Putting Risk-Based Decision-Making Where It Belongs - Focusing on how risk affects the entire organization can improve the business bottom line. - BioPharm International

ADVERTISEMENT

Putting Risk-Based Decision-Making Where It Belongs
Focusing on how risk affects the entire organization can improve the business bottom line.


BioPharm International
Volume 25, Issue 3, pp. 22-24

RECOGNIZING MISCONCEPTIONS

How one thinks about risk management in broad terms can determine what specific actions are taken. In the author's experience, broad misconceptions can work against creating the mindset required to effectively implement integrated risk management. These misconceptions include:

Risk management should focus on dire consequences only. Risks such as patient and environmental safety can involve significant financial costs, and avoiding them requires unequivocal "must-do" decisions. But most corporate decisions are far more ambiguous and require a complex balancing of risk with cost, revenue, and other issues.

All risks are bad. This belief often leads one to focus on risk elimination rather than risk management. In the end, however, nothing happens without a risk being taken, and not all types of risk demand action. Risk management should focus on understanding risks and establishing parameters for tolerance—that is, how much risk the organization is willing to accept.

Risk management applies primarily to cGMP concerns and regulatory audits. Risk management is crucial for cGMP and audits; there is a clear application to legal and financial risk. But this narrow view can lead one to overlook other key issues such as cost-of-resolution.

Risk management ends at ranking and tracking. Many organizations use risk management to identify and quantify risks, once or periodically, and specify action as the responsibility of business leaders. Essentially, such risk managers create a portfolio of risks, not actions. As a result, business leaders are often left wondering what to do with the data given to them. This approach can lead to risk managers being viewed as distracting employees from "doing business."

The communication of risks requires complex formulas. Risk managers often become immersed in the "science" of their analyses. The most effective communication of risks should mirror how an organization reviews its expenditures. The risk analysis becomes a part of the business case, including return on investment (ROI), thereby presenting a clearer case for action.

Risk management should be an independent corporate process. Understanding risk is a fundamental part of running a business but large organizations often take that to mean that risk management must have a strong, independent role in the organization. A corporate risk-management group can track and communicate high-level risks, define processes, track activities, advise colleagues, and lead other risk-related activities, but in the end, the group is subordinate to the decision-making processes of the company. When functioning at its best, risk management is an integral part of most decision-making processes throughout the business.

ROI and risk mitigation are separate considerations. Laboring under this belief, organizations can fail to see that investments in proposed mitigation actions have a calculable return. An effective risk-assessment approach combines these concepts into a single portfolio review.

The misconceptions outlined here are deeply rooted in much of today's corporate thinking. Correcting them is essential for putting risk management into proper perspective and practice.


blog comments powered by Disqus

ADVERTISEMENT

ADVERTISEMENT

Lilly to Acquire Novartis Animal Health
April 22, 2014
Novartis and GSK Trade Assets
April 22, 2014
Mallinckrodt to Acquire Questcor Pharmaceuticals
April 16, 2014
EMA Warns of Falsified Herceptin Vials
April 16, 2014
American CryoStem and Rutgers University File Joint Patent on Stem Cell Platform
April 11, 2014
Author Guidelines
Source: BioPharm International,
Click here