When I was the Chief Operating Officer at one of the largest suppliers of orthopaedic and spinal implant products, most of our conversations about risk related to the impact of our products on patient care. We always took the approach of erroring on the side of the patient.
Strategically, when we thought hard about risk, we evaluated it in terms of our core competencies and whether we should expand into other markets (like total joints).
For the most part, I think this served us well. With the notable exception of spine. We were extremely cautious in those early days of entering the spine market and that, I think, ended up hurting us. Those were the days when the industry was entangled in a legal fight over pedicle screws.
A Fresh Look at Orthopedic Company Risk Management
Where do you think the real risk exposure lies in your company?
Most effective managers worry about the risk of the sub-optimal clinical acceptance of product innovations, risks associated with failure to execute strategic plans, risks of putting the wrong people in critical positions or risks of regulatory non-compliance.
These are valid and important concerns. In fact, we can consider these to be “hard” risks and we as managers typically expend most of our effort to minimize them.
However, I would like to suggest that these types of risks are not what should be keeping you awake at night. The real risk in your organization is subtler, one that is hiding in plain sight.
Dare I say “soft” risks?
Hard Internal Controls
I was recently talking with a client who asked what additional steps he needed to take to protect his company from regulatory risks during a major strategic initiative. This client already had all the traditional support functions including internal control, quality and regulatory in place.
Still, great question!
It is undeniable that we cannot operate without effective quality and compliance functions. These elements of risk management—policies, procedures, and dedicated departments—are what I consider to be “hard” internal controls.
I cannot think of many instances where companies and executives faced real liability—both personal and professional—due to an underperforming internal audit or regulatory department.
Further, the medical device sector, perhaps more than most, expends significant resources to put in place robust internal, quality, and regulatory controls. We may be forgiven for thinking, because we have a solid internal audit department and excellent regulatory compliance organization, that we have risk management mastered.
Yet, where we are too often caught by surprise with respect to risk management and where, I think, the real risk exposure lies is in the area of “soft” internal controls.
