Risk management in the pharmaceuticals and life sciences industry

Trang 1

KPMG INTERNATIONAL

Risk Management in the Pharmaceuticals and Life Sciences Industry

An Economist Intelligence Unit research program

Trang 2

© 2009 KPMG International KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated All rights reserved 21452NSS

The following is the final version

of the Executive Summary of the

findings of a survey conducted among

executives in the pharmaceuticals

and life sciences industry during

October 2009, and comparison with

the findings of the broader survey

conducted in May and June 2009

Who took the survey?

In August 2009, the Economist Intelligence Unit conducted a global survey of executives in the pharmaceuticals and life sciences industry on how risk is managed in their organizations The 65 responses were compared with those of a June 2009 global survey

of 353 executives in a broad range of other industries Of the pharmaceuticals and life sciences respondents, nearly one-half (46 percent) are C-level executives and the remainder are other senior executives and managers Sixty-eight percent represent companies with annual global revenues above US$500m The survey focused

on North America (65 percent of respondents), but had respondents from Europe, Asia-Pacific, the Middle East and Africa, and Latin America as well.

Preface

Risk management in the pharmaceuticals and life sciences industry is

a KPMG International report, written in cooperation with the Economist Intelligence Unit In August 2009, the Economist Intelligence Unit carried out a survey of senior management executives in the pharma-ceuticals and life sciences industry, which includes the biotechnology

as well as the medical devices and diagnostics segments The Economist Intelligence Unit executed the survey, conducted the analysis and wrote the report The findings and views expressed in the report do not necessarily reflect the views of the sponsor Katherine Dorr Abreu was the editor and project manager Madelaine Drohan was the writer The report also includes commentary by professionals in KPMG LLP (U.S.), who sponsored this research.

2 Risk Management in the Pharmaceuticals and Life Sciences Industry

Trang 3

No executive could have witnessed the humbling of global banks and

insurers in the recent financial crisis without wondering whether their

organization should be doing a better job of identifying, measuring,

and managing risk One clear lesson from the turmoil is that neither a

high level of regulation nor long experience in dealing with risk can be

adequate protection In order to survive in an increasingly uncertain

world, companies have to adjust their risk antennae constantly to

detect not just “known unknowns,” to borrow from former U.S defense

secretary Donald Rumsfeld, but also “unknown unknowns” before they

become a serious threat

The collapse of the Ponzi scheme run by New York financier Bernie

Madoff may not at first blush have appeared relevant to executives in

the life sciences sector But when it caused the collapse of the Picower

Foundation,1 a major benefactor of life sciences research, the ripples

spread through the industry The growing ability of organized crime to

operate globally might not seem germane until the items being illegally

manufactured abroad and smuggled are counterfeit versions of popular

drugs In 2005, authorities in the United States, Britain, and Canada seized

millions of dollars worth of fake Viagra, Cialis, and Propecia produced by

a criminal network with tentacles in China, India, Pakistan, the Caribbean,

and the United States.

Principal Findings

Risk Management in the Pharmaceuticals and Life Sciences Industry 3

1 “Foundation That Relied on Madoff Closes.” The New York Times, December 19, 2008.

Trang 4

To find out how companies in the pharmaceuticals and life sciences industry are managing risk, and to identify areas in need of improvement, the Economist Intelligence Unit on behalf of KPMG conducted a global survey of 65 executives in the industry and compared the results with a separate survey of 353 executives from other industries The principal findings are as follows:

• Risk management is a C-level issue in the pharmaceuticals and life sciences industry Ultimate responsibility for risk management rests most frequently with

the chief executive officer (CEO), followed by the chief financial officer (CFO), the chief risk officer (CRO), and the general counsel Executives are generally satisfied with the level of expertise at the C-level and the support that senior management gives to risk governance However, senior executives could be doing a better job of defining their organization’s appetite for risk, making sure risk information gets to the right people, and increasing the level of expertise at the executive board level

