3D Risk Management
Menlo Park Project™ is the only general project management system with integrated risk management able to do Q9+ FMECA. The Risk Priority method of analysis is implemented. It's straightforward and easy to adopt into projects.
When risks and failure modes have owners and are regularly reviewed in meeting agendas and reports, then they are seen by more people and more often. Threats are recognized and mitigated in earlier stages. Opportunities come sooner.
The friendly FDA still only requires 2D risk management. But, improvement is not very possible with it using mainframe computer style tools, applications and forms. Especially, using static risk registers and a few owners peripheral to the project.
With detectability, priorities focus attention more acutely. Actions are taken earlier. With continual pursuit, failure modes and risks are less able to hide in obscurity or ambiguity.
The Founder would know. Richard Bollinger worked years as a 21 CFR Part 11 Auditor, CMMI® Assessor, medical device and pharmaceutical project manager, consultant and expert in Risk Management. (Download free Founder paper here.)
Risks are numerically rated 4 ways: impact, likelihood, detectability and overall risk index.
Likelihood, also known as occurrence, is a relative measure of the frequency, or the probability, of a risk type issue manifestation such that the project suffers its impact.
Usually, a likelihood ranking of 1-10 is used from the lowest to the highest. Often, in business, a 1-5 ranking is used. A probability 0-100% can be assigned for use in scheduling. Choose values and names or use your industry standards.
Detectability is a relative measure of the project's ability to detect an issue before its impact on the project. It is usually ranked 1-10 from easily detectable to non-detectable. (Non-detectable issues must be watched continually.) Design value ranges for your industry or needs.
RPN = Impact X Likelihood X Detectability
Risk Index uses the risk priority number, (RPN), a calculation made that considers all 3 ratings. They are multiplied together. The result is a relative measure of an issue’s importance to the project (commonly 1-1000.)
Bands (usually 1-5) are then used to break up the totals into ranges. Doing so permits issues of all types and uncertainty can be compared on equal footings in meetings and reports. Set the boundaries and names to match your needs.
The Sins of Risk Management
People might not know a lot about risk management because sometimes, they don't have to. They make registers/plans that are approved, but never opened later. Risks are not reviewed at project meetings and not always KEPT up-to-date.
Mitigation plans are often not integrated with overall project plans. Contingency plans are not regularly reviewed to see if they are still relevant and adequate. Or, this is all assigned to separate managers and teams that are not kept in sync with the project.
Medical device professionals would do well to 'up' their risk management to the 3D/Q9+/FMECA level for both the product and project scopes.