Putting Risk-Based Decision-Making Where It Belongs - Focusing on how risk affects the entire organization can improve the business bottom line. - BioPharm International


Putting Risk-Based Decision-Making Where It Belongs
Focusing on how risk affects the entire organization can improve the business bottom line.

BioPharm International
Volume 25, Issue 3, pp. 22-24


How one thinks about risk management in broad terms can determine what specific actions are taken. In the author's experience, broad misconceptions can work against creating the mindset required to effectively implement integrated risk management. These misconceptions include:

Risk management should focus on dire consequences only. Risks such as patient and environmental safety can involve significant financial costs, and avoiding them requires unequivocal "must-do" decisions. But most corporate decisions are far more ambiguous and require a complex balancing of risk with cost, revenue, and other issues.

All risks are bad. This belief often leads one to focus on risk elimination rather than risk management. In the end, however, nothing happens without a risk being taken, and not all types of risk demand action. Risk management should focus on understanding risks and establishing parameters for tolerance—that is, how much risk the organization is willing to accept.

Risk management applies primarily to cGMP concerns and regulatory audits. Risk management is crucial for cGMP and audits; there is a clear application to legal and financial risk. But this narrow view can lead one to overlook other key issues such as cost-of-resolution.

Risk management ends at ranking and tracking. Many organizations use risk management to identify and quantify risks, once or periodically, and specify action as the responsibility of business leaders. Essentially, such risk managers create a portfolio of risks, not actions. As a result, business leaders are often left wondering what to do with the data given to them. This approach can lead to risk managers being viewed as distracting employees from "doing business."

The communication of risks requires complex formulas. Risk managers often become immersed in the "science" of their analyses. The most effective communication of risks should mirror how an organization reviews its expenditures. The risk analysis becomes a part of the business case, including return on investment (ROI), thereby presenting a clearer case for action.

Risk management should be an independent corporate process. Understanding risk is a fundamental part of running a business but large organizations often take that to mean that risk management must have a strong, independent role in the organization. A corporate risk-management group can track and communicate high-level risks, define processes, track activities, advise colleagues, and lead other risk-related activities, but in the end, the group is subordinate to the decision-making processes of the company. When functioning at its best, risk management is an integral part of most decision-making processes throughout the business.

ROI and risk mitigation are separate considerations. Laboring under this belief, organizations can fail to see that investments in proposed mitigation actions have a calculable return. An effective risk-assessment approach combines these concepts into a single portfolio review.

The misconceptions outlined here are deeply rooted in much of today's corporate thinking. Correcting them is essential for putting risk management into proper perspective and practice.

blog comments powered by Disqus



GPhA Issues Statement on Generic Drug Costs
November 20, 2014
Amgen Opens Single-Use Manufacturing Plant in Singapore
November 20, 2014
Manufacturing Issues Crucial to Combating Ebola
November 20, 2014
FDA Requests Comments on Generic Drug Submission Criteria
November 20, 2014
USP Joins Chinese Pharmacopoeia Commission for Annual Science Meeting
November 20, 2014
Author Guidelines
Source: BioPharm International,
Click here