The medical device manufacturer that had a spectacular compliance failure probably made the headlines. Their story will be noted in university classes around the world for years to come. Let’s look at another outcome.
Compliance risk is exposure to legal penalties, financial forfeiture, or material loss from not complying with industry laws and regulations, internal policies, or prescribed best practices. A medical device manufacturer can develop controls to manage compliance risk or they can use ERP and other tools already owned to become more competitive. Start with a comprehensive listing of all possible compliance risks. Then prioritize that list by ranking the dollar amounts or each exposure and the probability of each risk. Next, think about risks that should be taken. Risks usually have an offsetting reward and we all want to maximize our rewards.
Internal audits are a key tool to control potential risks and damages. Ask your auditors to look both ways at risks they find. Are there risks that should be exploited for improved profits? This does not mean that the risk of loss should be ignored – it remains present. However, part of controlling that same risk might be developing sales channels or products.
Sarbanes – Oxley is one of those areas of concern as a possible regulatory risk. One business might develop measures within their CRM and email systems to trap words and phrases that could suggest unpermitted sharing of trade secrets or other data. Another business might examine the same messages looking for data that ought to be kept and measured or that could lead to the development of a new trade secret. The second business knows to leverage all their data, including ERP and other transactional records, compliance exception reports, and hot line statistics to understand both emerging opportunities and risks that might be within their business.
Within your ERP are millions of transactions. These are not equal. Consider the compliance risks your business wants to control. Develop queries that automatically analyze all the transactions repeatedly selecting the few that might be a problem and the few that might lead to a breakthrough.
Think about all the compliance issues your business might have. Are any of your products and services related to the International Traffic in Arms (ITAR) regulations? Medical device companies have customers who should pay their bills. Are you compliant with all the rules of the Fair Debt Collection Act?
Have you collected any patient data during your product development? Are you managing that data in a way that meets the needs of HIPPA, The Health Industry Privacy and Portability Act?
Your business has compliance risks like any other. Which results will you see? Use your ethics and compliance risk assessments to include both a methodology for controlling risks as well as a framework for prioritizing the potential benefits.