**2. Methodology, the risk management model**

When taking decisions, our aim is to take the right ones. However, because of human limitations in terms of information, knowledge, skills, etc., this is easier said than done and, thus, we are obliged to be pragmatic and "take as little risk of being wrong as possible". To meet this end we use risk management (RM), which is defined as the process of assessing, controlling, communicating and reviewing risks affecting the object of study [3].

We speak of quality risk management (QRM) when risk management focuses on protecting the quality of the products.

As shown in **Figure 1**, any RM process starts by defining the object of study or "action field" (item, procedure, unit) and then, getting as much as possible

#### **Figure 1.** *RM: concepts and organization.*

#### *Dealing with Unforeseen Circumstances. Implication of Risk Management in the COVID-19… DOI: http://dx.doi.org/10.5772/intechopen.97408*

information on it. With this information and some amount of experience, it is possible to detect potential problems (hazards or failure modes) and assess their respective level of significance or criticality.

Risk analysis tools facilitate the organization and assessment of the existing data. The objective is to be able to list the critical hazards or failure modes that require control actions. Those considered non-critical, because of their low level of significance, can be left aside and, thus, we can concentrate our resources and efforts to manage the critical ones.

This process is a cyclical one, because the objects of study can be subjected to technological and methodological improvements or regulatory amendments, which can modify our risk assessment and, thus, affect risk management. In the lower part of **Figure 1** are shown different tools that we can use in risk analysis. All are perfectly valid, although they provide the best performance when used in the most appropriate manner. It is important to keep in mind that they are not miraculous weapons that reveal to us what we do not know. They only organize the information we already have [3].

The level of knowledge and experience determines, in general, the worth of the risk assessment and, in particular, the accuracy of the determination of risk. As it is well known, this can be done either qualitatively or quantitatively. If there are enough data, a quantitative risk estimation is, evidently, preferable, but if this is not the case, a qualitative estimate will do. We should bear in mind that "inventive determination" of risk values does not help and can mislead. It is also possible that as our analysis progresses we get more information, allowing more accurate risk assessments. In all this process, common sense is a very valuable ally.

Regarding risk analysis tools, there is a certain tendency to assimilate risk analysis to Failure Mode, Effects & Criticality Analysis (FMECA) and to privilege this tool in an abusive way. FMECA is an excellent tool for well-known processes and items, because it allows quantifying the risk, and this is a powerful ally in case of continual improvement, where it visualizes the evolution, which is achieved. However, it is easy to come to too subjective risk assessments when applying FMECA to situations for which there is little knowledge and experience [4, 5].

In emergency situations, which are by definition little known, we propose to analyze risk by using simpler tools such as Primary Hazard Analysis (PHA) or Failure mode and effects analysis (FMEA) and to appraise it qualitatively at two levels: "low" (insignificant or non-critical) and "high" (significant or critical).

**Table 1** shows a model of chart for PHA. As we can see, the first column serves to indicate the item that is studied. Then, in the second column are listed all the possible hazards that loom on the item. In the following columns are described the possible causes and effects of the identified hazards. With the information written in the former four columns, it is possible to assess the importance of the hazards. If they are deemed significant, it is necessary to take actions, which are described in the last column.


**Table 1.** *Example of PHA table.*


**Table 2.** *Example of FMEA table.*

**Table 2** shows a model of chart for FMEA. The first column serves to indicate the process stage that is studied. Then, in the second column are enumerated all the possible modes of failure. The following columns are the same that we described above for PHA.

As one can see, both tools are similar, although FMEA focusses on processes, whereas PHA is more general and centers on items.

The main obstacle to overcome while using these tools is to be able to detect all existing hazards or failure modes.

When using PHA, there is no general rule for determining the possible hazards. Each case has a particular approach and it is necessary to use a comprehensive rationale to determine hazards and not to leave aside any of them. Below, are given some practical examples of how to tackle this issue.

Instead, it is possible to say that FMEA is more straightforward, because the keyelement for the analysis of a process is its flowchart, which decomposes the process in stages. Then, each stage is studied in order to identify possible failure modes.

PHA and FMEA contain columns intended for the examination of "causes" and "effects". However, they are not always necessary, as shown in the examples that we provide below. When you are assessing, for instance, a disaster, the cause is obvious (the same disaster or an evident consequence of it) and the effect is manifest too (the damage). In these cases, when it is clear that the information contained in one or in both of the columns is worthless, they can be set aside.
