Managing Director, Life Sciences Advisory Deloitte & Touche LLP Indianapolis, IN
Nothing can make certain the avoidance of government enforcement, individual liability, and Corporate Integrity Agreements ("CIA"), but a strong data analytics program, as part of an overall, effective compliance program, can be utilized to help a company better mitigate such risks.
The value to be derived from an analytics program hinges on the ability to conduct broader and deeper analysis as promptly as possible, placing significant emphasis on the processes and technologies used to support the program.
The controls required of life sciences companies to maintain compliance with current laws and regulations across organizational functions, and the amount of data involved in the monitoring of that compliance, is and will likely remain immense.
With manual processes only, a data analytics program can only be as powerful as the number of people assigned to gather, sample, test, analyze and report on the data -- this is very limiting. Therefore, it is critical for a company to consider establishing a long-term view of analyzing and managing compliance risk by investing in technology solutions that can combine data from multiple sources (breadth), reduce the need for sampling by testing entire universes of data (depth), and conduct analysis in minutes as opposed to days or weeks when done by humans alone (speed).
Innovative, enabling technologies currently exist to automate repetitive, manually intensive compliance elements that make up the heart of any compliance data analytics program (e.g., risk assessment, internal auditing, monitoring, and investigations), including Robotic Process Automation (RPA), and Cognitive Intelligence (CI) applications. The RPA&CI spectrum ranges from enabling technologies that can improve parts of business or risk processes, to sophisticated technologies with cognitive elements as illustrated in the table below.
As an example, a routine compliance testing process for a large audit or for ongoing monitoring is usually binary, rules-based, and fit for automation, thereby reducing the human element through the use of RPA&CI.
A process improvement for compliance management is a "bot" or application that can be developed to review data contained in various disparate systems for risk-related patterns based on established rules. This "bot" can execute the routine testing processes in less than an hour, something that may take a human 15 hours to complete.
In addition to efficiency, the RPA tool provides other advantages including:
- Consistently applies compliance policies across full data sets (instead of smaller sample data sets)
- Incorporates compliance controls and monitoring points into the business process, and across the organization, without being onerous to the business
- Identifies potential issues through pattern recognition/cluster analysis that may not be readily apparent during an initial or cursory review by a human compliance manager
Modern compliance organizations are risk intelligent, efficient, and provide analytical insights through business partnership and enablement. By utilizing RPA&CI to perform data analytics tasks that once were consuming countless hours, compliance managers can focus on more strategic, value-creating efforts such as root cause analysis, issue remediation and escalation, and overall business advisory.
Investment in these types of enabling solutions also helps amplify the investment in the compliance data analytics program by covering a broader and deeper set of data points, at a much more efficient rate, to help mitigate the risks of government enforcement, individual liability, and CIAs.