Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Integrated</strong> <strong>Risk</strong> <strong>Management</strong> / July 2012<br />
Many of the controls, ho<strong>we</strong>ver, occur more or less identically in the various<br />
compliance frameworks (GxP, SOX etc.), meaning that they are checked several<br />
times in various cycles. Consequently, the introduction and maintenance of a change<br />
process as a control, for example, occurs in almost all compliance requirements.<br />
Added to this is that many controls are related to processes, which in turn apply to a<br />
variety of computer systems, e.g. the change process.<br />
Subsequently, <strong>we</strong> can therefore conclude that <strong>we</strong> have introduced appropriate risk<br />
<strong>manage</strong>ment processes to the fullest extent possible, but that these have been<br />
implemented redundantly and at a considerable cost throughout the entire<br />
organisation due to numerous compliance requirements and their application to a<br />
number of IT systems.<br />
Generally, this leads to high yet unnecessary additional costs for the specification<br />
and implementation of the controls. It can even lead to contradictory evaluations of<br />
individual controls, as these are not standardised throughout the various frameworks<br />
and so are evaluated differently by the different departments. A lack of transparency<br />
in the actual compliance status <strong>with</strong>in the organisation then also contributes to the<br />
system falling short of expectations.<br />
The desired compliance is indeed achieved, but only at considerable expense and<br />
the risk of unpleasant surprises during audits and inspections due to this complexity.<br />
<strong>Integrated</strong> <strong>Risk</strong> <strong>Management</strong><br />
One solution for implementing these risk <strong>manage</strong>ment processes in an efficient way<br />
into the entire organisation is the introduction of an integrated risk <strong>manage</strong>ment<br />
system:<br />
Figure 3: <strong>Integrated</strong> risk <strong>manage</strong>ment<br />
www.hgp.ag<br />
© 2012 HGP AG, CH-Basel, All rights reserved Page 3 of 6