By Gregg Beloff, Co-Founder and Managing Director
“I’m travelin’ down the road and I’m flirtin’ with disaster.” –Molly Hatchet
I doubt the legendary southern rock band Molly Hatchet had biotech in mind with this lyric, but nothing more aptly describes the journey in life sciences: hallmarked by risk at every turn. These complex and dynamic risks impact not just science and clinical development, but capitalization, business strategy, operations and general performance.
There is no singular defined risk, and no singular definition of risk management. Be wary of off-the-shelf templates; companies must do the work to assess and plan accordingly for risks identified in their early stages and onward.
Where to start? Your risk management approach must fit your company’s unique research and development as well as your organizational structure and culture. Importantly, risk management is not just the procurement of insurance, which is one way to transfer risk. Some risks cannot be insured. Read on for a checklist of functional areas to consider and a summary of the risk management process.
Every functional area has risk. Some obvious and perhaps non-obvious examples include the following.
Finance –The high prevalence of fraud and email phishing is well documented. Do you have the right combination of crime and cyber insurance coupled with documented controls for wires, disbursements, and new or existing vendor banking changes to protect against financial fraud?
Clinical Research Organizations (CROs) have been known to make errors in billing and related accruals. Do you have a process of contract review and reconciliation to ensure against overpayment and inaccurate financial reporting?
Human Resources – Resumes can be both enticing and deceiving. Do you have a hiring documentation process that includes both a comprehensive background check and reference check?
Personal information must be protected. How can you ensure that personnel files are secured and there is no risk of inadvertent HIPPA disclosure?
Clinical Development – While the obvious risks of safety and meeting clinical trial endpoints garner the most attention, do you have contingency plans in the event that a trial is stopped, postponed or delayed? During the CRO selection and contracting process did you review the agreement for key risk management issues including replacement timeframes, insurance and indemnity?
Corporate Communications – Pitch decks are a common form of communication in life sciences, but do you have an agency to review for misleading, overly optimistic or off-script statements? What policies do you have in place to ensure that only authorized individuals make public statements?
The Process
Risk management is about creating systematic approaches to identify and address potential threats before they materialize as well as identifying potential opportunities. While insurance helps pay for losses after they occur, effective risk management focuses on prevention and mitigation – supporting the protection of key assets, operational resilience and enhanced stakeholder confidence. Every company should have a holistic understanding of risk and a corresponding risk mitigation strategy which, at a minimum, does the following.
- Identifies and helps the organization leverage opportunities, thus enhancing shareholder value
- Fits the culture of the organization; supplements current controls/capabilities and reduces rather than increases bureaucracy
- Encourages staff to take “informed risk,” not be constrained by risk
- Identifies how issues are conjoined across the organization
All risk management approaches begin with the identification of both real and potential risks (threats) that could affect your organization’s strategy and/or operations.
The takeaway? Risk management is a must-use yet often misunderstood tool in the toolbox. Start with an assessment, discuss the findings with your board of directors and build a plan. Be transparent with your investors; show them that you’ve done the work to protect their interests.
Suddenly that Molly Hatchet tune sounds less ominous!