A Leading Bio-Tech Company's Approach to Enterprise Risk Management

Maintaining compliance and managing risk across a global enterprise can be a daunting task. And it becomes even more of a challenge when you throw in factors like operating in multiple countries with multiple legacy systems and procedures in place, which is often the case when companies reach a global scale.

Follow @LNSResearch

The stakes are raised if your company is one involved in a heavily regulated industry such as pharmaceuticals, medical device, oil and gas, or airlines among many others. Failing to meet governance standards can bring operations to a halt and ultimately prove very costly. For this reason it’s important that companies have integrated, scalable processes for managing risk, compliance, and data governance.

During LNS’s Global Quality Advisory Council meeting last week, Ken Ray, Senior Director of Corporate Compliance Governance at Celgene, a global bio-technology company, shared his experiences with integrating these processes across his enterprise.

In this post, we’ll examine some of the ways that the establishment of formal and standardized global processes is allowing companies to better comply with standards and driving significant business value for companies making the time and investment in them.

Integrating Global Quality, Risk, and Governance Processes

Headquartered in Summit, NJ, Celgene is a bio-pharma company that manufactures drug therapies for cancer and inflammatory disorders. Originally a unit of the Celanese Corporation, Celgene broke off as an independent company in 1986 as the result of a merger. The company has experienced tremendous growth over the past decade, both organically and through acquisitions, and went from a U.S.-centric workforce of under 1,000 employees to a current total of nearly 6,000 operating in over 70 countries. As a result, Celgene is working hard to ensure its quality management systems and processes match the growth of the company.

Operating in a heavily regulated industry, the company faces many operational challenges as well as scrutiny from external regulatory bodies. Ray’s task as director of corporate compliance and governance is to build upon previous successes in quality management systems and compliance with Good Manufacturing Practices (GMPs) to develop a single program that is scalable, global, and sustainable across compliance, quality and enterprise risk management in order to facilitate effective enterprise decisions that take into account all these external factors.

The Importance of Cross-Functional Governance

One of the vital initiatives Ray has worked to implement for an enterprise-wide risk and compliance management program is a cross-functional approach to governance, soliciting feedback on the overall business needs of the company from various groups like quality, supply chain management, manufacturing, research and development, sales and marketing, finance, regulatory affairs, and so on. The goal is to have a single, globally sustainable program to deal with non-conformances in manufacturing, and having input from different business units is essential in complying with the wide range of aforementioned external factors, which include:

• Patient safety
• Scientific integrity
• Health authorities
• Environmental safety
• Intellectual property
• Worker safety
• Business continuity
• Global supply chain transparency for global health authorities 

Bow Tie Diagrams: A Process Tool for Managing Risk

One of the framework tools Celgene is currently experimenting with for achieving this process standardization is called a bow tie diagram. Focusing on a single undesirable event, a bow tie diagram is a simple visual demonstration of all the hazards that can lead to an undesirable event, all the potential outcomes, and all the controls that can be put into place.

Through the use of this tool, Ray is able to organize each undesirable event and take a comprehensive, enterprise-wide look at the all the possible outcomes of those events. He is then able to stack the individual bow tie diagrams to create an enterprise risk management dashboard based on the controls found across the different threats to the enterprise. The envisioned goal of this tool is a more organized, visual representation of the processes needed to maintain compliance and manage risks.

Ray’s view of effectively leveraging a quality management system and broader risk management framework centers on using it to move beyond just measuring process metrics and increasingly as a tool to help define what goals are important for the enterprise. He effectively flips what he sees as the conventional paradigm of the data/business need relationship.

He said, “What does executive management want to know about compliance?... I’m not reporting existing data up that attempt to answer that question, I’m asking that question down, and searching for the data that are going to answer it.”

What Others Can Learn from Celgene

Every company’s footprint and needs vary, but maintaining compliance and risk management across a global enterprise requires an integrated plan of attack. Regardless of size or industry, it’s vital to record inputs from all relevant business units, and desired outcomes from executive management in order to formulate a single, scalable process that’s globally effective in making decisions.

LNS Research's next Global Quality Advisory Council meeting is scheduled for December. The meeting will focus on process standardization and quality culture in today's competitive global market. For more information, follow the link below.