Enterprise Risk Management: A Case Study in the Pharmaceutical Industry

Enterprise Risk Management: A Case Study in the Pharmaceutical Industry

Gary A. Stair (Pharmaceutical/Medical Device Executive, USA)
DOI: 10.4018/978-1-60960-501-8.ch008


How a company successfully implements an Enterprise Risk Management (ERM) program, to identify and manage potential risks, can mean the difference between financial freedom and financial despair. The Committee of Sponsoring Organizations (COSO) guidelines, a voluntary private-sector organization in the United States, has developed internal control guidelines to provide guidance to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, fraud, and financial reporting. This chapter will discuss an approach to build an ERM implementation plan within a pharmaceutical company by outlining the responsibilities and influences of industry participants, sales forces, middle-management and senior leadership and the ways in which they focus on monitoring and developing the risk mitigation process. The influences of technologies are integrated and new directions, such as e-media and e-detailing (Virtual Sales Representatives) are also explored.
Chapter Preview


In the midst of several high-profile corporate scandals and subsequent regulatory legislations and compliance policy violations, “TAP Pharmaceuticals settles with Dept of Justice for $875 million” (Healthcare Financial Management, 2001) or more recently “Pfizer's $2.3 Billion-Dollar Settlement” (Forbes, 2009), the development and implementation of strict internal control systems has become an organizational requirement. These requirements have led many organizations to review their risk management areas and deem them as vitally important. Although the Sarbanes Oxley Act of 2002, a major regulatory policy in the United States, covered a part of an organization’s total risk management policy, many organizations felt compelled to develop comprehensive systems, which covered all aspects of risk management. The development and implementation of these comprehensive systems are termed Enterprise Risk Management programs.

Enterprise Risk Management programs are simply a framework of preventable, detective and corrective measures in which the effective application of them to an overarching strategy across the entire organization, designed to identify potential events or risks within a specified comfort level and to provide reasonable assurance on the achievement of company’s objectives. Several risk management best practices are available by reviewing the Committee of Sponsoring Organizations of the Tread way’s (COSO) Internal Control Integrated Framework system (COSO, 2008) and considered industry standards in building solid internal controls systems. COSO formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting; an independent private sector initiative aimed at studying the causal factors, which could lead to fraudulent financial reporting in the USA. This committee developed recommendations for public companies and their independent auditors, the US Security Exchange Committee and other regulators, and educational institutions. Their outcome provided an internal control process, which enacted “by an entity’s board of directors, management and other personnel was designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations

  • Reliability of financial reporting

  • Compliance with applicable laws and regulations ” (COSO, 2008, p3)

Complete Chapter List

Search this Book: