Automated Enterprise Risk Management in Life Sciences

Favorites

Download

The life sciences industry has always been under close scrutiny, leading to rising audit burdens, quality inspections, and fines. As a result, there is a continuous threat of losing reputation and public trust, resulting in low net worth and decreased stakeholders’ confidence. Pressure to track consumer usage, continuously monitor the history and life cycle of a drug increases risks in conducting business operations.

To overcome these risks, life sciences industry need to adopt a more proactive and structured enterprise risk management (ERM) system. Risk Managers in life sciences industry, today, are assigned the critical role of recognizing and eliminating the inherent risks (endangering the safety or performance), minimizing their effects, evaluating the controls and remedies, documenting the procedures, and so on.

This paper discusses the risks and challenges in life sciences industry and elaborates on automated solutions for managing these risks. Though the scope of the industry is far and wide, this paper focuses primarily on pharmaceuticals, biotechnology, and medical devices and services industry.

Types of Risks in Life Sciences Industry
Risks in life sciences industry can be broadly categorized into:

• Clinical Trials: Clinical Trial conducted during the development of the drug , is often threatened by risk of the negative or even fatal side effects of the drugs on the participants.
• Controlling Costs: Proactively identify, track and resolve safety and quality issues by creating a transparent and integrated environment where decisions are based on hard facts and metrics
• Increased Competition: Increased competition impacts market share and can jeopardize product development.
• Product Safety Risks: Life sciences industry has stringent regulatory requirements for releasing product in the market. Post product release, companies face severe issues associated with product safety in usage, hazards related to product usage and any legal lawsuits which can negatively impact company’s brand.
• Intellectual Property Risk: Life sciences businesses capitalize out of the intellectual property asset such as patents, copyrights and trademarks. This brings in the risks of theft, misappropriation or misuse of intellectual property.
• Patent Related Risks: Pharmaceutical companies spend enormous R&D budget to invent drugs and apply for patents to capitalize in future. Patent expiration poses serious risks associated with future earnings.

Regulatory Risks
Life Sciences industry is governed by a number of regulations like Electronic Common Technical Document (eCTD), Electronic Records 21 CFR Part 11, Prescription Drug Marketing Act (PDMA), and Current Good Practices (CGXP). Failure in adhering to these regulations raises the risk of regulatory noncompliance which can result in penalties, inspections, product recall and even plant shutdowns.

Ethics and Integrity Risk
Ethics and integrity risk arise in life sciences industry during product manufacturing, marketing and distribution. Corrupt, illegal pricing schemes, inducements to customer by sales representatives to purchase products and misbranding are some of the common practices which can severely impact companies.

Operational Risks
Operational risks arise during research and development of products, product manufacturing capacity planning, expansion, product commercialization, mergers and acquisition and supply chain.

Environment Health & Safety Risks
Pharmaceutical, bio technology and medical device product development process has significant impact on environment, health and safety of the employees and overall community. Risk arises from strict regulatory requirement of environmental agencies such as Environmental Protection Agency (EPA), OSHA for work environment and regional and multiple international regulations.

Risk Management Approach
Life sciences companies are advised to follow an enterprise wide risk management approach which includes:

• Identifying hazards associated with the components;
• Estimating and evaluating the associated risks; and
• Controlling these risks and monitoring the effectiveness of the control.

An organization needs to prepare a formal risk management plan that defines the scope, roles and responsibilities, requirements for review of risk management activities and criteria for risk acceptability. The approach shall include the following steps:

• Risk Analysis: It identifies characteristics related to the safety of the product, recognizing known and unforeseen hazards, and estimating risks for each hazard.
• Risk Evaluation: For each identified hazard, the manufacturer decides, using the criteria defined in the risk management plan, whether the estimated risk(s) is so low that risk reduction need not be pursued.
• Risk Control: It involves identifying appropriate risk control measures, and recording risk control requirements.
• Risk Reduction: When risk reduction is required, the manufacturer follows the process to control the risk(s) so that the residual risk(s) associated with each hazard is judged acceptable.
• Post Production Information: The manufacturer establishes and maintains a systematic procedure to review information in the post-production phase.

The MetricStream solution provides a common framework and an integrated approach to manage cross-industry mandates and regulations such as SOX, FDA (cGMP, CFR), OSHA, EH&S, and Data Management laws.

The key benefits realized by MetricStream customers are:

• Reduced Noncompliance Risk: By adopting an integrated systems-oriented approach, with compliance built into each system, helps organizations adhere to regulations and standards such as FDA 21 CFR Part 11, Part 210-211 and ICH Q7A; thereby reducing non compliance risks.
• Increased Real-Time visibility: By virtue of GRC platforms, organizations can accelerate production and release cycle by gaining real-time visibility into the quality and document management process and its key performance metrics.
• Lowered Cost: The solution helps in building operational efficiencies in quality systems. This lowers the cost of regulatory compliance and reduces the risk of penalties due to poor quality.
• Improved Processes: A robust GRC solution proactively identifies, tracks, and resolves quality and compliance issues by creating a transparent environment where decisions are based on hard facts and metrics.

Rather than floundering under a wave of regulatory mandates and legal challenges, life sciences companies must recognize both the imperatives and the benefits of a structured approach to GRC. MetricStream helps customers to adopt Governance, Risk & Compliance (GRC) Management; to mitigate risks and also revisit their business processes to capture value generating business opportunities. In addition, Metric Stream’s ComplianceOnline.com, a leading portal and online community for worldwide professionals, provides the latest information, best practices, training, products and tools on corporate governance, risk management, regulatory compliance and quality management.