• There is a mismatch between what executives identify as the biggest barrier

to effective risk management in the coming year, identified as a shortage of available expertise, and their main priority, which is risk processes.2 Less than one-third of respondents say their organization has a chief risk officer and almost two-thirds do not intend to recruit one This appears at first glance to be misguided However, by giving a high priority to training nonrisk professionals in risk, companies may succeed in spreading risk awareness throughout the organization If they break down the risk management silo, which concentrates responsibility in a single unit of the organization, they may be better able to identify and manage emerging risks

• In managing risk, pharmaceuticals and life sciences companies spend the most time

on activities aimed at controlling regulatory risk, which they perceive to be by far the biggest threat to their organizations Compliance absorbs most of their time, followed by

controls and monitoring Yet in focusing on and then reacting to this obvious risk, they leave themselves less time and resources to scan the horizon for new and emerging threats This reactive style of risk governance, directed from the top, means many companies in this industry are failing to instill broad risk awareness throughout their organizations As a result, the level of understanding of new risks, the likelihood of occurrence, the magnitude

of impact and the interaction between risks is dangerously low

Risks Posing Threat To Company’s Global Business Operations

Crime and physical security

Terrorism Natural hazard risk (e.g., hurricanes, earthquakes etc.)

Credit risk (e.g., risk of bad debt) Country risk (e.g., problems of operating in a particular location)

IT risk (e.g., loss of data, outage of data center) Reputational risk (e.g., events that undermine public trust in your products or brand)

Political risk (e.g., danger of a change of government) Market risk (e.g., risk that the market value of assets will fall)

Foreign exchange risk (e.g., risk that exchange rates may change)

Financing risk (e.g., difficulties with raising finance) Human capital risks (e.g., skills shortages, succession issues, loss of key personnel)

Regulatory risk (e.g., problems caused by new or existing regulations)

Mean n

2.1 64

3.4 65 3.5 64 4.0 65 4.1 64

2.9 64 3.0 65 3.0 63 3.0 65 3.2 65 3.2 63 3.2 64

4.1 64

How significant a threat do the following risks pose to your company's global business operation today? Please rate on a scale of 1 to 5, where 1 = very high risk and 5 = very low risk.

Don't Know 4-5

3 1-2

11%

13%

9%

27%

28%

37%

38%

37%

41%

42%

67%

14%

11%

23%

20%

23%

19%

25%

17%

25%

75%

68%

53%

44%

38%

45%

23%

37%

38%

36%

8%

49%

2%

48%

25%

21%

22%

29%

May not equal 100% due to rounding

2 Risk processes are the internal actions taken or mandated by management to detect, identify, assess, and respond to risks.

Trang 5

KPMG Commentary

Research indicates that the role of risk

management in the pharmaceuticals

and life sciences sector may not be

significantly more advanced than when

KPMG published Pressure Points: Risk

Management in the Pharmaceuticals

Industry in 2005.

Indeed, the industry’s focus remains on

regulatory compliance rather than on a

more comprehensive and

enterprise-wide view of risk Respondents

acknowledged concerns—which

KPMG has expressed in the past—that

risk management processes are not

proactive and anticipatory, but change is

not a significant priority at this time The

integration of risk management into the

strategic areas of the business remains a

low priority for these respondents, with

most of them focused on mitigating risk

on the downside rather than taking a

more balanced view of risk appetite and

its potential

This limited risk orientation is not

surprising as the penalties for failing at

regulatory compliance have been very

visible, with high profile examples of

financial, legal, and reputational costs

While respondents acknowledged

that the most important goals of risk

management are proactive risk

identi-fication and helping management with

strategic decisions, nevertheless,

the business case for integrating risk

management into strategic processes

is harder to make; and examples of the

successful use of risk management in

driving business value are less visible

One promising development over the

past few years is the emphasis on

significant investment in information

technology (IT), both by respondents

in this research and in the analyses

of public financial reports for KPMG’s

recent Disclosures Handbook The

investment in IT infrastructure enables

more risk management controls to be

automated rather than manual, with

the potential for fewer human errors

and better documentation Increasing

reliance on sophisticated IT, however,

Effectiveness of Organization’s Risk Reporting At Enabling Activities

How effective is your organization’s risk reporting at enabling the following activities? Please rate 1 to 5 where

1 = very effective and 5 = not at all effective.

