background image for GxP Lifeline
GxP Lifeline

The Rise of Risk: How To Meet Pharma Regulators’ Expectations

There has been a discernible shift over the past decade in the way the agencies that regulate pharmaceutical products scrutinize pharma companies’ risk management processes. With each update to an existing standard or new regulation that goes into effect, regulators are placing more emphasis on pharma risk management and mitigation. And the COVID-19 pandemic has intensified the prioritization of risk-based approaches to compliance.

Regulatory agencies worldwide are diverting from their former one-size-fits-all risk management methodologies and moving toward more segmented, data-driven approaches. If the U.S. Food and Drug Administration (FDA) Q9 Quality Risk Management guidance is any indication, this compliance trend will only become more pervasive. As the guidance specifies, greater assurance of a company’s ability to deal with potential risks “might affect the extent and level of direct regulatory oversight.”(1)

The Dilemma of Disconnected Risk Data

In the modern, risk-centered regulatory landscape, a pharma organization’s focus on documents — which has historically been most companies’ standard approach to compliance — is no longer a tenable model. This new reality has prompted many companies to seek an approach to pharma risk management that focuses on data over documents. Despite their best efforts, however, disconnected data issues continue to plague the industry. Risk-related data that could help companies identify and mitigate risks before they cause larger problems are too often trapped in disparate information silos, inaccessible reports, or unsearchable paper documents.

“Risk is all about putting a plan in place, executing on that plan, and being able to show that plan,” said Kim Jackson, a senior product manager at MasterControl who oversees risk and quality event solutions. “At the end of the day, what matters is being able to mitigate those risks because you’ve thought of them ahead of time. Tracking all of that on a spreadsheet is very difficult, but a lot of people are still doing it that way these days.”(2)

The issues caused by outmoded data management practices are exacerbated by the coinciding increase in the magnitude and frequency of the risks that pharma companies must manage. These increases are particularly problematic as they relate to product quality, drug approvals, and clinical trial design and execution, according to McKinsey & Company studies.

“Many pharma companies admit they feel poorly prepared to navigate these choppy waters because their risk analysis and management is not as robust, data driven, action oriented, or far-reaching as they would wish,” McKinsey researchers reported.(3)

The inability to leverage high-quality data to drive effective risk management is one of the biggest challenges afflicting contemporary life sciences organizations, according to a new MasterControl pharma industry brief. The brief, titled “Overcoming Pharma’s Top Six Quality and Compliance Oversights ,” lists substandard risk management as a leading problem that pharma companies inadvertently enable and perpetuate. Fortunately, the brief also recommends practical steps companies can start taking to mitigate risk management challenges — starting with digitization.

The New Regulatory Imperative: Digitize Risk-Related Processes

Staying competitive and versatile in an evolving regulatory environment will require pharma companies that have not already done so to implement advanced digital tools that can automate and streamline risk-related processes. Although some pharma executives may worry that the efficiencies gained from advanced pharma risk management technologies could trigger red flags for regulators, the opposite is actually true, according to Sue Marchant, product management director at MasterControl.

“We’re finding that regulators are adopting new data-driven approaches and that they are at the forefront of this trend,” Marchant said. “They are taking an approach that favors assessing risk in a more intelligent way. That regulatory stance will place added importance on life sciences companies’ quality data while also increasing its value.”(4)

Deloitte projects that pharma regulation will continue to become more outcome-based, data-driven, and segmented, and that it will increasingly rely on advanced analytics to detect patterns and trends to ensure the safety and effectiveness of products.(5) If that forecast proves accurate, companies should be prepared for regulators to create some form of overarching digital platform that will enable them to exercise more self-regulation. Such a platform would move the management of risk closer to those most affected by it. However, it would also require companies to be technologically prepared to interact with the new digital system.

