1. INTRODUCTION:

Risk’ is a condition in which there exists a quantifiable dispersion in the possible outcomes from any activity. Risk can also be defined as uncertain future events which could influence the achievement of the organization’s strategic, operational and financial objectives. Risk management can be defined as a process of understanding and managing the risks that the entity is inevitably subject to in attempting to achieve its corporate objectives^1,2.

Risk is an integral part of the business scenario and can be termed as a potential event that can have opportunities that benefit or a hazard to a business component. It could be an issue of an already occurred event. Risk can be an assumption that is not proven but is still necessary to assume to proceed successfully through the project. Risk can also be a constraint, and is characterized by threats and opportunities. Risk as defined by ISO is a combination of the probability of an event and its consequences. Thus risk can be defined as the effect of uncertainties on objectives (whether positive or negative) the chance of something happening that impacts project objectives. Project risk, in particular, can be termed as risk that may have either positive or negative impact on the project. It is mainly caused due to uncertainty in project plan. However, these risks can possibly be controlled or can at least be tracked^1-3.

Risks can be at any stage of the project life cycle and create impact based on it. In simple words, project risk can be defined as the possibility that something may go wrong, or at least not turn out as planned. Risks are different for each project, and risks change as a project progresses. In any project, it is difficult to assess the quantum of risks involved. Therefore careful planning will result in minimizing the risk in a project. The formulation of a project is based on the estimates of the past data available with the project management team. The data may have been from the recorded information about past projects executed successfully or from the experience of the project management team members. There will be lots of uncertainties and surprises in a project during its execution. It is necessary to analyze and estimate the project in all respects in order to enable the manager take proper decision on the project. A given project may come across different types of risks like financial risk, process risk, time risk, human risk and physical risks^3-5.

2. Project Risk Management

Project risk management is all about the systematic process of identifying, analyzing, prioritizing and responding to risk by applying risk management principles and controlling the probability and/or impact of unfortunate events at the project level. It attempts to maximize the probability and consequences of positive events and to minimize the probability and consequences of adverse events. The goal is to prevent or reduce risk in a cost-effective manner without compromising quality or harming the mission or timeline. The benefits of proper risk management in projects are huge. Organizations can generate a lot of profit if they deal with uncertain project events in a proactive manner. The result will be that they minimize the impact of project threats and seize the opportunities that exist^3,6.

The objective of risk management is the core part of an organization’s strategic management that intends to reduce the effect of risk or avoid it to some extent. The real challenge is to identify the most critical risks that will have negative impact on the project and control them. Thus identifying and prioritizing the risk is considered as part of risk management. For example, a person selected to complete a particular task in a project, may not have skills to do that given tasks. The project manager, who identifies this risk can plan for training time and or can allot another skilled resource to complete that work on time.

Risk management assists you to find out the methods, where you can manage the events that may have undesirable affect on financial or human capital of the organization. Thus it enables you to prevent the adverse effect of events or risks. Proper risk management enables you to deliver the project on time, on budget and with the quality results one’s project sponsor/client demands. In addition to this, other project team members can be also happy and motivated enough to perform better and better. All this would essentially boil down to increase in the productivity of team members and in the efficiency and effectiveness of the resources.

Managers can plan their strategy based on four steps of risk management which prevails in an organization. The process can be customized according to the needs and nature of the organization and hence, it is not mandatory to follow each step sequentially in all the cases. Following are the steps to manage risks effectively in an organization ^6-12.

1. Risk Assessment:

· Risk Identification/Listing

· Risk Analysis/Quantification

· Risk Prioritization/Ranking/Evaluation

2. Risk Response/Treatment:

· Risk avoidance

· Risk reduction

· Risk sharing or transfer

· Risk acceptance

3. Risk Monitoring and Control

4. Risk Reporting/Communication

2.1 Risk Assessment

Risk Identification/Listing:

It is a systematic use of information to identify potential sources of harm (hazards) referring to the risk question or problem description. Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders. Risk identification addresses the “What might go wrong?” question, including identifying the possible consequences. This provides the basis for further steps in the quality risk management process.

