Risk Review Methodology

CYNTEGRITY advises to extend/develop standard operating procedures (SOPs) concerning risk review if it was not officially conducted before.

Thus, a schedule or frequency for team meetings to regularly review and update @RACT+, risk register and KRI register should be established in the Risk Management Plan or similar document. This document should define topics to be regularly discussed between the project or risk manager and team members during these meetings, including, but not limited to:

  • whether new risks were identified since the last meeting
  • whether risk Impact (I), Probability (P), and Detectability (D) levels are still accurate (based on observed risk trends or occurrence)
  • whether planned risk responses and actions are still appropriate and effective to avoid or mitigate risks
  • whether deployed risk responses and actions were effective in avoiding or mitigating risks
  • whether any of the initially accepted risks have occurred; and if so, mitigation actions should be discussed
  • study deliverables and general study performance (achieved milestones, met timelines, data quality checks, data reviews, IT checks, etc.) and
  • risk management process improvement

If a deficiency in the risk-based quality management system (e.g., inadequate risk control) is detected, the project manager and team members should meet, discuss solutions and improve the affected processes, checking the efficacy of the agreed corrective actions after their implementation. In such a case, the project manager or designee must organize and direct an on-demand risk review and evaluate the need for conducting a formal CAPA.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.