Risk Approximation
It’s a rainy day here in Dublin, so might as well write a blog entry: so they say…
Yesterday in the car on the cross-country drive I was listening to a podcast on personal finance, and one quote by the guest Ramit Sethi hit me with a significant force. Mr. Sethi stated that a person’s attitude about money has little correlation with the amount in their account. Rather, it is based on a multitude of life experiences starting from a very young age. Interesting.
As a consultant working primarily in the area of data and risk management, I find this statement to be a near perfect description of what we find in our world as well: a site’s perception of process/data risk has little correlation with the actual risk within the process. Just like finance, it is rather based on a lifetime of experiences such as inspections, trainings, pervious company directives, etc. We might call these biases. As an industry, we need to fix this discrepancy, and it starts with establishing clear standards for the factors of risk assessment, as an attempt to replace bias with science. For example, what is the definition of a medium severity score, or a low vulnerability score? Is it vague and therefore based on the assessor’s biases? If yes; not a recipe for success.
Try establishing standards that are as objective as possible. For example, is a technical or engineering control available that can prevent a hazard from occurring? If yes, that is assigned a low vulnerability score. If not, the assessor may not use other factors to achieve the same conclusion of “low”. Nope, no chance. Gone are the days of “faking it until we make it” in QRM; clear standards make this impossible. Faking a risk conclusion is no different than bending the laws of physics… good luck.
A risk assessment is never going to be a direct evaluation of patient risk, it will always be an indirect approximation. Our job is to get this indirect approximation to be as close to the target as possible.
Join us in Austin or Dublin at the Governance Workshop as we work through what good standards look like, and how to achieve both self and organizational transformation. Hope to see you there!
Pete
