Whether or not you believe your company can do no wrong, you should always plan for the worst – this is where risk management comes in. (Roche, 2010) In the world of risk management, there are many different ways of doing it among all different disciplines. Regardless of the field in which you are working, an effective risk management process is necessary in order to effectively weigh whether or not you can release a certain product, or carry forward with a particular plan of action, without taking too much of a chance that you or your customers (not to mention your shareholders or business partners) will lose everything, or even if real harm will be done. What may work for one type of product or strategy may not work for another; that being said, there are quite a few similarities to keep in mind that stretch across all types of risk management processes. In this paper, we will go over the basic principles of a risk management process that can be applied to a pharmaceutical, as well as a run-of-the-mill enterprise risk management process, and see what comparisons can be made between the two.
When a pharmaceutical is being prepared for entry into the market, appropriate risk management is undertaken by the company that is releasing said product. The Food and Drug Administration has very strict guidelines on how safe a product must be, and therefore have very specific ideas on how adequate risk management should be done by the company involved. First, the risk management process must thoroughly go over what sort of benefits come with the product, as well as its risks. Secondly, once the risks of a given product are discerned, steps must be taken to lower those risks to an acceptable level, where a reasonable amount of safety can be assured when a customer uses the product. Third, they must continue to keep up with the product as it is introduced into the general public, so that they can detect side effects and risks that were heretofore unexpected and unpredicted. Lastly, with that knowledge in mind, they have to perform further risk management, and change their existing set of protocols to fit the new data, thereby further ensuring the safety of the product. (“Risk Management”, 88-89)
Step one is the most difficult and arduous to undertake, especially as a product’s research is just beginning. It begins with the Risk and Issue Management Strategy, wherein all of the steps that will be taken to address whatever problems or risks the product turns out to have are outlined. (“Risk Management”, 88) It can also dictate the people that will undertake these responsibilities, and the methods that are used to catalog and deal with these risks. The Risk Identification Technique is then applied to the process, which is a particular way by which potential risks and issues can be gleaned from the product, so the researchers and risk managers know what they need to fix. After that, they apply the Risk Evaluation Technique, which will examine just how severe the risk is, and how big a priority it is that they address it – for instance, if a risk is deemed sufficiently small and harmless, little to no risk management could be required. (Griffith, 2004) This can be done through many methods, one of which is a PBPK model, which allows a researcher to know how quickly a specific compound will metabolize in a person’s system. (Balant, 1241)
Once the risks are determined, it is time to figure out what must be done in order to intervene and maximize the level of safety a customer should have when investing in a product from a pharmaceutical company. There are a great number of procedures that can be done to accomplish this goal in the case of a pharmaceutical product; for example, the facilities in which the product is manufactured can be thoroughly inspected in order to ensure a clean, sanitary work environment where no foreign element can be introduced into the product. The manufacturer can be sure to maintain accurate and comprehensive labeling on the product, which has the effect of educating the consumer as much as possible on what is contained in the product, highlighting potential risks and risk factors that could just apply on an individual basis. This way, even in the event that only a small portion of the population would have an adverse reaction to the product, they would be properly informed of the risk before making the decision to purchase and use this specific pharmaceutical. Even the marketing for said product could be adjusted in order to make note of the risks that are inherent in the product. The most dramatic risk prevention could also be necessary – taking the product off the market. This is done if the risks are simply too great to reasonably release the product to the public, as any risk prevention measures would not be sufficient to lower the chances of something happening to a great number of consumers.
These same basic principles of risk management are also applied to the corporate sector, reaching beyond mere pharmaceutical products and extending to nearly every possible product that can be released into the consumer market, or even with overall business plans and models. Examination and addressing of these risks in the corporate world are known as enterprise risk management, or ERM, and they follow a fairly specific framework that, while working uniquely within its own realm, carries quite a few similarities with the process used to evaluate pharmaceuticals.
This process begins by establishing the context of the company and what it does, both outside in the overall market and inside, at what the particular enterprise sets out to do and the people who are in charge of carrying out these objectives. Secondly, the risks are evaluated, in this case from four specific directions: hazard risks (property damage, liability claims), financial risks (price, incoming capital), operational risks (poor management, lack of quality business operations), and strategic risks (harm to reputation, changing customer demands). (Enterprise Risk Management, 10) Rigorous studies are done and research is performed in order to determine, within reason, how likely these risks are to occur, given the particular market and condition of the company as it stands. (Ormerod, 83)
After these risks are found, they are then taken through a specific process that allows for a comprehensive evaluation of each type of issue and how it can be minimized. First, the risks are analyzed, determining just how likely it is that something of that caliber would go wrong; this can be done by looking at the company’s performance in the past, as that can lead to a reasonable expectation of what will happen in the future. The risks are then integrated into the business plan, which allows them to see how the company will perform in light of these hazards, and how much it will hurt them. With that in mind, the risks get organized by priority (which risks are more damaging or likely to occur), which helps personnel allot the proper resources to the most hazardous problems.
After all this is done, these fully evaluated and researched risks are addressed; the ones that can be minimized or fixed while still maintaining reasonable operation are handled, and actions are avoided altogether that would lead to an extremely high level of risk that cannot be maintained. Once actions are taken to address the risks that have been found, the story is not over; the team must continue to examine the company’s progress, in order to see how effective the risk management strategies were at preventing the problem, and watch out for any unexpected problems that were not anticipated in the initial risk assessment. If these are found, then the process starts over again, with the new risks being incorporated and evaluated, while remembering to maintain effective management of the initially discovered risks.
Looking at these two particular worlds of risk management, it is easy to see the similarities and differences that are inherent in each. The risk management process used to evaluate the release and danger of a specific product, such as a pharmaceutical, is much smaller in scale than examining the business strategies of an entire company. Nonetheless, the problems are looked at with nearly the same types of actions – both involve locating the specific kinds of risks involved, as well as the various actions that can be taken to prevent them. Similar solutions for these actions are presented as well; both processes carry the option of simply not going through with an action that would carry too much risk in the big picture (cancelling specific business strategies, or withholding a product from the market that is deemed too unsafe for the public).
Possibly the most important commonality between the two different types of risk management is the last step of each; namely, the continued evaluation and oversight of the company or product, in order to address whatever problems continue to crop up as the product goes to market, or the company goes into the marketplace. In both instances, it is agreed that the job is not done once the first risk management process is applied; it is an ongoing action that involves substantial oversight and nearly-perpetual monitoring of the factors they were examining before. With this vital step in the process, the consumers that operate in this economy can be assured that the management of risk in the companies that they place their financial future (or, in the case of pharmaceuticals, their health) in will be ongoing.
Balant, L., & Gex-Fabry, M. (1990). Physiological pharmacokinetic modelling . Xenobiotica, 20, 1241-1257.
Risk Management Committee. (2003). Overview of Enterprise Risk Management. Unknown: Casualty Actuarial Society.
FDA. (2004). Risk Management for the Pharmaceutical Industry. Unknown, 1, 88-89.
Griffith, E. (2004). Risk Management Programs for the Pharmaceutical Industry. Fujitsu, N/A, 1-4.
Ormerod, P. (2010). Risk, recessions and the resilience of the capitalist economies. Risk Management, 12, 83-99.
Q9 Quality Risk Management. (2006). unknown: U.S. Department of Health and Human Services.
Roche, C. (2011, January 14). Wall Street's Unsung Commodity: Risk Management. Seeking Alpha, 1. Retrieved February 4, 2011, from http://seekingalpha.com/article/246665-wall-street-s-unsung-commodity-risk-management