Internal Audit for Life Science Companies
Life sciences companies face pressures and challenges that are unique from other industries. Almost every aspect of the business – from the safety and quality of commercial and sales, to manufacturing and development – is affected by the driving forces of fear, uncertainty and doubt that arise from:
Implementing a comprehensive internal audit plan can help alleviate these anxieties and concerns that affect management’s decision-making skills, and most notably, strengthen the internal controls necessary to allow life sciences companies to meet their strategic objectives and goals.
Baker Tilly’s life sciences and internal audit professionals can help support your organization’s goals and objectives by addressing the unique risks associated with companies in the life sciences industry. Our team of Value Architects™ are able to help identify current and emerging risks now, so that we can help minimize tomorrow’s fears, uncertainties and doubts. By moving past a checklist or one-size-fits-all approach, our team is able to develop a customized solution tailored to your organization’s unique situation, needs and resource capabilities.
Our internal audit approach commonly encompasses three phases:
Phase one is about understanding your organization’s objectives, culture, administration, and strategy to provide a strategic and structured view of risks within your organization, as well as the interdependencies between risks at multiple levels.
Phase two involves developing or refining the needed audit activities to address risks and provide a link between the proposed audits and high priority risks to ensure that the audit activities are clear, understood and relevant. At the onset of each audit, we assess your objectives, significant processes, applicable systems and most relevant risks to define a scope for the audit activities.
Phase three entails a disciplined approach to executing audits to confirm that audit objectives are achieved on time and in budget. At the completion of the project, we work with your organization’s management team to finalize observations and create a report inclusive of significant audit findings, recommendations and implementation timelines. A follow-up on audit findings may be performed when the applicable function is audited again as a part of the normal audit plan or when, corrective actions are performed.
Internal audit must extend past financial controls to include internal control evaluations and design in order to address key risks that are unique to life sciences companies, specifically commercial; medical; safety, quality, and regulatory; and government pricing and contracting activities.
Due to the broad and often decentralized nature of commercial activities, it is key to include audits that cover internal controls to ensure that key stakeholders within the commercial organization are following the company code of conduct and policies, as well as relevant regulations.
The inclusion of such topics and subsequent strengthening of internal controls can help to alleviate the risk overload of commercial leadership and management, allowing these individuals to focus on strategic business objectives instead. The outcomes of these audits can also help provide feedback to stakeholders of what management is expecting of them.
Commercial internal audit activity areas include:
The medical function of the organization is focused on generating and disseminating evidence around the product or innovation. Lately, these innovations tend to serve small, competitive patient segments. Nonetheless, it is crucial to audit the internal controls in place to ensure that product information is fair and balanced to patient populations or advocacy groups. The outcomes of these audits can also help provide feedback to stakeholders of what management is expecting of them and to allow management to focus on strategic objectives as well.
Medical internal audit activity areas include:
Safety and quality reporting requirements are constantly changing, and given the complex nature of the data these reports are derived from and the importance of collecting all signals, it is necessary to have strong internal controls. Auditing these activities will allow for not only greater compliance with regulatory bodies, but will also allow for greater understanding of the process and data flows. The latter tends to be a heavy burden on management, but with stronger internal controls, this can free up time for upper management and allow lower level employees to take on greater responsibilities in this area.
Safety, quality and regulatory internal audit activity areas include:
With high scrutiny from various government agencies, companies must evaluate their standard operating procedures (SOPs) and policies, product acquisitions and how data is handled for inclusion in their pricing calculations. Methodologies and reasonable assumptions should also be reviewed to ensure they are kept up with the changing regulations and companies’ business models.
Government pricing and contracting internal audit activities include:
It is imperative for life sciences organizations to monitor the recent enforcement actions of the Department of Justice and the Department of Health and Human Services Office of Inspector General in order to understand current focuses and applications of relevant regulations. The internal audit plan should be guided by such focus areas.