By Mark Linver, managing director of Deloitte Life Sciences Advisory, and Jack Tanselle, Managing Director at Deloitte.
Life sciences manufacturers continue to operate in an increasingly complex business and regulatory environment. The potential risks of operating in this environment are substantial, especially when also managing demanding pricing pressures, cybersecurity issues, privacy requirements, FDA safety requirements, quality regulations, legislator and Department of Justice (DOJ) or Office of Inspector General (OIG) concerns and transparency requirements. The risk of not addressing and managing compliance is high. It can result in reputational harm for the company, lost sales, government fines, costs associated with correcting issues under government scrutiny – not to mention the time and resources necessary to defend your organization. Given the critical role of pharmaceutical and medical device manufacturers for healthcare, risk will only increase in tandem with regulation and without the proper systems in place to support compliance, the costs could continue to mount.
Even without increasing regulation, the controls required to maintain compliance with current laws and regulations is and will remain immense. This is due to the growing volume of data across the various organizational functions involved in monitoring that compliance. In order to keep pace with compliance, it is critical to establish a long-term view of managing compliance risk, with an increased investment in and use of technology.
In an effort to infuse and maintain compliance controls throughout the organization, life sciences organizations go to great lengths to establish policies, incorporate directives into procedures, implement audits and incorporate controls in supporting systems. They implement repeated procedures for creating or updating compliance policies by: developing written standards, undergoing repeated cycles of review, attaining approval, providing training, reviewing existing policies/procedures, receiving approval for revisions, and so on – all of which can consume and burden a compliance team.
In addition to managing compliance, assessing risk typically occurs annually as part of a repeating process that requires multiple inputs and outputs. This process includes:
- Auditing - occurs at different volume levels each year, but includes collecting and reviewing documents, interviewing and/or surveying key stakeholders, analyzing the output and processing an observations report containing follow-up action items - even this follow-up can be a repeating process.
- Monitoring - includes gathering data from disparate sources, organizing it into a single location, running the same test over and over again, comparing against controls outlined in laws, regulations, policies and procedures, then analyzing and summarizing the output into observations and action items.
- Conducting Investigations - conducted at a frequency driven by company activities, but like audits include a series of repeating steps such as document collection, interviews, meetings, and documenting outcomes and follow up.
Solution: Utilizing Robotic Process Automation and Cognitive Intelligence Technologies
Compliance teams within an organization can utilize new technologies to automate what are currently repetitive, manual tasks and incorporate compliance controls as part of their business process utilizing Robotic Process Automation (RPA) and Cognitive Intelligence (CI) applications.
Typically, a routine compliance process for a large audit or ongoing monitoring is usually binary, rules-based, and a fit for automation, thereby reducing the human element through the use of RPA and CI. A process improvement or compliance management “bot”/application can be developed to review data contained in various disparate systems for risk-related patterns based on established rules. This process can be reduced to less than an hour, something that may take a human 15 hours to complete. In addition to efficiency, the RPA tool and CI applications provide additional advantages including:
- Consistently applying compliance policies across full data sets (instead of reduced sample data sets)
- Incorporating compliance controls into the business process, and across the organization, without being onerous to the business
- Ability to identify potential issues through pattern recognition/cluster analysis that may not be clear during an initial or cursory review by a human Compliance Manager
By utilizing RPA ad CI technologies to perform tasks that once were consuming countless hours, compliance managers can focus on more strategic, value-creating efforts like issue remediation and escalation, investigations, and overall business advisory. Modernizing the compliance infrastructure can also help transition a Compliance Organization from an audit function to a proactive business partner.
This blog contains general information only and Deloitte is not, by means of this blog, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This blog is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this blog.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2018 Deloitte Development LLC. All rights reserved