This worksheet, whilst not as rigorous as a FMECA, enables a more detailed assessment than the simple risk assessment template.
At the top of the RAPAT “Technical Risks (Detailed)” worksheet, the “Risk Sheet Completion Status” will initially be set to “Not started”. Use the dropdown list to change this to “In progress”, “Completed” or “Updated” as appropriate.
At the bottom of the worksheet is the risk matrix used to assess the level of risk, see further guidance below. This needs to be defined for the project application ahead of the risk assessment.
Populate the Detailed Technical / User Risk Assessment table (using the guidance below and in the table) at an appropriate level of component granularity, adding further requirements and associated risks using the “Add Row” button as required. The technical risk dashboard at the top of the worksheet is automatically populated and provides an overview of the identified risks.
A generic 5 x 5 risk matrix is provided to assess the level of risk. This includes 5 columns which define the levels of consequence severity. Generic example business, user and technology consequences are provided for the example severity levels (negligible, noticeable, significant, major and catastrophic). These example definitions should be modified as required to align with the device/equipment application and any required industry regulations/codes/standards.
The risk matrix includes 5 rows which define the likelihood of the risk occurring. Two generic example likelihood scales are provided, one based on number of uses and the other on time periods. These definitions should be modified as required to align with the device/equipment application and any required industry regulations/codes/standards. It is important that time/use scales reflect the user application - definitions for a device used several times a day may need to be different to those for a device used once a month or once a year or for a disposable device used only once.
The risk criticality matrix includes 5 default risk criticality levels (very low, low, medium, high and very high) with the risk criticality level for a specific risk likelihood and consequence severity combination determined from the corresponding cell colour on the risk matrix i.e. red cells correspond to very high criticality. If the risk criticality level for a specific risk matrix cell needs to be changed, this can be done by selecting the appropriate risk criticality level from the drop-down list in the relevant matrix cell. The risk criticality levels can also be renamed if required - this must be done in the key below the risk matrix and the individual matrix cells updated where relevant by selecting the new criticality name from the drop-down list. Any previously assessed risks already recorded in the worksheet risk table will also need to similarly have their mitigated risk criticality levels updated.
The “Requirements” worksheet identifies the functions and requirements for the device/equipment. For each of these, list the requirement and performance target in the risk register and then identify the associated risk (what could happen to stop the requirement being met) e.g. how the device could fail and what could cause this. Some functions/requirements may have multiple risks which may need to be captured on separate rows. Risks could be a result of design or manufacturing errors (e.g. incorrect material specification), damage during transit or incorrect use, storage, testing or maintenance by users, etc. Each row is automatically given a unique reference number for traceability.
Use the risk matrix definitions to identify the likelihood and the consequence severity of the risk and select these from the drop-down lists. The risk criticality will be automatically populated from these based on the corresponding risk matrix cell. Note any assumptions made in assessing the level of risk.
Identify what can be done to mitigate and control the risk - this is particularly important for high and very high criticality risks. Examples include use of alternative materials/parts, manufacturing quality control checks, improved product labelling, instructions and user training. The mitigated risk criticality column is used to understand the effectiveness of the mitigation action - consider the extent to which the mitigation action has reduced risk likelihood or the consequence severity, and from this, identify the mitigated risk criticality using the drop-down list. It is unusual for both the likelihood and consequence severity to be reduced.
Each mitigation action should be assigned an owner, who has responsibility for ensuring the action is implemented, and a target completion date. The status column reflects the current status of the action i.e. not started, in progress, complete and no action required.
All risks will initially be displayed as an unmitigated risk on the risk dashboard.
For risk requiring a mitigation action, once the mitigation action status is set to “Completed”, the risk will be moved to the mitigated row of the dashboard and show the mitigated risk level. If the mitigated risk has not been specified, then the unmitigated risk value will be carried forward as the mitigated risk.
Risks not requiring a mitigation action will remain in the unmitigated row of the dashboard. It will not be possible to select “Completed” in the risk action status column.