2%

Highlighting interdependencies

between risks

Providing aggregate view of risk exposure across entire organization Providing up-to-date risk information

Providing information that is tailored to the audience Effective allocation of resources

Highlighting possible opportunities

(upside risk) Highlighting risk concentrations

Feeding into strategy development and management decision-making Highlighting emerging risks

Don't Know 4-5

3 1-2

22%

30%

26%

27%

43%

44%

32%

40%

35%

33%

44%

45%

48%

32%

29%

51%

38%

43%

35%

31%

27%

25%

27%

17%

22%

25%

May not equal 100% due to rounding

Other Counterparty risk reduction Selection of appropriate insurance cover Enabling more efficient resource allocation

Fraud risk management Minimizing loss

Setting and monitoring the organization’s risk appetite Communicating key risks to stakeholders

Ensuring corporate survival

Identifying what action needs to

be taken once risks are identified

Enabling line-of-business managers to make

better business decisions Measuring and monitoring risk Instilling risk culture in the organization Ensuring regulatory compliance

Assisting management with strategic decision-making Identifying new and emerging risks

What, in your judgment, are the most important objectives of the risk management function? Please select no more than three objectives.

n = 65 Most Important Objectives of Risk Management Function

Multiple Responses Allowed

2%

5%

6%

14%

15%

18%

20%

23%

28%

32%

37%

5%

is also increasingly disclosed as a risk by more companies in all segments of the market—pharmaceuticals, biotechnology and medical device/diagnostics “As IT becomes more complex and there is an increased dependence on IT systems in the day-to-day running of pharmaceutical businesses, the potential downside of any IT failure becomes more catastrophic.”3

3KPMG Disclosures Handbook 2008 – 2009, Volume 1 – Risk and Disclosure in the Pharmaceutical Industry, page 71.

Trang 6

Pharmaceuticals and life sciences companies have a somewhat narrow perspective of risk Just over two-thirds of executives responding to our survey say that problems caused by new or existing regulations represent the biggest threat to their global business operations This is true regardless of the size of the company, although those with annual revenue of less than US$500 million are slightly more inclined to this view—70 percent of respondents from small companies identify regulatory risk as somewhat or very high, compared with 67 percent from larger companies In comparison, executives from other industries are more worried these days about financing, foreign exchange, market, and credit risk All of these are seen as lesser threats by the pharmaceuticals and life sciences industry as a whole Nevertheless, smaller companies are

as concerned about financing as they are about regulatory risk, and businesses with annual revenue of US$5 billion or more cite foreign exchange risk as the second most important threat.

An Industry with a Singular Focus

Trang 7

Regulatory risk is No.1 for all pharmaceuticals and life sciences companies,

but other risks vary by company size

How significant a threat do the following risks pose to your company's global

business operation today?

(Companies ranked by annual revenue)

(Percent of respondents who selected 1 or 2 on a 5-point scale, where 1=very high

risk and 5=very low risk)

Risk companies All $500m or less $500m to $5bn $5bn or more

Regulatory risk (e.g., problems

caused by new or existing

Human capital risks (e.g., skills

shortages, succession issues,

Political risk (e.g., danger of a

Reputational risk (e.g., events

that undermine public trust in

Foreign exchange risk (e.g.,

risk that exchange rates may

IT risk (e.g., loss of data,

Market risk (e.g., risk that the

Country risk (e.g., problems

of operating in a particular

Natural hazard risk (e.g.,

The risk governance structure of companies in the pharmaceuticals and life sciences

industry is suited to dealing with regulatory risk Regardless of industry, risk

management is dealt with at the top, with ultimate responsibility resting most often

with the C-suite In pharmaceuticals and life sciences companies, however, the

general counsel ranks much higher than in the general corporate world This reflects

the importance of regulatory risk for the industry

Executives in pharmaceuticals and life sciences companies are generally satisfied

with the level of risk expertise in the top management echelons But they are more

likely than their counterparts outside the industry to think expertise is more broadly

disseminated throughout the company: they give higher ratings than the broader

survey to the heads of business units, the chairman, and the audit committee

Trang 8

Pharmaceuticals and life sciences: Risk expertise broadly disseminated

Business units Audit committee Chairman Chief financial officer Chief executive officer

