarking >>>
5S Method of workplace control >>>
Scatter Diagram >>>
Quality Management Plan >>>
Quality Management System Review >>>
Cost of Quality >>>
What is Statistical Process Control >>>
Manufacturing Process Capability >>>
Validation Gap Analysis >>>
DMAIC Process Steps >>>