Risk Analysis/Quantification:

Risk analysis can be quantitative, semi-quantitative or qualitative in terms of likelihood of occurrence and possible consequences. Assessing the impact of each risk can be done using a variety of tools including the following:

1. Probability

2. Scenario planning

3. Simulations (like Monte Carlo spreadsheet simulation)

4. Decision trees

5. Real option modeling

6. Sensitivity analysis

7. Risk mapping

8. Failure Modes and Effects Analysis (FMEA)

9. Statistical inference

10. SWOT or PEST analysis

11. Root cause analysis

12. Cost benefit/risk benefit analysis

13. Human reliability analysis

Risk mapping and FEMA are two frequently used risk evaluation tools. Mapping involves a matrix of likelihood/probability and impact/consequences⁴.

Risk Prioritization/Ranking/Evaluation

Setting priorities is one of the main management functions of an organization. If the managers do not prioritize their tasks and organizational objectives, the organization will head towards the wrong direction and eventually collapse. Therefore, management is required to prioritize their tasks and focus on the priority items that will have a high impact on the organization. Similarly, in case of development projects, if the personnel do not prioritize the risk factors and focus on mitigation of the high risk ones, the products’ quality will be compromised.

Pareto chart tool

Is one of the most effective semi-quantitative tools that the management can use when it comes to identifying the facts needed for setting priorities. Pareto charts clearly illustrate the information in an organized and relative manner. This way, the management can find out the relative importance of problems or causes of the problems. When it comes to prioritizing the causes of the problem, a Pareto chart can be used together with a cause-and-effect diagram. Pareto charts are created based on the Pareto principle. The principle suggests that when a number of factors affect a situation, fewer factors will be accountable for the most of the affect. Once the Pareto chart is created, it shows you a vertical bar chart with the highest importance to the lowest along with a cumulative line graph.

Risk priority number

The Risk Priority Number (RPN) is a numeric (quantitative) assessment of risk assigned to a process, or steps in a process, as part of FMEA, in which a team assigns each failure mode numeric values that quantify likelihood of occurrence, likelihood of detection, and severity of impact. Risk factors with high RPN are likely to have more impact on the product quality (output).

2.2 Risk Response/Treatment

This is the process of selecting and implementing measures to manage the risk. The challenge for risk managers is to determine a portfolio of appropriate responses that form a coherent and integrated strategy such that the net remaining risk falls within the acceptable level of exposure.

It is important to note that there is no right response to risk. The choice of response will depend on issues such as the organization’s risk appetite, the impact and probability of the risk and the costs and benefits of the mitigation plans.

Responses to risk generally fall into the following categories:

Risk avoidance

Action is taken to halt the activities giving rise to risk, such as a product line, a geographical market or a whole business unit.

Risk reduction

Action is taken to mitigate the risk of likelihood or impact or both, generally via internal controls.

Risk sharing or transfer

Action is taken to transfer a portion of the risk through insurance, outsourcing or hedging.

Risk acceptance

No action is taken to affect likelihood or impact. Implementation of the chosen risk responses involves developing a risk plan outlining the management processes that will be used to manage the risk of opportunity to a level defined by the organization’s risk appetite and culture. An important part of the risk response in the ongoing monitoring to determine the effectiveness (or performance) of the risk response.

2.3 Risk Monitoring and Control

Risk monitoring and control is required in order to ensure the execution of the risk plans and evaluate their effectiveness in reducing risk. This process keeps track of the identified risks, including the watch list. It helps to Monitor trigger conditions for contingencies and to monitor residual risks and identify new risks arising during project execution. Inputs to risk monitoring and control are risk management plan, risk register, approved change requests and work performance information. Tools and techniques for risk monitoring and control are risk assessment, risk audits, variance and trend analysis, reserve analysis, status meetings etc.

2.4 Risk Reporting/Communication

Risk communication is the interactive exchange of information and opinions throughout the risk analysis process concerning risk, risk-related factors and risk perceptions, among risk assessors, risk managers, consumers, industry, the academic community and other interested parties, including the explanation of risk assessment findings and the basis of risk management decisions. The reporting of risks and risk management information is essential for internal decision makers to integrate risk evaluations into their operational and capital investment decisions, review of performance and compensation/reward decisions.

3. Risk Management Process

Following are the major considerations when it comes to risk management process ^11-13.

· Each person involved in the process of planning needs to identify and understand the risks pertaining to the project.

· Once the team members have given their list of risks, the risks should be consolidated to a single list in order to remove the duplications.

· Assessing the probability and impact of the risks involved with the help of a matrix.

· Split the team into subgroups where each group will identify the triggers that lead to project risks.

· The teams need to come up with a contingency plan whereby to strategically eliminate the risks involved or identified.

