Effective and Efficient Enterprise Risk Management in Life Sciences

Effective & Efficient Enterprise Risk Management in Life Sciences

Executive Summary

In an industry environment that is under constant scrutiny by the FDA, Life Sciences companies must carefully consider their specific processes when it comes to risk management and reporting. Failure to monitor risk profiles, especially in an industry that has direct impacts on human lives, can lead to significant consequences – financial losses, negative public image, FDA warnings and bans, and in the worst cases – harm to patients. This highlights the need for a comprehensive enterprise risk management program at all Life Science companies.

In the market, there are currently two major ways to approach risk management. The first is to use external contracting. This can be impactful but often does not provide the tool that will enable highly efficient processes. The second is technological solutions, such as integrated risk management systems which provide the tool, but do not provide any structure or processes to maximize the use of the tool.

The Ideal solution to developing and implementing a risk management program follows a simple methodology to ensure compliance, instill a risk aware culture, and do so in a lean manner. This methodology is:
1. Diagnose issues with the current state
2. Design the future state including the plan that gets the company there
3. Implementation of culture, processes, and systems
4. Sustain and improve people, processes, and systems on an ongoing basis

Risks in the Life Sciences industry are more significant than most, because these are products that will be used on humans to cure diseases. This leads most to believe that spending on risk management should be massive. However, while no expense should be spared when it comes to risk management, there is no reason that the program should not be efficient.

By Tom Ambrogio and Adit Babureddy

Chess pieces

The Problem

In the Life Sciences industry enterprise risk management is one of the key issues keeping leaders up at night. The Life Sciences industry is one where no one can afford to make a mistake, and with human life on the line the risks are far too high. This is why the FDA’s mission is “protecting the public health by assuring the safety, efficacy and security of human and veterinary drugs, biological products, medical devices…”1 The FDA is unwavering in its commitment to ensure that this goal is met, which has led to the very strict and voluminous amount of regulations on the Life Sciences industry. In addition, the industry is facing challenges that “are unprecedented in its history. Perhaps foremost among these are the industry's lower revenue growth, poor stock performance, the lowest number of new chemical entity (NCE) approvals and the poor late-stage R&D pipelines prevalent throughout the industry.”2

Not only is the Life Sciences industry heavily regulated, but competition is fierce as more drugs come off patent while fewer new drugs are being approved. This is in addition to the criticality of the product as it is used as the primary means to heal sick patients. There can be no short cuts in this industry, and executives must constantly be aware of risks and quality and compliance issues:

  • Product & packaging quality – When they are not of the FDA approved quality they must be recalled and destroyed, effectively wasting thousands and even millions in labor and materials. Not to mention the potential public relations nightmare recalls cause.
  • Aging equipment and resources – The FDA has noted that “There have been alarming shortages of critical drugs over the past few years… caused by the use of outdated equipment, reliance on aging facilities operating at maximum production capacity, and lack of effective quality management systems.”3
  • Regulatory compliance – Everything in the manufacturing process can go right, the product can be of top quality. However, if the proper compliance protocols are not met, it will result in penalties issued by the FDA. Even a few missed signatures on quality tests can result in warning letters. Recently, however, the FDA has acknowledged that it has “exercised extensive control over virtually every aspect of the manufacturing process. Consequently, pharmaceutical companies have often been reluctant to change their manufacturing processes and equipment because of perceived, and sometimes real, regulatory hurdles.”. This is something that the FDA would like to change going forward: “Significant advances in manufacturing science, quality management systems, and risk management have taken place, yielding modern manufacturing tools that can be used to help ensure manufacturing quality. It has been the goal of the CGMP initiative to create a regulatory framework that will encourage pharmaceutical manufacturers to also make use of these modern tools.”.4
  • Financial – The industry is highly competitive and generic players are taking on a larger and larger role, as R&D efforts sputter to produce new blockbuster drugs. Spending too much will result in poor financial results which can compound as a company’s ability to compete is crippled by lack of funding and/or high costs of capital, due to their poor performance. Additionally, any public company must comply with SEC and other international financial regulatory agencies.

These are just a few of the top risks that executives at all levels of a Life Sciences companies must be aware of during their day to day processes. Failure to address these risks in a systematic and comprehensive manner can have dire repercussions, so it is the responsibility of executives to make sure that all of these risks can be managed, especially since regardless of their direct or indirect involvement, they are accountable by the regulatory agencies.

Existing Solutions

In general, risk management concepts and methodologies have been around for centuries. On the other hand, enterprise risk management (ERM) solutions are more of a recent development. As technology has developed over the past decade, more and more ERM solutions have been developed across the board. In the current market, solutions usually fall into two major categories:

External contracting/consulting – Firms that specialize in teaching executives how to quantify and manage risks in their industry. They offer help in ensuring that a Life Sciences company will meet all regulatory standards, and offer insights of how to maintain compliance for years to come. What they will not provide is a fully integrated system, that enables very efficient real-time reporting on metrics to identify risks before they become concerns. Additionally, the focus tends to be at the executive level rather than inclusive of the entire organization; risk management is not a top-down activity but rather one where everyone plays a crucial role.

