The 3 Types of Quality Risk Management Tools and What They Do Best

Quality risk management (QRM) is a crucial process for ensuring the safety and efficacy of drugs throughout their lifecycle, from development to commercial manufacturing. By proactively identifying and managing potential risks, manufacturers can minimize the chances of quality issues arising and ensure that the final product is of high quality and safe for patients to use. Implementing a QRM process involves a structured approach to risk assessment, management, and control, as well as ongoing monitoring and reassessment of identified risks. In this blog post, we will dive deeper into the topic of QRM and explore its importance in the pharmaceutical industry.

According to the International Council for Harmonization (ICH), QRM foundations are supported by two primary principles:

  1. Scientific knowledge should be the basis of any risk to quality, with the aim of protecting the patient.
  2. Investment in QRM activities’ effort, formality, and documentation should be proportional to the level of risk.

This process should be considered in a holistic, proactive, and systematic manner, meaning that QRM should be an integral part of the pharmaceutical quality system, focused on identifying and evaluating potential risks throughout the product lifecycle. Being proactive involves anticipating and addressing potential risks before they occur, while a systematic approach requires a structured and consistent methodology capable of identifying, assessing, controlling, and communicating risks. Risk management should also consider the continuous monitoring and reassessment of identified risks to ensure that the risk management strategies remain effective.

Figure 1 – Overview of a typical QRM Process (ICH, 2023)

Figure 1 – Overview of a typical QRM Process (ICH, 2023)

As an initial phase of a QRM process, the subject matter experts (SMEs) must ensure a set of premises to guarantee an efficient risk assessment exercise, encompassing the correct description of the problem, its scope, and the goal of the risk assessment. This characterization will facilitate the selection of the most appropriate QRM tools from the set of structured and standardized tools that any organization should have available.

This post divides these risk management tools into three categories, highlighting the benefits and limitations of each QRM strategy and providing suggestions for their ideal application:

  1. Simple brainstorming tools
  2. Simple risk analysis tools
  3. Complex risk classification tools

Simple Brainstorming Tools

Simple brainstorming tools are the most commonly used tools in a QRM process, whether for gathering data and information or characterizing the process, product, or entity being assessed. These tools are often used in the initial steps of a QRM workflow and can be used as prerequisites to more risk-focused analysis and complex risk classification.

Process Mapping Decision Trees Mind Maps The 5 Whys
A schematic of the process steps in a sequential display, defining resources and potential outcomes.

A semi-linear and branched flowchart of every possible outcome and decision alternatives for a specific problem.

A diagram designed around a central concept with smaller branches to generate key words and discussion of the initial idea. A sequential interrogation of the issue by asking “Why?” five times. Each answer is the basis of the next question.
Big Benefit: Completely standardizes work processes from beginning to end. Big Benefit: Can assign very specific values to each problem, decision path, or outcome. Big Benefit: Enables “meaningful learning” in which the user connects new knowledge to preexisting knowledge. Big Benefit: Highly capable of identifying and analyzing the root cause of the problem or deviation.
Expert Advice: Be sure to include process measurements, such as the time needed for each step. Expert Advice: The end result of this process is often the start of another decision. Expert Advice: Allows for a less sequential version of a process mapping logic. Expert Advice: Be sure to distinguish causes from symptoms or causal factors.

Although their influence is often less direct than risk analysis or risk classification, these simple brainstorming tools can be critical to planning subsequent QRM activities or can act as complementary follow-ups of more in-depth analysis. For example, having multiple associations between a problem and potential impacts described with a “mind map,” using this knowledge in a cause-and-effect analysis will allow the ranking of these associations and focus on the most impactful ones.

Simple Risk Analysis Tools

Despite being referred to as "simple tools," these offer a much more sophisticated approach than basic brainstorming by enabling cause-and-effect risk analysis. This analytical process is crucial for identifying potential risks and understanding the relationship between various risk factors, therefore playing a crucial role in facilitating a comprehensive and effective risk management strategy.

Ishikawa (“Fishbone”) Diagram Cause-and-Effect Matrices
A simple branching diagram focusing on the most influential inputs of each output. A matrix showcasing every possible input and output allowing them to establish their relationships.


