Compliance services
Clinical R&D
MFG
Risk-Based Compliance
Commercial
Sales
& Marketing
Government Programs
Contracts
CalcPartner
& ClaimsPartner
Assessment &
Audit
COT & PHS
Validation
PCX
Features
Drug companies that do not have a
Compliance Program in place, may soon pay a very high price. Download
the white paper, Building
a
Compliance
Program.
PharmaComplianceXchange (PCX)
|
risk-based compliance
Proactively
identifying
and
mitigating
risk
through
effective
and
meaningful
risk
evaluation
and
mitigation
programs
is
key
to
ensuring
that
a
compliance
program
remains
"evergreen," or compliant
throughout the year. CIS
approaches compliance with a risk-based philosophy, and partners with
pharmaceutical clients to routinely evaluate compliance through
auditing and monitoring.
I. Risk Planning and identification
|
Risk identification begins with the
development and implementation of corporate guidance, policies and
procedural documentation.
Risks can be identified through three primary channels:
- Business risk assessment
- Ongoing auditing and monitoring
- Ad-hoc activities (i.e., investigations and
performance reviews)
Critical considerations of risk include:
- Risk based on the current business model and
processes
- Exposure, probability and severity of the
identified risk
|
II. risk evaluation
|
Risk evaluation can come in a number of
formats, including assessment, auditing and monitoring. CIS defines
these three activities as unique evaluation techniques that can be used
to identify and evaluate risk:
- Assessment - Review of processes to proactively
identify risk areas
- Auditing - Independent review of specific
business practices within a predetermined scope
- Monitoring - Review and evaluation of key
controls and risk areas
During the risk evaluation, the following information should be
evaluated:
- Identify scope through risk planning activities
- Evaluate risk with respect to exposure,
probability and severity
- Identify areas impacted by the risk
- Document risks in clear and concise
documentation
- Initiate mitigation planning and/or
investigation, as appropriate
- Update risk plans to include
evaluation of identified risk areas going forward
|
iii. risk mitigation / corrective action
|
Mitigating and corrective action plans
are arguably the most important component of a risk-based compliance
program.
Considerations in ensuring effective response to identified risk
include:
- Establish a mechanism for tracking mitigation
progress
- Clearly define the risk to be
mitigated/corrected
- Assign responsibility, accountability and
timelines to mitigation
- Ensure appropriate oversight by an objective
party, which may include Compliance, Internal Audit or senior management
- Incorporate evaluation of the
mitigating/corrective action into risk plans based on criteria outlined
for risk planning
The Compliance Officer or independent internal/external delegate may
become involved when actions include:
- Development or provision of training
- Development or update of corporate compliance-related policies
- Development or update of operational procedures
- Implementation of additional controls, monitors
or auditing activities
|
program maintenance
A risk-based compliance program both prevents
and detects risk and
potential risk. For the level of effectiveness to remain high,
the program must be routinely evaluated and updated.
A program that is not routinely reviewed
and updated will not remain evergreen. The Compliance Officer should be
empowered
with responsibility for the maintenance of the risk-based compliance
program. Without this commitment, even the best built programs will
eventually fail to provide the level of scrutiny needed to protect the
company and ensure ongoing compliance.
|
