Tiny Tentacles of Risk

The Culture Shift: Risk is Everyone’s Job

One of the biggest takeaways from Christie’s conversation with Enzyme is the FDA’s expectation that companies move beyond viewing risk management as a compliance task. Instead, risk-based thinking needs to be part of leadership, decision-making, and daily work at every level.

She points to Comment No. 27 in the FDA’s final QMSR rule, which makes it clear: the FDA expects medical device companies to embrace a culture of quality as a foundational principle for ensuring patient safety. That means leadership—CEOs, CTOs, R&D heads—shouldn’t just approve risk management files. They need to be actively engaged in risk reviews, decision-making, and approvals.

Want to dig deeper? Here are some resources to help you understand these expectations:

↗ FDA’s Final Rule on QMSR

↗ Intersection of ISO 13485 and ISO 14971 under FDA QMSR

↗ IMDRF Guidance on Implementing Risk-Based Thinking in QMS

↗ FDA QMSR Through The Lens Of Risk Management

↗ Hungry to learn about ISO 14971 and QMSR?

Risk Files Shouldn’t Collect Dust

A static risk management file isn’t going to cut it under QMSR. As Christie puts it, risk management needs to be a living, breathing process—something teams actually reference and update as products evolve. If risk management is tucked away in a binder or limited to one person’s desk, it’s a sign the company isn’t ready for the FDA’s new approach.

A risk management file should be a daily tool, not just a document. Regular updates and cross-functional input ensure it stays relevant, guiding decisions and improving product safety.

For companies looking to rethink how they manage risk, here are some practical tools and strategies:

↗ Look outside our industry for ideas - Dynamic Risk Management in Finance

↗ Templates for Integrating Risk into Design and Development

↗ Using Quality and Risk as Tools, not Hurdles

Building a Risk-Conscious Team

One of Christie’s favorite strategies for getting teams to take risk management seriously is to get out of the boardroom. When you remove people from their usual setting, you often get more honest conversations about what’s really preventing quality and risk management from being embedded in the organization.

More importantly, employees need to feel safe speaking up about risk. If people fear repercussions for raising concerns, problems will go unreported until they turn into something bigger and more expensive.

Here’s how you can start making risk an everyday conversation:

↗ Harvard Business Review: Psychological Safety and High Performing Teams

↗ Why risk practitioners must build empathy muscle

↗ Avoiding Reactive Quality Management

↗ Building Startup Quality Culture