Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
Integrated Risk Management with GAMP 5 â manage ... - we.CONECT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Integrated</strong> <strong>Risk</strong> <strong>Management</strong> / July 2012<br />
Instead of specifying and monitoring controls for each individual compliance<br />
requirement, the controls are summarised in a unified system. The challenges of an<br />
integrated risk <strong>manage</strong>ment system such as this are that the context and timing of<br />
the requirements are not uniform, e.g. the SOX controls are revie<strong>we</strong>d at a different<br />
time and possibly by other organisational units to the GxP requirements. The<br />
integrated approach requires a certain degree of abstraction of the controls to make<br />
them applicable to all compliance frameworks. These necessary abstractions can<br />
lead to various interpretations by the different organisational units <strong>with</strong>in the<br />
business.<br />
On the other hand, the integrated approach allows for a unified business-wide basis<br />
for the controls, and thus a significant reduction in costs. Concurrently, this enables<br />
the comparability of results across organisational and system boundaries and<br />
achieves the necessary transparency.<br />
In practice, <strong>we</strong> first specify the controls for the various frameworks and unify those<br />
controls that occur in several frameworks. The specification and application of a<br />
change process, for example, can be expected in all frameworks (GxP, SOX etc.).<br />
Tool Support<br />
In order to <strong>manage</strong> the controls efficiently, Microsoft Excel is available as a tool for<br />
the simplest cases. Excel is ideal for organisations that only need to assess a few<br />
applications for compliance. As soon as one has to <strong>manage</strong> a larger number of<br />
applications, or wants to consolidate multi-organisational results, using Excel<br />
becomes extremely time-consuming and/or no longer feasible.<br />
Database applications specialising in risk & compliance <strong>manage</strong>ment represent an<br />
alternative to Excel. These provide an advantage over Excel, in that the entire risk<br />
<strong>manage</strong>ment work flow is displayed in an integrated tool:<br />
• specification of the assessments and controls<br />
• implementation of the assessments and evaluation of the controls<br />
• identification of compliance deviations<br />
• assessment of the risks<br />
• <strong>manage</strong>ment and monitoring of risk mitigation measures<br />
www.hgp.ag<br />
© 2012 HGP AG, CH-Basel, All rights reserved Page 4 of 6