ERM and other compliance & quality systems – In Life Sciences, many companies rely on multiple different systems for different areas of the business. The ERM manages risk, the quality manager provides timely updates on quality metrics, and the compliance software keeps them abreast of potential compliance concerns. These systems rarely are integrated to provide the leadership team with a single portal to understand how risks are impacting product quality or compliance. A fully integrated system that can connect all areas is the most effective way to manage the complex risks in the Life Sciences industry. However, it is important to note that the system is just a tool; it is equally important to design processes that will make optimal use of the tool. Without the proper processes in place, the tool will end up costing the company rather than benefiting it.

The Ideal Solution

The FDA’s definition of a risk management program is “a strategic safety program designed to decrease product risk by using one or more interventions or tools.”  Unfortunately, there is no magic bullet for comprehensive enterprise risk management. It needs to be addressed by the entire organization and not a few individuals at the top. Coordinating these efforts will be extensive, but that only highlights the need to be efficient considering the industry pressures to reduce costs. There is, however, a way to build a Lean Risk Management Program that will not only ensure that risks are identified comprehensively but will operate with the least amount of waste possible.

The four elements of finding a solution to a probelmDiagnosing the problem – The first and most critical step is understanding where an organization is in its current state compared to where it needs to be, or would like to be in the future. During this phase it is critical to:

  • Define short and long term goals for the risk management program and culture
  • Comprehensively analyze gaps between current and future state, including a deep dive analysis of:
    • Staff at all levels at all sites to understand risk awareness in the current state
    • Process risk mitigation activity at all sites in all departments of the organization in the current state
  • Benchmark the current state to industry expectations
  • Analysis of risk management systems network wide, including assessing the level of integration that exists between systems

Designing the solution – Using gap analysis and future state goals, the organization must come up with a roadmap of how they will reach the future state. Activities should include the identification and detailed implementation plans of:

  • Staff risk management training specific to each business unit and employee role which includes:
    • How to identify and quantify risks
    • How to use risk prioritization tools and determine what risks should be mitigated
    • When it is okay to take a calculated risk – giving full understanding of the organization’s risk tolerance across different business units
    • How the organization wants employees to raise identified risk up to management

  • Define new risk management process and management routines
  • Develop impactful KPIs and take base line measurements
  • Any new technological solutions including the purchase of new systems or the integration of existing ones
  • Identification of quick wins – the initiatives which have low investments that yield meaningful results
  • Prioritization of improvement initiatives at a network level including the selection of pilot sites
  • Determine reporting mechanisms

Implementing and embedding – Following the plan developed in the design phase, it is now time to begin putting that plan into action. Defined timelines and priorities should be followed in order to always achieve the maximum benefits. During this phase it is key to:

  • Ensure that all staff learn and understand their role in the risk management program
  • Create a culture of risk awareness, quantification, and mitigation
  • Hold regular meetings with key stakeholders of business units or sites across the network, to ensure alignment and measure progress – in-between these meetings the agreed upon reporting method should be employed to track progress and metrics

Sustaining and improving – The last piece in the puzzle is an ongoing effort that begins once the highest priority initiatives are completed. In this phase the goal is to never accept complacency and to always strive for more effective and efficient processes and solutions. At this point metrics should be mature and performance gaps should be easier to identify. Ideally a system will be operational if it replaces prior reporting methods and eliminates the need for more formal reviews in place of real time reporting. Continued training of staff is a must, and ensuring that risk management becomes engrained into the culture rather than being a “flavor of the month” initiative.


Companies operating in Life Sciences must be able to implement effective processes in tandem with the changing regulations imposed by the FDA, CDER, and OPQ. Industries which involve the risk of human lives, must make every attempt to mitigate as much risk as possible when it comes to manufacturing products such as drugs. We foresee the importance of risk management and reporting to only continue to increase as time goes by. When efficient risk processes are effectively implemented, Life Science companies have the ability to adjust their operations in a timely manner.

Consider this methodology and the significant advantage it will bring to facilities during increasingly competitive times. If you would like to learn more about this approach and the work of Tefen Management Consulting or you are interested in a complimentary 1-hour consultation, please email our Director, Adrienne Trangle-Pelleg, at Apelleg@tefen.com.



1 "FDA Mission Statement." Fda.gov. Food and Drug Administration, n.d. Web.
2 "A Decade in Drug Discovery." Nature.com. Nature Publishing Group, n.d. Web.
3 "FDA Pharmaceutical Quality Oversight: One Quality Voice." FDA.gov. Food and Drug Administration, n.d. Web.
4 "Pharmaceutical CGMPs for the 21st Century - A Risk-Based Approach Final Report." FDA.gov. Food and Drug Administration, n.d. Web.
5 FDA.gov. Food and Drug Administration, n.d. Web.

Brian Hsing

Director and Head of US Operations at Tefen USA

Monopoly Building, Operational Excellence, Change Management & Supply Chain Expert

Talk to Brian Hsing

Fill the form for some quick advice


Let's work together!

shijiebei 365bet manbetx 188bet xinshui caipiao 95zz tongbaoyule beplay 88bifa 18luck betway bwin hg0088 aomenjinshayulecheng ca88 shenbotaiyangcheng vwin w88 weide