Prescribing Risk Intelligence for the Life Sciences Sector
December 2007
To succeed in a competitive and volatile industry,
life sciences companies must take risks. What better argument for embracing
those risks and managing them intelligently?
by Mark
Layton and Terry Hisey
Deloitte & Touche
From heavy upfront investment in the product-development process and long
revenue cycle lead times to an ever-tightening regulatory environment and potential
product safety issues, life sciences companies face a daunting array of risks.
While the risks are many, the potential payoff can be significant—both in monetary
terms and with respect to improving the health and well-being of countless individuals.
[Note: Life sciences companies are generally defined as those in the fields
of biotechnology, pharmaceuticals, cosmeceuticals, food processing, environmental,
biomedical devices, and organizations and institutions that devote the majority
of their efforts in the various stages of research, development, technology
transfer, and commercialization.]
As in any industry, risk in the life sciences sector comes in two flavors:
unrewarded and rewarded. Risks are unrewarded when there is no premium to be
gained for taking them. But mitigating these risks does protect the company's
brand and stakeholders. A few of the unrewarded risks specific to the life sciences
sector include complying with numerous regulatory agency guidelines; adhering
to increasing consumer privacy and information restrictions; handling product
safety issues, security breaches, and IT system failures; plus managing cost
and availability concerns.
The primary motivation for taking rewarded risks, in contrast, is to exploit
opportunities and create value. Well-managed risks can result in new and innovative
products, expanded markets, successful alliances and acquisitions, and increased
profitability and market capitalization. A product that proves to be more effective
than anticipated, leading to unexpected market share gains, is one example of
a rewarded risk. Other examples? Products that receive approval earlier than
expected, upgrades to the manufacturing process that boost production yield,
and taking market share from competitors.
Within almost every activity—whether it be research and development (R&D),
product commitment, scaling manufacturing capability, or commercialization—pharmaceutical,
biotechnology, and medical device companies deal with both unrewarded and rewarded
risks. By being savvy about the risks to take and the risks to mitigate, a life
sciences company can become a risk intelligent enterprise that:
- Recognizes and manages the full spectrum of risks the organization faces
- Minimizes "siloed" behavior that can obscure an integrated view of risk
- Allocates proportionally more resources to the most strategic and pertinent
risks
- Considers effective risk management to be an organizationwide responsibility
and competency
- Anticipates and prepares integrated responses to risks
- Manages risk with a view toward maximizing the upside of strategic decisions
while minimizing the downside
- Acknowledges the need to take intelligent risks to create value.
Most important is the final point: risk intelligence relies on the ability
to anticipate and respond to market opportunities, as well as the capacity to
handle potential disruptions. A risk intelligent organization focuses on both
the positive and the negative; it protects existing assets and enhances growth opportunities. With
a risk intelligent approach, a life sciences company can realize a number of
benefits, such as the following.
- Improved ability to detect, correct, and mitigate risk
- Standardized risk management principles and language
- Reduced risk management costs
- Improved flexibility to respond to positive as well as negative events
- Earned confidence of the board and other stakeholders that the full
range of risks is understood and managed
Changing the Approach to Risk
Adopting a risk intelligent approach requires that people and systems change
the way they handle risk—which is no simple task. But we offer the following
guidelines for making the transition to a risk intelligent enterprise.
- Set up processes and systems that enable risk experts and operating
managers to communicate, measure the results of their interactions, and
develop a common language of risk.
- Require business units to aggregate the unrewarded and rewarded risks
they face and then develop a risk portfolio based on likelihood, measurable
impact, and vulnerability to those risks.
- Focus on vulnerability as well as probability. Use scenario planning
techniques to consider those risks on the margins—low probability events
that could have a devastating impact if they were to materialize. Also,
envision risks in combination, such as a supply chain risk that quickly
cascades into a reputational risk and a liability risk.
- Assess and adjust your organization's preparedness; accept tolerable
levels of risk or mitigate risk more or less aggressively, as needed.
- Use measurement, review, and reporting processes and procedures to rationalize,
synchronize, and harmonize your organization's approach toward risk management,
and deploy controls that address multiple risks.
Incorporate risk intelligence into the company's culture. People should understand
and apply risk intelligent concepts in an "institutionalized" manner, much as
a "Six Sigma" company imbeds that methodology into the organization.
Conclusion
The risk intelligent life sciences company makes a clear-eyed diagnosis,
recognizing both rewarded and unrewarded risks. And then it applies its resources
to bring about a positive prognosis. By knowing when it's prudent to avoid danger
and when it's smart to take a calculated risk, the risk intelligent enterprise
can more effectively write its own prescription for success.
R.T. (Terry)
Hisey is the U.S. managing principal for the Life Sciences practice
of the Deloitte U.S. firms. He can be reached at 215–246–2332 or at rhisey@deloitte.com.
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author’s employer or IRMI. This article does not purport
to provide legal, accounting, or other professional advice or opinion. If such advice
is needed, consult with your attorney, accountant, or other qualified adviser.