Risk Mitigation, from a Commercial Excellence Perspective

Risk Mitigation, from a Commercial Excellence Perspective

Many in the legal profession would say that Risk Mitigation is a critical core competency of all who practice in this field. Depending on the type of law one practices, one might be interested in mitigating risk to public safety, patients, stockholders or business owners. Both businesses and the public sector must constantly weigh the pros and cons of action vs. inaction, with the middle ground being Risk Mitigation. In the pharma world, it seems to be chronically on the in-house counsel’s radar screen.


From a Commercial Excellence perspective, there are a wide variety of ways of looking at risk to determine the best approach. The bottom line is that everything in life has some element of risk. If you are a business owner, the only way to avoid risk is to close the business, stop marketing and stop selling goods and services. If you drive a car and want to avoid risk, stop driving, sell your vehicle and take public transportation or walk. Simple – yes. Reasonable – not really.

It may not be surprising to say that all risks are not created equally, but taking an appropriate action in relation to one or more risks is another story, as there is a very wide gap between talk and action. And so, the concept of Risk Prioritization, as part of the Risk Mitigation, is what some Law Firms and also Pharmaceutical Organizations, are learning to manage, through the use of various tools used in Commercial Excellence.

What is risk prioritization? Think about it like this: are some risks worth taking if the benefit is greater than the cost? And for the sake of this article, “cost” isn’t limited to financial matters; cost can also be in terms of safety, human life or society. And so, can a business or legal group look at a comprehensive list of risks and focus on those that are of the highest cost as previously defined? And why would an entity focus on some and not all risks?

Let’s address these issues through a real example of a legal department in a Pharmaceutical company, and examine the process the department used to ascertain the appropriate amount of Risk Mitigation or Risk Prioritization. A mid-sized legal department based in the North East US has developed a different way of engaging with clients as it relates to risk.

This in-house counsel works with sites across a variety of business segments, to identify risks and anticipate potential litigation or regulatory action in a more pro-active manner. This in turn helps the company address the most pressing risks based on a set of pre-defined criteria. Additionally, it helps the company to set aside financial reserves in a more methodical manner, creating a good balance for the business as well as owners and stockholders (what business wants to tie up excess capital unnecessarily?).

Attorneys are using risk mitigation matrices to show leadership the risk factors

In pharmaceutical manufacturing and manufacturing in general, there is a three-axis system that is used to assess and prioritize risk. The system is based on the following:

  • Severity – How severe is the risk?
    • E.g.: 1 = no impact; 10 = death

  • Frequency – How often can the risk occur?
    • E.g: 1 = once in a million; 10 = once in a hundred

  • Detectability – can the risk be detected before it happens?
    • E.g.: 1 = it can always be detected; 10 = it is almost impossible to detect until the event has occurred

Here are some examples demonstrating the three-axis system:

Issue Severity Frequency Detectability RPN *
(Risk Prioritization Number) 
Being late to a court hearing 5 (judge will be very upset) 3 (about once a month) 2 (lawyer almost always knows when this occurs) 30 (5x3x2)
Cost = personal creditability
Failed emissions testing 10 (out of compliance with EPA Regulations) 10 (all diesel engines sold in the US) 10 (failure is 100% of the time when tested properly) 1000 (10x10x10)
Cost = financial
Contaminated municipal water supply 7 (lead poisoning in children can cause learning disabilities) 8 (impact is to most children below the age of 10) 10 (was this a known issue that was detected at the onset?) 560 (7x8x10
Cost = society/human health
*The higher the number – the greater the risk

Multiply these three numbers and you get what is known as RPN – Risk Prioritization Number. Sequence the numbers from highest to lowest and you know your top risks. If you have received a risk with a score of 1,000 (death that can occur once in a hundred incidents and isn’t detectable until it is too late), and you know that you must address the issue before it puts the public safety at risk. On the other end of the spectrum, if you have something with a score of 1 (a no impact action that happens once in a million and can be detected prior to an event occurring), and an organization may decide that the cost to fix/prevent the risk isn’t worth it.

How does this work for an in-house counsel?

Imagine the Pharma-legal department working with the various business units to establish their own criteria, then setting up a system that regularly monitors and calculates risks, and addresses the highest ones based on data and experience. Collaboratively with legal, the business has now identified 15 risks worth addressing during the upcoming fiscal year. One school of thought says that the company should address all risks with the same amount of due diligence. But just like the rest of the world, the company does not have unlimited resources and capital, and those 15 risks must be prioritized and addressed in some manner that satisfies the financial realities, without jeopardizing the ability to do business.

In practicality, a tool like this is very effective when dealing with product liability. Does the product present a choking hazard for children? Is the product made overseas and contain substances that are banned in the US? Is there a flammability issue with the material that the product comprises? Does the product experience uncontrolled acceleration that can put driver and public safety at risk? Can a vehicle’s self-driving mode fail and cause accident and/or death for the driver or others? An “ethical” producer might do everything to minimize or eliminate those risks, but what if said mitigation causes the price of the product to go so high that it is no longer able to stay in business? Not all answers are simple. Most would consider it a moral obligation to address any issue that may cause death or harm to society in general.

Consider the recent events in Flint, Michigan relating to the water supply and lead contamination. The water supply was changed to reduce costs. But there was a risk and that risk did indeed impact public health. Was the risk known? Was it calculated? Did anyone consider what the cost would be to prevent or eliminate lead contamination by changing the water supply? How much of a role did politics play into the situation? Certainly, it is a complex issue with many unanswered questions; nevertheless, it may take years to recover from the consequences of the contamination. Remember Hooker Chemical and Love Canal in the Niagara Falls, NY area? Almost 40 years later and people still haven’t forgotten, and are still feeling the effects of 21,000 tons of toxic waste buried in during the 1940’s and 1950’s.

And so, a matrix as shown above has been demonstrated to help Pharmaceutical companies focus on the risks to the appropriate level. Adding another column (financial costs such as reserves, or potential uninsured liability) may also help in the decision-making process; e.g.: should a corporate entity spend $10 million to address an issue that could (5% probability) cost $1 billion down the road? Think about this: did VW consider risk when emission results for their diesel engines were not within the US guidelines? Did they consider risk when a workaround was created to show false results, once a vehicle had an emission test in the US? Did they foresee that this could cost tens of billions of dollars? Was this a calculated risk? Interesting case to consider indeed.

In summary, all risks in the Pharma world are not created equal and not all must be addressed in the same manner. Some, not at all. The price/cost of doing business is the responsibility of each corporate entity. Collaboration between the business units and legal counsel utilizing risk prioritization tools can go far in proactively deterring risk.

Written By Jerry Rosenthal, a Tefen Professional Associate

Brian Hsing

Director and Head of US Operations at Tefen USA

Monopoly Building, Operational Excellence, Change Management & Supply Chain Expert

Talk to Brian Hsing

Fill the form for some quick advice


Let's work together!

shijiebei 365bet manbetx 188bet xinshui caipiao 95zz tongbaoyule beplay 88bifa 18luck betway bwin hg0088 aomenjinshayulecheng ca88 shenbotaiyangcheng vwin w88 weide