All other industries Pharma and life sciences

How would you rate the level of risk expertise among the following individuals/entities within your business? (% of respondents who selected 1 or 2 on a 5-point scale, where 1=Very effective and 5=Not at all effective)

Yet there is dissatisfaction with the effectiveness of risk management, how far it extends through the organization and its perceived benefits While executives say their companies are effective at managing regulatory compliance and linking risk management with corporate strategy, less than one-third think efforts to anticipate and measure emerging risks or recruiting and retaining people with appropriate expertise are effective And one-quarter say their firms are good at aggregating risks

at the enterprise level or instilling risk awareness throughout the organization

Companies manage regulatory risk well, but are weak in other areas

How would you rate the effectiveness of your organization at the following activities?

(Percentage of respondents who selected 1 or 2 on a 5-point scale, where 1=Very effective and 5=Not at all effective)

Ensuring clear lines of reporting for risk information to be escalated to board level

43 % Ensuring that information about risk reaches the right people 42 %

Ensuring that risk information is timely and up-to-date 37 %

Ensuring that sufficient board time and resources are allocated to risk issues 29 %

Recruiting and retaining appropriate risk expertise 26 %

Instilling awareness of risk throughout the organization 23 %

Looking ahead, executives see a shortage of available expertise as the greatest barrier to more effective risk governance Yet they are not bringing risk experts into the C-suite: 30 percent of respondents say their organization has a CRO in place (less than one-fifth for smaller companies), and 63 percent have no plans to recruit one The general group is more inclined to have either a CRO in place or have plans to recruit one, although the difference is slight

Trang 9

Although they see the lack of expertise as a barrier, the priority for the

pharma-ceuticals and life sciences executives for the next 12 months is on improving risk

processes, followed by improving data quality, and availability Efforts to improve

expertise will be limited to training nonrisk professionals in risk, rather than recruiting

or retraining risk professionals

While this approach to the people who are managing risk appears contradictory, it could

be an attempt to spread risk awareness throughout the organization, countering an

identified weakness Pharmaceuticals and life sciences executives see embedding risk

in decision-making processes as key to instilling a risk culture in their companies An

alternate explanation is that executives in this industry do not see the value of investing

further in risk management, given what they perceive as its slight contribution to some

of the more tangible corporate goals Almost one-half of respondents (49 percent) say

risk management helps increase shareholder and stakeholder value and 48 percent feel

it improves corporate reputation But only one-third (34 percent) think it has a positive

impact on revenue and 38 percent believe it helps with cash flow

Has your organization recruited, or does it plan to recruit,

the following individuals or entities?

(% of respondents)

56%

11%

33%

49%

15%

35%

63%

6%

30%

Board level executive

with ultimate accountability

for risk management

Risk committee

Chief risk officer

Over the next 12 months, which of the following aspects of risk management will be the main

priority for your organization?

5%

0% 10% 15% 20% 25% 30%

Other, please specify Recruitment of risk professionals

Retraining of risk professionals

Technology Training of nonrisk professionals in risk

Data quality and availability

Risk processes (% of respondents)

Risk processes and data quality and availability are

the top priorities in next 12 months

Trang 10

The picture painted by these findings is of an industry that pays attention to what it perceives to be its most important risk—regulatory risk But it could be vulnerable to being sideswiped by other risks, such as financial fraud, counterfeiting or being targeted by organized crime, to name a few

The temptation in industries subject to high levels of regulation is to rely on the regulators to detect and mitigate emerging risks before they become problematic The experience of the financial services industry serves as a cautionary tale Companies in the pharmaceu-ticals and life sciences industry should strive to do a better job of making risk management a company-wide effort aimed at managing familiar risks while constantly scanning the horizon for new ones.

Conclusion

Định dạng
Số trang	12
Dung lượng	586,4 KB