  • Encourages group participation
  • Utilizes an orderly, easy-to-read format
  • Presents possible causes of variation
  • Keeps the focus on the problem


  • Allows for numerical quantification
  • Can rank the most important factors according to product quality
  • Can be a basis for a more structured design of experiments (DOE)


  • Not suitable for overly complex problems or problems with multiple effects
  • Typically a result of opinions rather than evidences
  • Does not highlight which problems to prioritize


  • Not suitable for problems with multiple effects
  • Most useful as an input method for subsequent risk management tools

The fishbone diagram, originally developed by Kaoru Ishikawa in the 1960s, has become a valuable tool for quality management in drug manufacturing and development. This diagram is uniquely designed to map out the various steps of a process, pinpoint potential quality control issues, and determine the necessary resources to address any deviations. The diagram depicts causal factors as "fish bones" which contribute to the final outcome, represented by the "fish head." By utilizing the fishbone diagram, manufacturers can effectively identify and manage potential risks throughout the product lifecycle, leading to improved quality and patient safety.

Figure 2 – Example of a fishbone diagram

Figure 2 – Example of a fishbone diagram

Similarly, the cause-and-effect matrix is a risk analysis tool that evaluates the relationship between different causal factors and their resulting effect. Unlike the fishbone diagram, the matrix method is better suited for assessing problems with multiple causal factors, but it may not illustrate interrelated patterns as effectively. Nonetheless, both simple risk analysis tools are important for informing more advanced QRM tools and building an effective quality management system (QMS). By using these tools, manufacturers can better identify and manage potential risks throughout the product lifecycle, leading to improved product quality and patient safety.

Complex Tools for SOD

The most complex QRM tools are designed to classify the previously identified and characterized risks by assessing their severity, occurrence, and detection (SOD). Using the gathered knowledge about every process parameter, correlation, and potential hazard or risk, the first goal is to answer these questions:

  1. How severe is it?
  2. How likely is it?
  3. How likely is it to be detected?

The result of answering these questions is the risk priority number (RPN), which is a combined calculation of SOD used to quantify and prioritize the risk of each failure mode.

Preliminary Hazard Analysis (PHA)
Ideal for the analysis of different systems and the early stage of product development
Failure Mode and Effects Analysis (FMEA)
Assessment of possible failure modes and their effect on product quality and performance


  1. Select the process for analysis
  2. Identify hazards and generic causes of danger
  3. Assess the extent of damage and/or severity value
  4. Define the occurrence and document the findings
  5. Obtain RPN and deploy mitigation actions


  1. Identify known and potential failure modes and related effects
  2. Determine the severity, occurrence, and detectability values
  3. Obtain RPN and prioritize the different failure modes
  4. Define mitigation actions based on prioritization
  5. Define residual risk and output a summary report


  • Provides a primary record of hazards and their damage
  • Provides information for resource allocation
  • Quick review and delineation of specific risks


  • Breaks complex processes into manageable steps
  • Stimulates open communication
  • Prioritizes risk as the underlying measurement
  • Monitors the effectiveness of risk control activities


  • Highly dependent on team knowledge
  • Does not identify improbable risks
  • Does not assess the risk of combined hazards of coexisting failure modes


  • Time-consuming due to the detail involved
  • Requires significant scoring upon completion

A Preliminary Hazard Analysis (PHA) is a powerful tool for product development, particularly in the early stages of the design process. At this stage, modifications are more cost-effective and simpler to implement. By anticipating delays and addressing them earlier in the development pipeline, the PHA can also reduce design time.

Similarly, a Failure Mode and Effects Analysis (FMEA) can proactively identify and address potential problems before they arise. Although FMEA is the most resource-intensive and time-consuming of the QRM tools, it can also serve as the foundation for system design elements and process controls across the entire product pipeline. By utilizing PHA and FMEA, manufacturers can optimize their development processes and produce higher-quality products with improved safety profiles.


Managing risk effectively can be a significant challenge, particularly when the QRM process is not systematically organized throughout the company. This underscores the need for a dedicated QRM system that can streamline and centralize all activities related to identifying, quantifying, and prioritizing risks.

Quality risk management digitalization is a process that consolidates these activities into a single platform. When implemented correctly, this approach enables a centralized and holistic QRM process that connects the entire organization, ensures coherence in processes, and facilitates knowledge preservation and utilization. By optimizing your QRM process through digitalization, you can improve efficiency and bring new levels of optimization to your product development and manufacturing.

  1. “Quality Risk Management Q9(R1)”, ICH. Accessed on January 3, 2023.
  2. “Fishbone diagram”, Wikipedia.

The opinions, information and conclusions contained within this blog should not be construed as conclusive fact, ValGenesis offering advice, nor as an indication of future results.