No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Risk Assessments Mitigate Risk for Bigger and Smaller Companies Alike

by Brian A. Dahl
June 4, 2014
in Risk
Risk Assessments Mitigate Risk for Bigger and Smaller Companies Alike

Earlier this year, the Office of Inspector General (OIG) put smaller life sciences companies on notice that they should put in place a risk assessment process as part of their corporate compliance program.  In its corporate integrity agreement (CIA) with EndoGastric Solutions, Inc. (EGS), the OIG required EGS to establish a risk assessment process to allow the company to:

  • Identify and assess risks associated with the sale, marketing, detailing, advertising and promotion of products reimbursed by government health care programs
  • Devise and implement specific measures to mitigate identified risks

The risk assessment requirement in the EGS CIA is one more example of the OIG clearly signaling that its expectations with respect to smaller company corporate compliance programs are not significantly different than its expectations of Big Pharma compliance programs.

Unlike many other CIAs, the EGS CIA did not provide any definition around what the company’s risk assessment process should look like.  On one hand, this gives EGS flexibility in defining its process.  On the other hand, this lack of definition leaves other smaller companies that are contemplating putting in place a risk assessment process wondering what such a process should entail.

Companies contemplating putting in place a risk assessment process need look no further than the more detailed risk assessment and mitigation process (RAMP) requirements in other CIAs for guidance, including the CIAs entered into in 2013 by Johnson & Johnson (J&J) and Par Pharmaceutical Companies.

The J&J CIA requires the company to annually undertake its risk assessment process.  As part of that process, J&J must identify risk areas by soliciting information from “all relevant business units and functions,” which includes the following:

  • Sales
  • Marketing
  • Regulatory Affairs
  • Medical/Scientific Affairs
  • Legal
  • Audit
  • Compliance

J&J must use the information collected from these business units to develop annual risk mitigation plans that identify risk mitigation activities that J&J must conduct in the following year, including monitoring activities.  Activities to monitor include speaker programs, speaker training, advisory boards, sampling, verbatim reviews, medical information requests and ride-alongs with sales representatives.  To request a table comparing the monitoring requirements of recent CIAs, click here.

The risk mitigation plan must detail:

  • The risk areas identified for mitigation
  • The activities to be conducted to mitigate the identified risks
  • The individual responsible for conducting each activity

The company’s various leadership teams must review and approve these plans.

The J&J CIA requires that the company track all risk monitoring and risk mitigation activities and make quarterly reports on such activities to the North American Compliance Officer, who must evaluate the activities to ensure that they appropriately mitigate the identified risks.  The Compliance Officer, in turn, must report quarterly on the status of these activities to the North American Compliance Committee, business unit leadership and compliance personnel at J&J affiliates and annually to the overall J&J Chief Compliance Officer.

The Par CIA requires a similar risk assessment process as that set out in the J&J CIA.  Like J&J, Par had already implemented a risk assessment process prior to the effective date of its CIA.  As part of that process, Par also must solicit risk information from “key operating areas” that include most of the business units mentioned above.

Unlike the J&J process, however, Par’s Enterprise Risk Management Committee must produce a “relative risk ranking report” or Risk Evaluation Report that makes recommendations to the company’s compliance committee regarding which products may require increased attention in the form of “enhanced risk mitigation plans” (enhanced RMPs).  The committee must also provide the Risk Evaluation Report to Par’s Board of Directors.

Par products identified as requiring enhanced RMPs are subject to risk mitigation activities beyond those activities contemplated by the J&J CIA.  The Par CIA states that enhanced RMPs “will consist of activities tailored to the risks identified during the risk ranking process” and provides the following examples:

  • Increased compliance messaging
  • Modifications to or limitations of promotional programs and
  • Enhanced training requirements

As with the J&J CIA, standard risk mitigation activities are performed regardless of a product’s relative risk ranking and include the monitoring activities described above.

In addition to drawing a distinction between standard and enhanced RMPs, the Par CIA requires that risk mitigation plans specify metrics by which both risk monitoring results and risk mitigation activities will be evaluated and/or measured.

The three key elements of the risk assessment processes set out in the J&J and Par CIAs – identify, plan and track – should guide smaller companies looking to implement such a process.  In the current enforcement environment, mitigating risk is essential.  Heeding the OIG’s guidance can go a long way toward protecting a company from the ramifications of an enforcement action.

This piece was originally run on the ProPharma Group blog and is republished here with permission from the site.


Previous Post

Anti-Corruption and Bribery: Vigorous Enforcement Continues

Next Post

3 Accidental Whistleblowers (Fired for Doing their Jobs Well)

Brian A. Dahl

Brian A. Dahl

Brian Dahl is the Principal at Dahl Compliance Consulting LLC. His consulting practice focuses on assisting life sciences companies with their corporate compliance needs. He is the architect of the corporate compliance programs at two top-tier pharmaceutical companies – Teva Pharmaceuticals and Takeda Pharmaceuticals.  As a consultant, he has built the compliance programs at two startup companies that recently launched their first products. Brian brings that real-world experience to the service of clients who are developing, implementing, or evaluating the effectiveness of their corporate compliance programs. Brian spent six years as the Compliance Director at Teva, where he built the company’s compliance program from the ground up while leading all aspects of the company’s compliance efforts across multiple branded divisions. Brian’s career in pharmaceutical corporate compliance began at Takeda in 2001, six months before the government’s seminal settlement with TAP Pharmaceuticals. Prior to becoming a pharmaceutical compliance professional, Brian practiced health law at the law firm of Baker & Daniels. He began his legal career practicing advertising law in Washington, D.C., first at the Federal Trade Commission and later at the law firm of Collier, Shannon, Rill & Scott. Brian received his J.D. from the University of Iowa College of Law and his Master of Health Administration degree from the College of Public Health at the University of Iowa. You can reach Brian at 847-800-1753 or at DahlComplianceConsulting@gmail.com.

Related Posts

Ethisphere 2025 E&C Program Trends & Employee Perceptions

2025 E&C Program Trends & Employee Perceptions

by Corporate Compliance Insights
May 27, 2025

Are ethics and compliance programs keeping pace with risk? Annual report E&C Program Trends & Employee Perceptions What’s in this...

blocks representing business ownership

Corporate Transparency Rollback Would Be Bad for Business

by Jamie A. Schafer
May 23, 2025

FinCEN’s ill-conceived interim rule will prolong uncertainty for businesses and further damage America’s standing abroad

Kovr 2F Partnership

Kovr.ai Partners With Second Front Systems for Government Software Accreditation

by Corporate Compliance Insights
May 22, 2025

Kovr.ai and Second Front Systems have partnered to automate software accreditation processes for government agencies through a combined platform that...

SolidusLabs Launch

Solidus Labs Launches AI Agent for Trade Surveillance

by Corporate Compliance Insights
May 22, 2025

Solidus Labs has launched an agentic AI system for trade surveillance workflows at financial institutions. The New York-based firm's platform,...

Next Post
3 Accidental Whistleblowers (Fired for Doing their Jobs Well)

3 Accidental Whistleblowers (Fired for Doing their Jobs Well)

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights