In the first post in this series on risk management, we discussed the importance of articulating a risk by describing the condition, the negative outcome, and the critical element (patient safety or critical data) that would be negatively impacted. In this post, we consider how to mitigate risks.
Here's our sample risk:
"Using a new ePRO vendor that we didn't qualify via an audit [condition] increases the risk of data loss or corruption [negative outcome] to one of our key efficacy endpoints [critical element]."
To mitigate the risk, you focus on changing the condition that increases the risk. In this example, we have two conditions that raise the risk: The fact that the ePRO vendor is new to us (novelty), and the fact that we didn't follow our standard process for qualifying the vendor via audit prior to study start, due to the fact that we were in such a hurry (cutting corners).
How can we change these conditions? We could qualify the vendor now, even after the study has started. We might discover issues that would have prevented us from selecting them in the first place, but better to learn about those issues now than mid-crisis.
Alternatively, or in addition, we could institute some closer oversight measures until we "know" the vendor better. For example, we could QC a sample of their work on a regular basis, or institute an in-process audit early in the study to identify concerns.
How we articulate a risk matters. We need to understand the underlying condition that increases risk so we can focus our mitigation steps on that condition. Imagine if we described the risk, "Increased risk of data loss our corruption using ePRO." If we have no information about the condition that increases the risk, we might tackle the wrong problem. Conversely, if our risk were worded, "Using an ePRO device that depends on wireless data in four regions with varying levels of wireless coverage increases the risk of data loss or corruption to one of our key efficacy endpoints," that would lead us in another direction entirely.