7. ATENCIÓN CERRADA Y AMBULATORIA DE ESPECIALIDAD
7.2. ETAPAS DEL PROCESO DE PROGRAMACIÓN
Very few people have actually been educated or formally trained to be risk managers. There are an infinite variety of ways to approach all or some subset of the tasks described in this chapter. It’s helpful to have mental models that inform people about how an organization handles the risk management task. In the world of risk management, there are a few relatively generic models and many more organization- or application-specific models.
One of the earliest models of risk management, shown in Figure 3.12, comes from the so-called Red Book (NRC 1983). In the early days of risk analysis, risk assessment was the centerpiece of the risk analysis process. Figure 3.12 shows that risk assessment is supported by research. Risk man- agement in a government regulatory context is rather crudely depicted as a matter of formulating and choosing the regulatory option to use to respond to the assessed risks.
It is not much of a stretch to suggest that in the early days of risk analy- sis the general recognition of the existence of a risk initiated the conduct of a risk assessment. Risk management was more of a reaction to the risk assessment than the proactive, directive and foundational step it is becom- ing today.
One of the first more evolved generic risk management models offered in the United States was developed by the Presidential/Congressional Commission on Risk Assessment and Risk Management in 1997. It is shown in Figure 3.13. It begins with defining the problem and decision context and proceeds through a series of seven mostly distinct steps in an iterative fashion.
Once the problem is defined, risks are identified and assessed, RMOs are formulated, and the best option is chosen in the decisions step. Implementation occurs in a series of actions, and the success of the RMO is subsequently evaluated. This can lead to another iteration of the risk management process. At the center of the process is stakeholder involvement.
One of the more widely applied risk management models was developed by the International Organization for Standardization (ISO), ISO 31000, “Risk Management—Principles and Guidelines.” The basic model is shown
FIGURE 3.12
Elements of Risk Assessment and Risk Management
Laboratory and field observations of adverse health effects and exposures to particular agents Information on extrapolation methods for high to low dose and animal to human.
Field measurements, estimated exposures, characterization of populations
Research Risk Assessment Risk Management
Hazard identification (Does the agent cause the adverse effect?)
Development of regulatory options Evaluation of public health, economic, social, and political consequences of regulatory options
Agency decisions and options
Risk characterization (What is the estimated incidence of the adverse effect in a given population?) Dose Response
Assessment (What is the relationship between dose and incidence in humans?) Exposure assessment (what exposures are currently experienced or anticipated under different conditions?)
Source: National Research Council. Committee on the Institutional Means for Assessment of Risks to
Public Health. 1983. Risk Assessment in the Federal Government: Managing the Process. Washington, D.C.: National Academies Press.
in Figure 3.14. It is not specific to any industry or sector, and it can be applied to any type of risk, whatever its nature, whether it has positive or negative consequences. The draft model shown lends itself more to the simpler sum- mary purpose of this chapter. The final ISO risk management model differs slightly in appearance but not at all in substance. Be forewarned that ISO defines terms rather differently but at its heart is consistent with the process described in this chapter.
The ISO model has five steps and two ongoing processes, as seen in Figure 3.14. It begins by establishing the decision context. This is followed by three steps that comprise the risk assessment process. Risks are identified and then qualitatively or quantitatively described in an analytical step (not to be confused with the overall risk analysis process) that produces infor- mation that enables risk evaluation. Risk treatment involves selecting one or more options for modifying risks and then implementing those options. Communication and consultation among managers and assessors as well as with external stakeholders takes place throughout the process. Monitoring and reviewing embodies the iterative nature of the risk analysis process as well as the kinds of tasks discussed in the body of this chapter.
FIGURE 3.13
Risk Management Framework
Problem/ context Evaluation Risks Engage stakeholders Decisions Actions Options
Source: Presidential–Congressional Commission on Risk Assessment and Risk Management. 1997. Framework for Environmental Health Risk Management, Final Report, Vol. 1, Washington, D.C.
In addition to these generic models, there are infinite varieties of appli- cation/organization-specific risk management models. One such model is presented in Figure 3.15 as an example. This model is a microbiological risk management model (FAO 2003) to be applied to food safety problems. The details of this model are less important than the greater point that there is no one right way to do risk management. There are generic models that can be adapted for specific use; the ISO 31000 is a good example. In addition, there are any number of organization/industry/application-specific models. The best of all of these embody most if not all of the tasks described previ- ously in this chapter.
What is most important for any organization that seeks to do risk analysis is to develop their own risk management model or adapt and adopt one of the existing models. Risk management is a process. People must know and use the process; that means the organization must have one!
FIGURE 3.14
Risk Management Framework
Establish the context
Risk treatment Risk evaluation Risk analysis Risk identification
Communication and consultation
Monitor and review
Risk assessment
Source: Adapted from International Organization of Standardization. 2009. Risk Management: Principles and Guidelines. Geneva.
FIGURE 3.15
Microbiological Risk Management Model
Food safety issue identification Risk profile Implement food control measure Monitoring and review Commission MRA Present and consider MRA results Establish MRA scope, purpose and policy Conduct MRA Immediate
action regulationsExisting
Collect more information, do research Do nothing Risk management decision No food safety justification Sufficient information to act Interim action Limited assessment Consider issue Consider information Urgent Need more information Set FSO Articulate ALOP Risk management options assessment Interaction between risk assessors, risk managers, and stakeholders Define scientific needs
Source: Food and Agricultural Organization of the United Nations. 2003. Guidelines for Microbiological Risk Management. Orlando, FL: Codex Committee on Food Hygiene.