Risk management is a big and complex topic… but that doesn’t mean your approach to risk management has to be. In fact, the simpler it is, the more likely it is to be adopted and successful. Understanding the 7 levels of process maturity can keep you in compliance and mitigate your risk exposure. 


Admitting the need for change is always the first step. But you can’t admit that need until you recognize the nature of that need. Whether you’re just starting with risk management or managing a long-neglected risk, it’s important to examine the risks that threaten your company and your ability to manage them. Is your organization fully compliant with good clinical practice? If not, then it’s time for a change. Make sure you communicate that to all the relevant stakeholders so you can get the ball rolling on these changes.


Risks can come in all shapes and sizes. Financial, reputation, moral risks are just some that may impact your company, and your management and staff should have a pretty good idea of what they are – and what they could be in the future. Gather them together and brainstorm the possibilities.

Once you have these risks defined, identify which have the most realistic potential of disrupting your operations. Decide which strategic approach makes the most sense: avoidance, acceptance and mitigation, or reduction.


Even if you haven’t begun your risk management, it’s time to gather whatever relevant data is available to you regarding that risk. How is your company performing around that risk? How has that performance evolved? Recording and storing this data will help your company measure and track your risk management process over time.


Once the relevant data is collected, analyze it. Record the causes of risk as well as your assumptions. Track your company’s risk management progress over time. From this analysis you may establish processes to assess ethics and compliance risk.

You’ll want to include plans for a quality assurance team that will check the accuracy of your internal assessments. Having this internal check will help ensure there are no surprises when external auditors or regulators show up.


Done correctly, the analysis phase should highlight areas for improvement. Using these insights, develop practical solutions tailored to your organization. Innovate, establish, and test potential solutions to problems with relevant stakeholders.

New threats may emerge at any time and sometimes your solutions simply won’t work. Make sure your plan is flexible enough to adapt to evolving circumstances and make updates as necessary.

The key to success is regular assessment and improvement. Staying on top of compliance demands is essential as well. In addition to the other relevant risks, make sure every assessment you perform covers compliance risks.


With your solutions in hand, it’s time for action. Communicate them to relevant executives, key managers, and employees so they can buy into the process and execute. Make sure to include a plan for auditing their compliance as well, ensuring that everyone is held accountable and issues can be addressed quickly.

Ask the right questions to make sure you have the necessary control over all aspects of your company’s strategic risk response. Everything should be accounted for. This includes the triggers that initiate responses to risks, the individual tasks and activities employees must take in response, and the ability to accurately forecast deliverables and outcomes in these situations.


Setting up a risk management system takes time, and it’s important to protect that investment by sustaining your program through a continual review process. This could be an annual, monthly, or quarterly depending on what works best for your business.

No matter the size of your organization, it’s always possible to miss something. Stay on top of trends by seeing what other organizations are doing.