4.1.1 Risk assessment
A. Background & Definitions
This item refers to one of the Core Requirements (Core Requirement 15 - "Risk assessment must be performed to identify factors affecting the generation, processing and reporting of research data") and is, therefore, considered as essential.
Risk is the combination of the probability of occurrence of harm, and the severity of that harm. In the context of EQIPD Quality System, harm is defined as research data not being fit for purpose, research data being biased and/or inadequate data integrity.
Risk assessment is the process of identifying all risks to and from an activity or situation and assessing the potential impact on the research enviroment.
For any research unit using EQIPD Quality System, there are three main areas of risk assessment:
- alterations from strongly recommended practices (i.e. situations when EQIPD language included „should“ and the research unit provided a declaration on why it does not or cannot apply to them)
- key / support processes that are inherently associated with risks endangering the validity of results (e.g. risk of unblinding; emergency access to blinding codes; see also 2.1.10 Plausibility check)
- changes in the environment of the research unit (new hires / key people leaving; facility changes, etc.)
B. Guidance & Expectations
EQIPD expects risk assessment to be conducted at three levels:
|By whom||When / how often||To be documented?||Use of EQIPD tools|
|Alterations from strongly recommended practices||Process Owner||At least as part of 4.1.2 Self assessment
(Process Owner may decide to conduct assessments more frequently)
|Yes, as part of a 4.1.2 Self assessment protocol||If EQIPD Planning Tool is used, alterations from the recommended practices can be marked or highlighted in the corresponding Risk Assessment column in the Action Plan.|
|Inherent risks of key / support processes||Team member with the primary responsibility over design and execution of a particular study||For each planned / conducted study||Yes, as part of a 2.1.1 Study protocol that should have a dedicated section or box for risk assessment summary||Certain Toolbox items are marked with a warning sign and a "please do not forget" text in order to suggest processes that may require attention|
|Changes in the environment||Process Owner (alone or with the team)||Ad hoc||Optional (to be decided by the Process Owner - see below for a template, can be easily done with Planning Tool current version)||Corresponding Toolbox items may be consulted for any specific guidance or references to useful resources; If EQIPD Planning Tool is used, new solutions and changes to existing solutions can be recorded|
Optionally, risk assessment can be conducted more often by the process owner or a dedicated person on a broader level than what is suggested above. When doing so, the following questions can be used for guidance:
- What can go wrong and have a negative impact on the research data or unit?
- How likely is it to happen?
- What are the potential consequences?
- How tolerable is the identified risk?
Outcome of such risk assessment can be documented (e.g. using the template provided below) and and store in Dossier folder 4.1.1. A case study can be found Risk Management Case Studies
DO NOT FORGET
- To justify acceptance of risk based on both probability and severity of harm
SYRCLE Risk of Bias 
The following techniques provide a more detailed framework and can be used if resources allow it:
ICH Q9 Quality Management
Template for optional risk assessment - 4.1.1 Risk Management.docx
back to Toolbox
Next item: 4.1.2 Self assessment