The need for healthcare and life sciences organisations to enhance their risk management arrangements is more essential than ever. Combined pressures in a post-pandemic environment, including increased cyber-attacks, the legislative and operational complexities following Brexit and changing regulatory frameworks, have seen the role of risk management change in recent years.
Risk management efforts should focus not only on the prevention of risk events, but also the depth and strength of an organisation's resilience to recover from risks once they occur.
The challenge for business leaders is to balance the management of risk on a day-to-day basis, with the increased scrutiny and focus from board and external regulators on how the organisation is effectively managing complex and interdependent risks in a fast-moving environment.
Organisations rising to this challenge have embedded a strategic approach to the identification, evaluation, monitoring and reporting of risk. Setting a dynamic risk appetite also helps organisations to make effective risk-based decisions from board to operational levels.
Risks within the healthcare and life sciences industries are wide ranging and evolving. We are currently seeing the emergence of risk themes in the below areas:
1. Data management – Understanding data flows and data management can be complex within the healthcare and life sciences environment. Organisations operating within the UK need to comply with GDPR in general but also understand how data is being shared in other localities and where risks relating to data transfer can occur. This has an added complexity if data is being shared or processed with third parties.
2. Third-party risk management – Similar to the third-party data management risk above is the wider third-party risk management. Many UK healthcare and life sciences businesses are outsourcing elements of their operations and don’t have direct control on day-to-day operations. This brings with it a range of reputational and supply chain risks. The recent collapse of SVB, has exposed a number of businesses to supply chain failures and the need to identify viability of core services on an ongoing basis.
Furthermore, there can be reputational and integrity based risks if suppliers do not conduct clinical trials and other key processes to the standards required. Clinical trials are expensive and if the data can’t be used due to weaknesses, this would be a costly and time-intensive mistake to make.
3. Cyber security – Healthcare and life sciences, like many other sectors, are seeing an elevated level of cyber security attacks. For most organisations, it is a case of when, not if, they are the target of an attack. Businesses that receive high levels of investment are often targeted with sophisticated tracking by hackers to launch their attacks at an opportune moment.
4. Final compliance – Healthcare and life sciences have significant levels of corporate governance requirements, including legislation in relation to bribery and corruption, the Sunshine Law in the US, as well as modern slavery and pay gap reporting requirements. The challenge for organisations is to not only have effective processes to monitor and report from within but also to understand how their supply chain is complying with the requirements.
5. Global tax compliance – with the quest for talent creating new employment arrangements including fully remote and a workforce scattered around the globe, businesses need to understand the payroll and tax implications of staff working full time from another country. Understanding risk exposure and monitoring compliance will avoid unnecessary risks in this area.
Healthcare and life sciences businesses are faced with a wide range of risk issues. Establishing risk management and assurance processes will mitigate against these risk as well as generating opportunities and adding long-term value to help your business move forward with confidence.
If you would like to discuss risk management for your business, please contact Liz Wright.