Gorecki: Very well. Ken, do you want to take that first?
Ray: Sure, I’ll take a stab at it. If you look at Q12 and some of the content that’s in Q12, it talks about risk management and assessment. One of the key principles of any risk management approach is to risk identification, risk mitigation, and moving forward from there. How do you identify those risks that are presented to your organization? And we’ve historically looked at risk in terms of those tangible risks.
To use a metaphor, you’re driving down the road. What are the tangible risks to driving down the road? It’s going to be is your car in good repair? Is the road in good condition, etc.? Those are risks that are there. And what are the weather conditions? And similarly, within life sciences, do you have a good investigation system? Do you have a good change management system? What’s your CAPA system, etc.? All the QMS are things that help us manage tangible, identifiable risks. We can point our finger at them and identify them. The piece that we haven’t done a good job up to now is the behavioral side of it. And those are very real, too.
Gorecki: Yeah. I think there’s another thing. So for example, we’re in a sterile plant. We had just finished a media fill. We read the results and the results are good. But no one has yet completely reviewed the production records and all the other associated information with the media fills, to actually sign off on the media fill requalification or revalidation report. But the organization wants to be able to move forward and open up the line before everything is completely reviewed and written up. And somebody writes a memo and they say, we’re going to do a risk assessment. And so in that risk assessment somebody writes up a statement which says, all the results passed. We performed the media fill according to the batch record and maybe a couple of other justifying statements. And they say, so based on this risk assessment, we’re going to go ahead and open up the line for production. That’s a risk assessment that’s actually done based on incomplete information, where the expressed value is quality is job one, but the behaviors and the signals in the organization are, don’t follow your structured process because we’re in a hurry and we’ve got to get production up and running.
And I see organizations writing risk assessments for validation reports that have gone awry or things that weren’t really in compliance with FDA guidance or ISO or ICH guidance. And they write risk assessments and they’re always going to somebody to write a “technical risk assessment” to justify what wasn’t done properly. And frequently, I will see a weak justification that’s not really build on thorough review. And in that company when you look at that risk assessment flowchart that’s in the quality requirements, in ICH what you see is when there’s a weakness in the culture where the expressed values don’t match the underlying assumptions and the underlying assumptions are get it done, then how the process for risk management is executed and how thorough and robustly it’s done, that doesn’t happen well, but there’s a written risk assessment. And those organizations will often be challenged in inspections by the robustness of their risk assessment, where basically, it’s a quick justification. And I used to call those things rationales. They actually weren’t risk assessments, they were rationales for moving forward or releasing a batch or moving ahead and accepting a validation run or whatever it is you’ve done without really looking into the root causes. Does this happen often? How does this really impact not only quality, not only product safety, but how does this impact compliance? And are we having these things so often that it indicates that our expressed value of quality and compliance are job one, doesn’t match the underlying assumption of, get it done.
Ray: So the rigor in which the risk assessment is done is adversely impacted by a weak culture. Thanks for pivoting that around into a real world example.
Transcript taken from June 15th Webinar – “Create a Quality Culture to Aid Risk Management: Dynamic Behaviors that Achieve Quality and Business Objectives”