· Plan the risk management process. Each person involved in the project is assigned a risk in which he/she looks out for any triggers and then finds a suitable solution for it.

4. Pharmaceutical Development

The aim of pharmaceutical development is to design a quality product and its manufacturing process to consistently deliver the intended performance of the product. The information and knowledge gained from pharmaceutical development studies and manufacturing experience provide scientific understanding to support the establishment of the design space, specifications, and manufacturing controls. It is important to recognize that quality cannot be tested into products, i.e., quality should be built in by design.

In all cases, the product should be designed to meet patients’ needs and the intended product performance. Strategies for product development vary from company to company and from product to product. A more systematic approach to development can include, for example, incorporation of prior knowledge, results of studies using design of experiments, use of quality risk management, and use of knowledge management throughout the lifecycle of the product. Such a systematic approach can enhance achieving the desired quality of the product and help the regulators to better understand the strategy. Product and process understanding can be updated with the knowledge gained over the product lifecycle ^14,15.

Pharmaceutical development should include, at a minimum, the following elements:

Defining the quality target product profile (QTPP)

· QTPP is a prospective summary of the quality characteristics of a drug product that ideally will be achieved to ensure the desired quality, taking into account safety and efficacy of the drug product.

· It relates to quality, safety and efficacy, considering e.g., the route of administration, dosage forms, bioavailability, strength and stability.

Identifying potential critical quality attributes (CQAs) of the drug product, so that those product characteristics having an impact on product quality can be studied and controlled.

· CQA is a physical, chemical, biological, or microbiological property or characteristic that should be within an appropriate limit, range, or distribution to ensure the desired product quality.

· The identification of a CQA from the QTPP is based on the severity of harm to a patient should the product fall outside the acceptable range for that attribute.

Critical selection of drug substance, type and amount of excipients and process to deliver the CQA.

Quality Risk Management (QRM) to systematically evaluate, understand and refine the formulation.

· Identifying the risk factors (the material attributes and process parameters that can have an effect on product CQAs) through, e.g., prior knowledge, experimentation, and risk assessment.

· Determining the functional relationships of risk factors to product CQAs and their significance using statistical design of experiments (DOE).

· Setting the limits for risk factors which process significant effect on the CQA

Using the enhanced product and process understanding in combination with quality risk management to establish an appropriate control strategy, which can, for example, include a proposal for a design space(s) ^14-18.

5. Quality Risk Management

In case of pharmaceutical products, an insufficiently controlled quality risk may put the patients’ life on jeopardy. In most countries, product quality risks are largely controlled by good manufacturing practices (GMP), validation, regulatory activities, inspections and supply chain controls. Quality risk management (QRM) is the overall and continuing process of appropriately managing risks to product quality throughout the product's life-cycle in order to optimize its benefit–risk balance. It is a systematic process for the assessment, control, communication and review of risks to the quality of the medicinal product ^9-11.

QRM is a process that is relevant to all countries and should provide a rationale to understand risk and mitigate it through appropriate and robust controls. QRM cover activities such as research and development, sourcing of materials, manufacturing, packaging, testing, storage and distribution. WHO guidelines on QRM have been developed as an update on WHO's advice to the pharmaceutical industry. To protect patients in terms of quality, safety and efficacy of medicines, international medicines regulatory authorities are recommending pharmaceutical manufacturers to adopt a risk-based approach to the life cycle of a pharmaceutical product.

Some regulatory agencies require the adoption of a risk-based approach for specific areas in the life-cycle of a pharmaceutical product, e.g. environmental monitoring in sterile products manufacture. The level of QRM activity and the density of associated documentation will evolve as the product progresses from early development through to routine production. It can be applied both proactively and retrospectively ^9-11.

Quality risk management is a systematic process for the assessment, control, communication and review of risks to the quality of the drug product across the product lifecycle. A model for quality risk management is outlined in the diagram (Figure 1). Other models also can be used. The emphasis on each component of the framework might differ from case to case but a robust process will incorporate consideration of all the elements at a level of detail that is commensurate with the specific risk.

Figure 1: Overview of a typical quality risk management process ⁹.

Quality risk management supports a scientific and practical approach to decision making. It provides documented, transparent, and reproducible methods to accomplish steps of the quality risk management process based on current knowledge about assessing the probability, severity, and, sometimes, detectability of the risk. Traditionally, risks to quality have been assessed and managed in a variety of informal ways (empirical and/or internal procedures) based on, for example, compilation of observations, trends, and other information. Such approaches continue to provide useful information that might support topics such as handling of complaints, quality defects, deviations, and allocation of resources.

