OR WAIT 15 SECS
Risk management is essential in any successful outsourcing partnership. The author outlines the steps toward identifying, understanding, and controlling risk in key manufacturing areas.
Selecting the right partner is the key factor in every outsourcing relationship. Risk analysis can be the ideal instrument for obtaining preliminary information when evaluating a potential contract service provider and can become an integral part of the sponsor's supply chain. This article describes the main factors in risk analysis when transferring drug-manufacturing activities to a third party.
When evaluating a potential partner, the following factors should be taken into account:
Collaboration between the customer and the partner during risk analysis allows an integrated and shared evaluation of risks and benefits. The key element of this process is to identify and understand risk and to determine how much investment is needed to reduce each existing risk.
Acceptance level and control
The acceptance level of risk and the margin of control must be determined. In addition to risk understanding, the main factors are identification, management, and weight-up.
Identification. Risk analysis is a continuous process that begins with the identification of all risks. During the first phase of analysis, opportunities and threats should be identified (see Figure 1). The probability of each opportunity and threat is determined, as well its their consequences, to assess the effect and benefit of each item.
Management. The results of the identification phase determine the level of risk management (see Figure 1). First, one should plan activities by taking into account the availability of various resources (e.g., economic, number of personnel, experience, knowledge). Risk-management planning must be continuously monitored and documented, and a periodic follow-up of the status should be performed. The management-reviewing step can be a learning process because it provides an opportunity for partners to share knowledge and experiences and exchange analytical data.
The last phase of the continuous review process—understanding—is the most important because it involves shareholders in the activity, uses the analysis performed in the previous phases, and helps set the boundary conditions of subsequent steps in the process (see Figure 1).
Useful instruments in risk analysis. An important instrument in risk analysis is the protocol of the preliminary evaluation. To analyze the risk of the suppliers and contract service providers, it is necessary to resort to a predefined instrument, adaptable to the demands of each partner, in which it is possible to include all the activities in the preliminary evaluation. The protocol document should include the following chapters: technical aspects; qualitative aspects (prerequirements); logistical aspects; organizational aspects and communication; vulnerability; safety; and environment. Elaboration of this protocol document is up to the contract provider. The compilation of various questions to be answered is up to the contract acceptor.
Another important instrument is the inspection audit and the checklist of risk analysis. These documents are prepared by the sponsor, using the evaluation's protocol as a basis. They help the contract service provider verify all the risk elements and their weight.
The final instrument is the evaluation's report, including the risk's weight-up and the action plan. The final report preparation is submitted to the sponsor. The report's basic chapters are the risk assessment, formulated starting from the compilation of the checklist indicated above, and the remediation and action plan that describes the interventions necessary to reduce the risk factors in the exposed analysis areas.
The assessment must differentiate the areas of higher risk (threats) from those that represent chances for improvement (opportunities). The operative tools necessary to identify risk areas are then finally presented to define the value (risk analysis) and to attribute the level of gravity and acceptance for business (risk assessment), the possible need for remedial actions, and the resolution time and responsibilities (action–remediation plan).
Weight-up. Risk weight-up considers the effect and probability of threats and opportunities enumerated in the risk identification phase; these can be weighted using the different levels shown in each quadrant in Figure 2. The levels are defined as follows: very high (VH), high (H), medium (M), low (L), and very low (VL). Because the defined levels are five in the ordinate and five in the abscissa of each quadrant, the worst-case risk is associated with the couple VH–VH (5 × 5 = 25). Similarly, the best-case risk is associated with the couple VL–VL (1 × 1 = 1).
The quadrants are highlighted in colors corresponding to probability and impact-level combination. The yellow areas are where the risk is acceptable for threats and opportunities. The red and pink areas are associated with the unacceptable risk for threats and opportunities.
For example, if you must transfer an industrial process in an emerging country in which partner knowledge (or experience, etc.) may be very low and the cost is very low, then the evaluation of the risk is:
threat: impact VH(5) × probability VH(5) = risk 25
opportunity:impact VL(1) × probability VL(1) = risk 1
Therefore, there is a big threat to transfer the industrial process, with a very low confidence level and a very big economic opportunity. In this case, management must decide whether the economic opportunity is acceptable while considering the risk associated with the partner's inexperience or whether it is better to partner with another more knowledgeable service provider for an acceptable increase of cost. In this alternative case, the threat risk may be considerably less, and the opportunity could be less interesting.
Example of a supplier evaluation questionnaire
Essential elements of a preliminary evaluation protocol
The evaluation of a selected partner may involve several financial and industrial aspects (see sidebar, "Example of a supplier's evaluation questionnaire"). The evaluation should also contain information about the following:
Main risk areas
The following are examples of major risk areas:
The evaluation questionnaire alone is not enough. Several inspective checks should be conducted before considering the risk and defining the action plan. If the sponsor company wants to know in detail the status of the service provider's capability, more than one audit should be conducted, particularly in the main areas considered critical for business continuity. Focused checks in the critical areas help to better define the risk and the subsequent remediation plan.
It is also essential, when the action plan has been defined, that the sponsor company monitor the carrying out of the interventions contemplated in the action plan and that the partner be reliable and transparent when executing the plan.
The corrective actions defined in the remediation plan must be realized in a defined timeframe and as requested. Any problem during the advancement of this action plan could postpone the project start and have a negative, and sometimes disastrous, effect on business.
Maurizio Battistini is general manager of APP Pharmaceutical Partners Switzerland GmbH, Via Cadepiano, 24 CH-6917 Barbengo, Switzerland, MaurizioBattistini@appdrugs.ch.