search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
RISK MANAGEMENT


uncertainty may remain close to critical limits despite ongoing optimisation, meaning that the potential for patient misclassification cannot be completely eliminated.


Residual risks also exist within


processes. Despite well-structured courier arrangements, there may remain a risk of delayed sample transport from remote sites, which could impact turnaround times for urgent examinations. Likewise, laboratory information system (LIS) downtime may still occur even when monitoring and backup procedures are in place. These examples highlight that residual risk is not confined to analytical methods, but extends across the pre- analytical and post-analytical phases of the testing pathway. Deciding how to respond to residual


risk requires benefit–risk analysis, and of course a good business continuity plan – but that’s a story for another day. The key question is whether the benefit of continuing with an assay or process outweighs the potential harm that might result from the risks that cannot be further controlled. For example, a diagnostic test that provides uniquely valuable information may be acceptable even if some residual imprecision remains, provided the limitations are understood and clearly communicated. Conversely, if a process or assay shows recurring deficiencies that cannot be corrected, the balance may tip towards replacement or withdrawal.


It is also important to recognise


that residual risk is dynamic, not static. Controls may reduce risk over time, allowing audit frequency to be reduced. Conversely, deterioration in performance, staff turnover, or changes in clinical practice may increase residual risk, demanding closer scrutiny. By explicitly considering residual risk within audit and review cycles, laboratories ensure that these decisions are transparent, proportionate, and continuously aligned to patient safety.


Practical implementation framework


Designing and maintaining a risk-based audit programme is best approached as a structured cycle. The aim is not to create an additional layer of paperwork but to embed a clear, repeatable process that prioritises patient safety and ensures that all examinations and processes are covered proportionately within the accreditation cycle. A practical stepwise roadmap might follow these stages: n Map the audit landscape. Define the scope of examinations and processes that fall within the laboratory’s remit.


26


Risk tier High


Medium Low Audit frequency Frequent (eg quarterly) Regular (eg annual)


Less frequent (eg every 2–3 years, but always


within accreditation cycle) Review depth Full deep-dive audit,


detailed review of records, staff interviews


Standard audit, review of key indicators and records


Governance pathway Management review +


escalation to organisational governance where required


Management review


Light-touch audit, confirm Local quality management ongoing suitability and compliance


lead Table 3. Suggested (and only suggested) risk-based periods of review and audit based on clinical risk.


This should include assays, platforms, and critical processes across the pre-analytical, analytical, and post- analytical phases.


n Apply risk scoring. Assess each item against agreed risk criteria, considering severity of potential harm, likelihood of occurrence, and detectability (see previous articles in this series, its been discussed in all aspects!). This ensures that audits are targeted where they will have the greatest impact.


n Assign audit frequency. Use the risk score to set a proportionate schedule, ensuring that higher-risk examinations and processes are reviewed more frequently while lower-risk items are covered less often but still within the accreditation cycle.


n Conduct and document audits. Carry out the audits, capturing evidence of compliance, areas for improvement, and residual risks that remain despite existing controls.


n Integrate findings into governance. Feed outcomes into the risk register, management review, and corrective or preventive action systems so that they are acted upon, not simply recorded.


n Evaluate residual risk. Decide whether the risks identified can be accepted, require further action, or need escalation. This step links audit outcomes with benefit–risk analysis and ensures transparency in decision- making.


n Reassess and adjust. Recognise that audit schedules are dynamic. Where audits show sustained good performance, frequency can be reduced. Where deterioration or new risks emerge, frequency and depth must be increased.


This roadmap ensures that auditing is not static but evolves with the laboratory’s performance and clinical context. The principle of proportionate response to risk, central to ISO 22367, is reflected in the scheduling of audits as shown in Table 3 (used for example purposes only – I am not writing a guideline here!). The use of tiers provides flexibility. Laboratories can tailor schedules to their


scope and resources while still ensuring that all assays and processes are audited proportionately. By linking the framework explicitly to residual risk, it also becomes a tool for continual improvement: as risks are reduced, audits can become less frequent; where new risks arise, they must be revisited more often and in greater depth.


Conclusions Internal audits and periodic reviews of examinations are fundamental to delivering safe and reliable laboratory services. When approached as compliance exercises, they risk becoming a cycle of paperwork with little tangible benefit. When designed around risk, however, they become powerful tools for safeguarding patients, supporting staff, and driving continual improvement.


A risk-based audit schedule ensures that attention is focused where the potential for harm is greatest, whether in a high-impact assay or a critical laboratory process. Periodic reviews confirm that examinations remain clinically relevant, analytically sound, operationally feasible, and supported by an appropriate workforce. Together, these activities provide assurance that the service continues to meet patient and clinical needs in a changing environment. Crucially, audits and reviews must not stand in isolation. Their findings should feed directly into the risk register, management review, and wider governance processes, ensuring that improvements and best practice are shared rather than siloed. By embedding this cycle of risk-based assurance, laboratories can move beyond compliance to deliver proactive, evidence-driven improvements that directly support patient safety.


Dr Stephen MacDonald is Principal Clinical Scientist, The Specialist Haemostasis Unit, Cambridge University Hospitals NHS Foundation Trust, Cambridge Biomedical Campus, Hills Road, Cambridge CB2 0QQ.


+44 (0)1223 216746. OCTOBER 2025 WWW.PATHOLOGYINPRACTICE.COM


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56