In addition, the pharmaceutical industry and regulators can assess and manage risk using recognized risk management tools and/or internal procedures (e.g., standard operating procedures). Below is a non-exhaustive list of some of these tools ^4,7,9.

· Basic risk management facilitation methods (flowcharts, check sheets, etc.)

· Failure Mode Effects Analysis (FMEA)

· Failure Mode, Effects, and Criticality Analysis (FMECA)

· Fault Tree Analysis (FTA)

· Hazard Analysis and Critical Control Points (HACCP)

· Hazard Operability Analysis (HAZOP)

· Preliminary Hazard Analysis (PHA)

· Risk ranking and filtering

· Risk priority number (RPN)

· Statistical modeling

· Quality by design (QbD) and design of experiments (DoE)

6. CONCLUSION:

This article discusses the application of risk management in pharmaceutical formulation development. Risk management principles were outlined and the progress of product development based on risk management principles was briefed. Systematic use of risk management can help to identify the critical risk factors that affect CQAs during the early stage of development itself, making it easy to control and minimize their impact on product quality.

7. REFERENCE:

1. Ahmed A, Kayis B, Amornsawadwatana S, (2007). A review of techniques for risk management in projects. Benchmarking: An Int J; 14: 22–36.

2. Chapman C, Ward S. (1997). Project risk management. Processes, Techniques and Insights. Chichester: John Wiley & Sons, Ltd., p 322.

3. Chapman RJ. (1998). The Effectiveness of working group risk identification and assessment techniques. Int J Proj Man, 16:333–343.

4. Failure Mode and Effect Analysis: FMEA from Theory to Execution, 2nd Edition 2003, D. H. Stamatis, ISBN 0873895983.

5. Githens GD, Peterson RJ. (2001). Using risk management in the front end of projects. In: Proceedings of the Project Management Institute 32nd annual seminars & symposium. Nashville, TN, p 4.

6. Grey S. (1995). Practical Risk Assessment for Project Management. Chichester: John Wiley & Sons, Ltd., p 140.

7. Guidelines for Failure Modes and Effects Analysis (FMEA) for Medical Devices, 2003, Dyadem Press, ISBN 0849319102.

8. ICH harmonised tripartite guideline. ICH Q8 (R2): Pharmaceutical development. August 2008. (http://www.ich.org).

9. ICH harmonised tripartite guideline. ICH Q9: Quality risk management 9 November 2005 IFPMA; Quality Risk Management ICH Q9 Briefing pack, July 2006, ICH–webpage publishing; ICH harmonised Q8/9/10 Questions and Answers, November 2010; ICH harmonised Q8/9/10 Training material, November 2010, ICH–webpage publishing; ICH harmonised points to consider for ICH Q8/Q9/Q10 implementation, 6 December 2011 (FIP, AM and IFPMA) (http://www.ich.org).

10. IEC 60812 Analysis techniques for system reliability-Procedure for failure mode and effects analysis (FMEA).

11. ISO 14971:2000–Application of Risk Management to Medical Devices.

12. ISO/IEC Guide 73:2002–Risk management–Vocabulary–Guidelines for use in standards.

13. Pharmaceutical cGMPs for the 21^st century–A risk–based approach. US Food and Drug Administration, Center for Drug Evaluation and Research (FDA CDER), September 2004 (http:// www.fda.gov/Drugs/default.htm).

14. Lawrence XY (2008). Pharmaceutical quality by design: product and process development, understanding, and control. Pharm Res; 25: 781–791.

15. Lionberger R, Lee S, Lee L, Raw A, Yu LX (2008). Quality by design: concepts for ANDAs. AAPS J.; 10: 268–76.

16. Lionberger RA, Lee SL (2008). Quality by design: concepts for ANDAs. AAPS Pharm Sci Tech; 10:268–276.

17. Charoo NA, Shamsher AA, Zidan AS, Rahman Z. Quality by design approach for formulation development: a case study of dispersible tablets (2012). Int J Pharm.; 423 (2):167–178.

18. Betterman SM, Lewy SE, Brown BA-S (2012). A tale of two drugs: how using QbD tools can enhance the development process. J GXP Comp.; 16:34–47.

Received on 12.02.2018 Accepted on 20.03.2018

Asian J. Pharm. Res. 2018; 8(3): 185-190

DOI: 10.5958/2231-5691.2018.00032.1