Defragmenting GRC: Confidence and Cost-Efficiency in a Time of Chaos - Pharmaceutical Technology

Latest Issue
PharmTech

Latest Issue
PharmTech Europe

Defragmenting GRC: Confidence and Cost-Efficiency in a Time of Chaos
The scope and complexity of GRC requirements are expanding so rapidly that businesses are struggling to fulfill them despite an increased willingness on industry's part to apply additional GRC resources.


Pharmaceutical Technology


Reduced effectiveness of each individual GRC initiative. When individual project teams use different policy and procedure formats, terminology, support systems, and processes, the effect on the workforce is multiplied. Understanding and following prescribed practices, getting direction, accessing procedures, dealing with uncoordinated training programs, lack of adequate records management, and available information for regulators all become unnecessarily burdensome. In addition, management is unable to maintain the access to information necessary for making informed business decisions. A fragmented GRC environment also prevents incremental improvements in process, policy, and technology from being replicated across the enterprise, further hindering the ability of all project teams to fulfill their full performance potential.

Delayed fulfillment of GRC objectives. When project teams can't adequately benefit from the work of their peers across the enterprise, it slows them down. They must rediscover resources and reevaluate technologies. They must negotiate new relationships with vendors and get new procurement approvals from purchasing. These delaying factors can be particularly problematic when it comes to meeting regulatory deadlines. Delays in order fulfillment can also extend an organization's exposure to a wide range of financial and legal risks.

Low executive-and board-level GRC confidence. Board members and C-level executives can only have confidence in an organization's overall GRC posture if they have information about conditions and issues across the enterprise. A fragmented GRC environment does not provide this essential end-to-end visibility. Instead, it forces those ultimately responsible for the enterprise's GRC performance to monitor and consolidate multiple GRC information sources.

In addition to being logistically cumbersome, this siloed approach creates more potential points of failure in the GRC chain wherever information from disparate systems must be consolidated. By implementing an integrated GRC program, organizations can reduce costs, improve effectiveness, accelerate the fulfillment of current and future mandates, and deliver the consolidated view of GRC status that upper management must safeguard their own interests and those of all corporate stakeholders.

Defining GRC

The first step in defragmenting GRC programs across the enterprise is to properly define GRC and GRC success. Companies must have a clear sense of what sorts of activities fall under the umbrella of enterprise GRC management and what common purpose those activities serve.

Governance, risk, and compliance are distinct but closely related ideas. The following definitions, while technically incomplete, are simple enough for the purposes of this article:

  • Governance is what companies decide to do. These decisions may be internally or externally driven, but either way governance is the management activity that draws the picture of what the company's behavior should look like if all goes according to plan.
  • Risk is what influences those decisions. All companies must make business decisions based on whether they want to accept, mitigate, or eliminate a given set of risks to minimize the downside and maximize the upside.
  • Compliance is how companies decide to do it. Compliance consists of the policies, processes, people, controls, tools, and other measures that a company deploys to fulfill its governance objectives and reasonably minimize risk.

In this context, enterprise GRC can be viewed as everything everyone at a company does that falls into one of these categories. This doesn't mean that all GRC activities must be managed in a centralized or monolithic way, but it does mean that all GRC activities across the enterprise must be recognized as such—and that they must all be subject to whatever global GRC management principles are put in place in an organized and distributed fashion.

Pharmaceutical organizations have focused primarily on the "C" in "GRC" because of regulatory scrutiny, but many organizations are building risk-management programs to become active in identifying and managing risks before they become compliance issues, as opposed to reactive in dealing with risks that already have turned into compliance issues.


ADVERTISEMENT

blog comments powered by Disqus
LCGC E-mail Newsletters

Subscribe: Click to learn more about the newsletter
| Weekly
| Monthly
|Monthly
| Weekly

Survey
FDASIA was signed into law two years ago. Where has the most progress been made in implementation?
Reducing drug shortages
Breakthrough designations
Protecting the supply chain
Expedited reviews of drug submissions
More stakeholder involvement
Reducing drug shortages
70%
Breakthrough designations
4%
Protecting the supply chain
17%
Expedited reviews of drug submissions
2%
More stakeholder involvement
7%
View Results
Eric Langerr Outsourcing Outlook Eric LangerTargeting Different Off-Shore Destinations
Cynthia Challener, PhD Ingredients Insider Cynthia ChallenerAsymmetric Synthesis Continues to Advance
Jill Wechsler Regulatory Watch Jill Wechsler Data Integrity Key to GMP Compliance
Sean Milmo European Regulatory WatchSean MilmoExtending the Scope of Pharmacovigilance Comes at a Price
New FDA Team to Spur Modern Drug Manufacturing
From Generics to Supergenerics
CMOs and the Track-and-Trace Race: Are You Engaged Yet?
Ebola Outbreak Raises Ethical Issues
Better Comms Means a Fitter Future for Pharma, Part 2: Realizing the Benefits of Unified Communications
Source: Pharmaceutical Technology,
Click here