Enterprise Risk Management for Life Science Companies

The discovery stage spans preclinical to Phase I research. In this evolutionary stage, life sciences organizations strive to establish the viability of their innovations. With a deep focus on evidence generation, key risks are concentrated in gaining access to researchers and patients in order to drive these various early-stage studies forward. Cultivating relationships with researchers comes with many risk drivers, such as anti-kickback considerations and patient identification challenges.

After establishing viability of the innovation in early research stages, organizations will next look to establish clinical viability and market viability as Phase II through Phase III studies are underway. Focus maintains on clinical development, further cultivating and maintaining a network of key opinion leaders (KOLs) for principal investigator recruitment, and developing partnerships with contract research organizations (CROs). From a market viability perspective, after clinical viability is established, focus begins on sourcing capital, market research, market access planning and preparedness for commercialization or transaction.

After the post-launch of a new asset (e.g., pharmaceutical product, medical device, FDA-approved digital health solution, etc.), organizations will be working to reinforce the clinical and market viability, while scaling safety surveillance and reporting. From a therapeutic area (TA) perspective, efforts shift to commercial enablement with a focus on market and patient access, along with medical affairs enablement for supporting relevant medical communities. Further emphasis is placed on sourcing capital, investing in human capital, continuing to build a network of KOLs, gaining access to data and healthcare professionals (HCPs), and developing market content. Secondarily, attention must still be paid to ongoing clinical development in the form of real world evidence (RWE), health economics outcomes research (HEOR), and Phase IV and investigator-initiated studies (IIS). Key activities that will drive risk in this phase of clinical development will be maintaining a network of KOLs, gaining access to data, initiating strategic partnerships and building safety surveillance protocols.

At this point, organizations will need to apply adjustments to the market plan as the real-time dynamics of the market begin to have impact on the new product. The long-term commercial success of the product is incumbent on these adjustments within the first 90 days. Once the fine-tuning is conducted and the asset is on its planned growth trajectory, the next key consideration of the product life cycle management will emerge: continued clinical development, including RWE, HEOR and IIS for new and evolving safety information as well as future label extensions. There will be investment considerations, but rather than solely sourcing funds, there will be focus on normalizing the balance sheet, and beginning to alleviate debt and resolve early private equity or venture capital investor expectations. At this point, organizations may need to reassess their risk appetite and align the new investment strategy with that risk.

The global regulatory landscape surrounding the life sciences industry is complex and evolving, requiring diligent attention to maintain compliance in each market. As organizations consider expanding globally, focus must be concentrated on product life cycle management while continuing to support the collection of data for future label extensions and safety surveillance. In addition, organizations may have grown substantially – in value and headcount – leading to increased corporate structure and governance. Furthermore, the commercial success and growth of the organization may support the case for globalization, which will require deep market evaluations and development of market access strategies.

Define key roles and responsibilities of the program:

• Develop and communicate the ERM program and ERM charter
• Train key stakeholders on ERM methodologies
• Assess maturity of existing compliance and quality functions

Agree upon and understand key risks:

• Identify and prioritize the risk universe
• Determine the scope of the ERM program
• Evaluate the risk management capabilities of compliance and quality functions

Prioritize and focus on the most significant risks:

• Develop response strategies (i.e., accept, mitigate or transfer) for the highest priority risks
• Implement consistent risk response governance across risk domains
• If resources are limited, focus greater attention on risks deemed to have higher severity, low risk tolerance and high organizational governance exposure

Confirm the organization is kept abreast of changes to its risk profile and mitigation efforts:

• Monitor ongoing policies and procedures to detect and address changes in risk severity and response effectiveness