Until recently, managing the impact of a pandemic was the last thing on a life sciences company’s mind. In this new reality, monitoring business interactions is more relevant than ever. We hope this blog series can continue to highlight the value a compliance monitoring program can bring to your business.
In Part 2 of this 5-part series, I talked about the three key areas to monitor in a compliance program. In this piece, let’s talk about what Compliance Officers can do when things don’t go as planned and how we can use auditing and monitoring to reduce the likelihood of problems.
Identifying gaps when something goes wrong
The tendency may be to panic and be reactive when we’ve learned that something’s gone wrong. Before taking action, assessing the situation to determine the root cause of the issue may be a better first step.
Some common culprits that can undermine your compliance program fall under three main areas: lack of guidance, conflicting guidance, and lack of value of compliance.
Lack of guidance
- Are policies or standard operating procedures (SOPs) missing or outdated?
- Has the industry dynamic changed? Or the organizational structure?
- Were guidance documents created or updated to reflect the changes?
- Is the guidance stored someplace that it’s not easy to find? Or written in a way that’s difficult to understand? For example, in Canada, do you have your core compliance policies and SOPs available in both French and English?
- With the need to be nimble and companies growing or changing quickly, has there been guidance introduced that conflicts with what already exists? This can be common in cases where policies and SOPs are drafted ‘out of country’.
- Are the requirements of a policy or SOP in conflict with Innovative Medicine Canada’s Code of Ethics or a company’s local operational capacity?
- Has there been a review of existing guidance to ensure alignment across functional operations and priorities?
Lack of value of compliance
- Assuming you have the policies, SOPs, tools and training to manage risk, are there still problems? You may want to ask yourself, “What is the culture of compliance within the organization?”
- Is the compliance function seen as a partner or a ‘problematic’ afterthought?
- Is the root cause a technical knowledge gap or does the change have to be more behavioural?
As I said earlier, the tendency is to be reactive when something goes wrong. Only by assessing risk and testing the protocols and practices in place can you determine where the problem lies.
Establishing an auditing and monitoring program as part of your compliance cycle can help you identify these gaps and take action sooner in order to reduce the likelihood of issues.
Auditing versus monitoring – what’s the difference?
While most compliance professionals understand the difference between auditing and monitoring, not every organization does both. However, each has a role to play in ensuring a robust compliance program.
Auditing, in general, reveals ‘what’ happened but not necessarily ‘how’ or ‘why’
- There is usually a time lag between the incident and the time of the audit which means that the gaps may no longer exist.
- Auditing is sample based and not aggregate, therefore it’s difficult to detect trends. Samples may be too focused on one area and miss others.
- Auditing also tends to be rules-oriented and less open and collaborative (sometimes a black box) with greater focus on ‘detecting’ and ‘correcting’ rather than on ‘improving’.
- Auditing is retroactive meaning it oftentimes does not allow for business operations to implement corrective actions in a timely manner.
Monitoring is highly resource intensive but can provide more immediate feedback
- Monitoring can be subjective, that is, dependent on the Compliance Officer’s interpretation of guidance.
- It may also lack objectivity since reporting is not by independent observers but subjected to biases by activity owners.
- It can be less comprehensive, that is, it tends not to cover all the business processes, sub-processes and activities. Therefore, monitoring reports provide a high-level observation of business activity.
- Although monitoring is typically very specific and doesn’t always take a holistic view of the organizational structures and processes, it can provide more immediate or ‘real time’ feedback on business operations.
Establishing a value-based monitoring program can help change the perspective of the compliance program by making it relevant to how the business operates. You’re proactively watching business activity and course correcting in close-to-real time. There’s no mad scramble every couple of years to prepare for an internal audit. You and the business already know where things are and can anticipate possible observations or findings. You can even mitigate findings by being proactive and implementing remediation prior to the auditors’ review.
In the next article in this series, I will be talking about the critical success factors to consider when implementing a compliance monitoring program.
Can’t wait? You can listen to the entire “Closing the Loop” webinar now available on demand.