The analysts at Deloitte also assert that the increased focus on risk-related data will push pharma companies to adopt a continuous-readiness quality model that will improve efficiencies and lower compliance costs.(6) Combining this model with robust digital solutions that facilitate effective risk management would dramatically boost the overall effectiveness of a company’s compliance function.

Practical Steps Toward the Digital Future of Pharma Risk Management 

Deloitte researchers highlighted two technology-related actions pharma companies can take that will help them successfully navigate compliance challenges down the road:

  • Integrate a single, enterprise-wide view of compliance risk.
  • Build data analytics capabilities to predict key risks.(7)

As regulators lean harder into risk, innovative digital tools capable of connecting data across the enterprise and integrating predictive analytics capabilities will be companies’ primary mechanisms for generating value from their risk management efforts. The use of advanced analytics and machine learning (ML) to enhance pharma risk management activities is gaining traction and demonstrating benefits across the industry, according to McKinsey & Company research. In one case study cited by McKinsey, a global pharma company achieved successes by adopting an advanced analytics approach to improve its prioritization of clinical trial sites for quality audits. The tactic enabled the company to identify issues that would have gone undetected using its old manual process while also freeing up 30% of its quality resources.(8)

Benefits of Digitizing Risk-Related Processes

Advanced risk management solutions substantially improve an organization’s capacity to track and trend risk data. They also make it easier to demonstrate the effectiveness of risk management efforts to auditors. Moving forward, digital technologies will be the fundamental modality through which a pharma company can prove that risk can be managed in accordance with regulatory requirements.

According to McKinsey’s projections, the companies that combine smarter risk-management principles with the most adaptable performance monitoring/enhancing digital technologies will gain advantages such as the following:

  • The ability to rapidly identify emerging trends and areas of potential risk, as well as review their underlying metrics and connections to different areas.
  • The capacity to make rapid decisions to address existing or emerging issues and monitor the results.
  • A comprehensive view of quality management in real time.
  • A view of the entire value chain that creates transparency for all functions throughout the enterprise, not just quality.
  • The ability to adjust metrics and targets to further improve performance as goals are achieved.
  • Automatic collection, analysis, and visualization of key indicators and outcomes on intuitive user interfaces.(9)

To learn more about proactive pharma risk management measures, as well as additional actions that can help your organization overcome other obstacles pharma companies commonly face, download the full industry brief.


  1. “Q9 Quality Risk Management Guidance for Industry,” FDA, 2006.
  2. “Navigating Constant Change With Flexible Quality Systems,” Kim Jackson and Erin Wright, MasterControl webinar, Feb. 3, 2021.
  3. “Expanding horizons for risk management in pharma,” McKinsey & Company, 2018.
  4. “Adopting a Data-Centric Quality Mindset,” Sue Marchant, MasterControl webinar, April 22, 2020.
  5. “Life sciences regulation predictions 2025,” Deloitte Centre for Health Sciences, Nov. 2018.
  6. “The challenge of compliance in life sciences: Moving from cost to value,” Deloitte Centre for Health Solutions, 2015.
  7. Supra note 6.
  8. Supra note 3.
  9. “Making quality assurance smart,” McKinsey & Company, 2021.


James Jardine is the editor of the GxP Lifeline blog and the marketing content team manager at MasterControl, Inc., a leading provider of cloud-based quality, manufacturing, and compliance software solutions. He has covered life sciences, technology and regulatory matters for MasterControl and various industry publications since 2007. He has a bachelor’s degree in communications with an emphasis in journalism from the University of Utah. Prior to joining MasterControl, James held several senior communications, operations, and development positions. Working for more than a decade in the non-profit sector, he served as the Utah/Idaho director of communications for the American Cancer Society and as the Utah Food Bank’s grants and contracts manager.

Get the White Paper
Overcoming Pharma’s Top 6 Quality and Compliance Oversights

Enjoying this blog? Learn more.

Overcoming Pharma’s Top 6 Quality and Compliance Oversights

Get the White Paper
[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]