Compliance services
Clinical R&D
MFG
Risk-Based Compliance
Commercial
Sales
& Marketing
Government Programs
Contracts
CalcPartner
& ClaimsPartner
Assessment &
Audit
COT & PHS
Validation
PCX
Features
Drug companies that do not have a
Compliance Program in place, may soon pay a very high price. Download
the white paper, Building
a
Compliance
Program.
PCX
–SALES & MARKETING
PCX –
Government Programs
|
risk-based compliance
Proactively
identifying
and
mitigating
risk
through
effective
and
meaningful
Risk
Evaluation
and
Mitigation
Programs
is
key
to
ensuring
that
a
Compliance
Program
remains
evergreen
and
compliant
throughout the year. CIS
approaches compliance from a risk-based approach, and partners with
pharmaceutical clients to routinely evaluate compliance through
auditing and monitoring.
I. Risk Planning and identification
|
Risk identification begins with the
development and implementation of Corporate Guidance, Policies and
Procedural Documentation.
Risks can be identified through three primary channels:
- Business Risk Assessment
- Ongoing Auditing and Monitoring
- Ad-Hoc Activities, i.e., investigations and
performance reviews
Critical considerations of risk include:
- Risk based on the current business model and
processes
- Exposure, probability and severity of the
identified risk
|
II. risk evaluation
|
Risk Evaluation can come in a number of
formats including Assessment, Auditing and Monitoring. CIS defines
these three activities as unique evaluation techniques that can be used
to identify and evaluate risk:
- Assessment - review of processes to proactively
identify risk areas
- Auditing - independent review of specific
business practices within a predetermined scope
- Monitoring - review and evaluation of key
controls and risk areas
During the Risk Evaluation the following information should be
evaluated:
- Identify scope through Risk Planning activities
- Evaluate risk with respect to exposure,
probability and severity
- Identify areas impacted by the risk
- Document risks in clear and concise
documentation
- Initiate Mitigation Planning and/or
Investigation, as appropriate
- Update Risk Plans to include
evaluation of identified risk areas going forward
|
iii. risk mitigation / corrective action
|
Mitigating and Corrective Action Plans
are arguably the most important component of a Risk-Based Compliance
Program.
Considerations in ensuring effective response to identified risk
include:
- Establish a mechanism for tracking mitigation
progress
- Clearly define the risk to be
mitigated/corrected
- Assign responsibility, accountability and
timelines to mitigation
- Ensure appropriate oversight by an objective
party, which may include Compliance, Internal Audit or Senior Management
- Incorporate evaluation of the
Mitigating/Corrective Action into Risk Plans based on criteria outlined
for Risk Planning
The Compliance Officer or independent internal/external delegate may
become involved when actions include:
- Development or provision of training
- Development or update of Corporate Compliance
related policies
- Development or update of operational procedures
- Implementation of additional controls, monitors
or auditing activities
|
program maintenance
A Risk-Based Compliance Program is both preventative
and detective in the identification and mitigation of risk and
potential risk. In order for the level of effectiveness to remain high,
the program must be routinely evaluated and updated.
A program that is not routinely reviewed
and updated will not remain evergreen. The Compliance Officer should be
empowered
with responsibility for the maintenance of the Risk-Based Compliance
Program. Without this commitment, even the best built programs will
eventually fail to provide the level of scrutiny needed to protect the
company and ensure ongoing compliance.
|
