Quality risk management

Quality risk management is a methodology used within industry and service sector organizations that identifies, assesses and contains possible risks that might impact the quality of a product or service.

Quality risk management is used within a wide variety of sectors, from manufacturing organizations to healthcare.

In today’s article, we’ll be looking at Quality risk management, its process, why we use it and who uses it). We’ll be covering:

What is quality risk management?

When products are produced that include defects or quality issues various courses of action might be taken:

  • Where products haven’t yet shipped to customers, it is common for them to be reworked (or scrapped). 
  • Where these products have shipped and reached stockists or even worst customers, it is common for these products to be recalled and for safety information (or alerts to be issued) highlighting the nature of the issues.

As we can see, where issues affecting the quality of products have not been mitigated, they can have a negative impact on both the business producing the product and, the customer. This can lead to serious consequences.

One way of mitigating this is to have effective processes that support the management of risks throughout end-to-end processes within the business.

If, for example, we assess the healthcare and pharmaceutical industry, it is faced with high levels of demand, complex development processes, complex sourcing and supply chains. There can be a myriad of causes for poor quality, from material, non-conformance, process, tools used, damage etc.

Inadequate risk management in this example may see defective products being shipped to the customer, which may have a damaging effects (perhaps fatal) on the customer and may result in severe consequences for the producing organization.

Effective risk management focusing on product and process quality is one way of mitigating such issues.

Quality risk management is built on the traditional step-by-step risk management process, which is designed to increase awareness of risk and, through review, develop action-based plans to better control and mitigate possible effects. 

Effective risk management improves decision-making through the gathering of information pertaining to perceived risk and helps in the development of appropriate action plans to bring about improved outcomes.

Effective quality management requires effective risk management.

Whilst Quality risk management may have some nuances around the traditional risk process, it is one that’s familiar if you’ve managed risk before, steps that might be used to initiate and plan a quality risk management process may include the following:

  • Appraisal of risks
  • Communication of risks to leaders and stakeholders
  • Control of risks, including mitigation
  • Sustained review of risks (including understanding the impact of mitigation activities)

In certain industries, specific requirements pertaining to risk management may need addressing. For example, in healthcare, we might perceive that the key directions for quality risk management are 

  • Risk management should be based on science, data and analysis
  • Linked to improving patient outcomes

In manufacturing, we might see:

  • Focus on process effectiveness (which may result in financial benefit)
  • Improved quality of product to the customer (fewer non-conformance etc.)
  • Improved brand recognition

Quality risk management is prevalent in healthcare and pharmaceuticals but also relevant to other industrial sectors and should be seen as a common methodology that can be applied to most circumstances.

There are a variety of tools which can be used on their own or together that we can use to capture and manage risks to quality; these include:

  • Capture, ranking of risks
  • Failure Mode Effects Analysis
  • Hazard Analysis
  • Statistics
  • Fault Tree Analysis
  • Hazard Analysis, including critical control points

What is the quality risk process?

Most Quality risk management processes will likely contain a series of steps that accomplish the task. These are likely to include:

  • Identifying possible risks
  • AnalyzingAnalyzing possible risks
  • Evaluating possible risks
  • Controlling risks (through reduction, avoidance or acceptance)
  • Reviewing and communicating risks

The purpose of having an established and documented process for managing risk is that it supplies a transparent and repeatable methodology that can be documented (and made available to the whole organization). 

As with any process, once documented, we can then develop it further as knowledge increases about improved methods to accomplish risk management.

Is the risk management process for managing quality any different from a traditional risk management process?

Traditional risk management usually looks to identify risks that result in financial or schedule issues for a project or business. When contrasted with Quality risk management, it is focused on identifying risks that will affect the quality of a product or service; here are some further characteristics to consider:

Traditional Risk ManagementQuality Risk Management
Risk management focusses on cost and scheduleRisk management focusses on quality of product/service
Often sporadic or project focussedOngoing and proactive
Often financially drivenCustomer focussed
Fragmented approach (program or function-specific)Organizational
Risks are mitigated based on functional approachRisks are mitigated on enterprise knowledge
Risks are project/functionally ownedRisks are owned by enterprise leadership
Ad-hoc processesProcesses aligned to common standards

Examples of Quality risks

Let’s now look at some examples of risks that might impact quality.

  1. There is a risk that quality control issues can result in defective products that lead to customer harm and product recalls.
  2. In healthcare, there is a risk of failure in clinical trials that results in products unable to be used by patients.
  3. There is a risk that dependencies emerge on a single supplier for critical components, and impacts to that organization may affect the producibility and/or quality of products.
  4. There is a risk of non-compliance to regulatory requirements, which may pose threats to the viability of products manufactured and thier ability to be distributed.
  5. There is a risk of inferior or replica products/components being sourced within the supply chain have reduced levels of quality that may affect the final product.
  6. There is a risk that intellectual property is breached in the production process resulting in legal action and financial impact.
  7. There is a risk of incompatibility with other products (i.e. other medications) that may result in an adverse reaction by the customer.
  8. There is a risk that a lack of supplier diversity may impact the development or manufacture of products.
  9. There is a risk that inadequate capacity for production and storage may affect the output of the product.
  10. There is a risk that limited access to key technologies and equipment may impact the quality of the product.

Why should we track risks that affect quality?

While traditional risk management has an approach of capturing and mitigating program-specific risks that may affect program deliverables, tracking quality risks is much more of an enterprise-led activity.

There are several reasons why we track risks that affect quality these include:

  • Failure to manage risks that affect quality can have significant impacts on a business, from a direct impact on a customer, 
  • Affected certification of standards, financial consequences (not just dips in revenue but the potential for fines) 
  • Informing stakeholders (both customers and regulatory) of potential hazards
  • Helps to tune processes to deliver improved quality output

Who should be involved in the quality risk management process?

As we’ve indicated, one of the major differences in tracking risks that affect quality to more traditional risk management is that it’s an enterprise-level activity.

As such, leadership play an active role in the process.

Leadership is required to both enable and sustain an environment where the management of risks that affect quality is seen as both strategic (ensuring our products attain high levels of quality) and tactical (ensuring enabling processes and methods exist) and is fully integrated into the development and production processes.

Through this, we can ensure that all employees can engage in risk management.

Benefits of Quality Risk Management

As we have shown, there are various benefits of managing risks that may affect quality; these include:

  • Improved customer benefits (i.e. in healthcare, through thorough risk management, positive patient outcomes are increased)
  • Compliance with regulatory and certification needs
  • Better awareness of processes that may lead to impacts to quality
  • Enterprise Engagement
  • Helps identify areas for improvement
  • Increases levels of transparency

Issues with Quality Risk Management

Risk management is not without challenges; there are various difficulties that may emerge; these include:

  • Ineffective process
  • Lack of engagement in the process
  • Leadership not engaged
  • Inexperience in identifying risk
  • Functional process rather than organizational
  • Risk management is ad hoc and not sustained.
  • The process focuses on identification, not mitigation.


Quality risk management is a methodology that supports the enterprise-wide review and control of risks that might affect quality at all stages of the product and service delivery life cycle.

It is common across many industries and gets particular recognition in the pharmaceutical industry.

Whilst the process may be traditional, quality risk management focuses on increasing levels of quality, not just financial and schedule.

As the process is enterprise-wide, it is highly likely to involve organizational leadership in the process.

We’d love to hear how your organization manages quality risks; as ever, you can reach us via Twitter or via the comments section below.