Dr Liz Breen

1

• Dr Liz Breen
• Lecturer in Operations Management
• University of Bradford, School of Management

2
Agenda

• What are the risks in the supply chain?
• How can risk be assessed?

3
Reminder.

• Nature of the overarching research project, which
  this study is part of.
• To investigate the prevalence and nature of risks
  in the pharmaceutical supply chain in the NHS.
• The research bid, for approximately 250, 000,
  was reviewed and received a 50 vote so is due to
  be resubmitted end of 2006.

4
What are the risks in the supply chain?
5
Risk what is it?

• Supply risk is defined as the potential
  occurrence of an incident or failure to seize
  opportunities with inbound supply, the outcome of
  which results in a financial loss for the firm
  (Zsidisin et al, 2006).
• The essence of risk management lies in
  maximising the areas where we have some control
  over the outcome while minimising the areas where
  we have absolutely no control over the outcome
  and the linkage between effect and cause is
  hidden from us.
• Peter Bernstein - Against the Gods (Buck and
  Riches 1999)

6
Risk Management

• Sources of risk in the PSC affecting hospital
  pharmacy?
• Product discontinuity, poor performance, patient
  safety/dispensing errors, technological errors
  (causing stock shortages in pharmacies), internet
  pharmacies and counterfeit drugs.
• By understanding risk, we can take steps to
  remove unnecessary risk e.g. product
  discontinuity poor performance patient
  safety/dispensing errors,
• .and ensure the equal distribution of necessary
  risk e.g. new markets entrants e-business.

7
Risk Management - statistics

• The Department of Health estimates that one in
  ten patients admitted to NHS hospitals will be
  unintentionally harmed. The most common incidents
  reported in 2005 were patient injury (due to
  falls), followed by medication errors, equipment
  related incidents, record documentation error and
  communication failure (National Audit Office,
  November 2005).
• A human influenza pandemic represents what risk
  managers call a low frequency/high severity
  event, same as hurricanes, tsunamis and
  earthquakes. Agencies predict its global effects
  could include more than 7 million deaths, 25-50
  of the worlds workforce off work, 800 billion
  in economic damage and major disruptions to every
  industry and their supply lines (Drawas
  200614).

8
Risk Management - statistics

• Medication errors alone equate to 200-400
  million per year in the UK, and to this must be
  added the unknown cost of errors in primary care
  and litigation (Matthew and Bain, 2006).
• Considering the subject of counterfeit drugs
  within the PSC, the Medicines and Healthcare
  Products Regulatory Agency is currently
  investigating 117 internet-related cases where
  medicines legislation has been potentially
  breached (BBC News, 2006).

9
Chopra and Sodhi 2004. Pg 54
10
Supply Risk Sources

• Financial instability or financial failure of a
  supplier
• ineffective management in the supplier firm
• problems in electronically sharing information
  with suppliers
• suppliers incorrectly interpreting our
  requirements
• natural disasters or acts of God affecting
  suppliers operations
• political instability/ war affecting suppliers
  operations
• long physical distances between buyer and
  suppliers
• inability to influence suppliers
• lack of alternative suppliers
• inability of supplier to meet increases in
  required volumes (gt20)
• new or unproven product/process technology being
  used by suppliers
• transportation disruptions with inbound supply
  channels
• variability in transportation times with inbound
  supply channels
• possibility of suppliers putting your firm on
  allocation
• incoming product quality problems
• labour/management problems at suppliers
• suppliers exiting market on short notice
• supply disruptions in the second tier
• currency rate fluctuations

(Zsidisin et al, 2006)
11
Drivers in the Pharmaceutical industry are.

• Product time to market
• Regulations
• Divesting excess capacity
• Research efficiency
• Tailored localized pharmaceutical solutions
• Development of designer drugs
• Rapid response vaccines
• SC optimization
• Virtual enterprises
• An estimate of 200400m is required to launch a
  new drug, and an average of 812 years elapses
  from patent filing to first sale (see, e.g.
  Grabowski, 1997).

Shah, 2003
12
Risk Management Workshop November 2005

• Attended by twenty pharmaceutical stakeholders
  including
• NHS Purchasing and Supply Agency
• Pharmaceutical Manufacturers and Distributors
• Pharmaceutical Wholesalers
• Pharmaceutical Consultants
• Specialist Pharmacy Practitioners
• The Association of British Pharmaceutical
  Industry
• The British Association of European
  Pharmaceutical Distributors
• European Association of Euro-Pharmaceutical
  Companies.

13
Risk Management Workshop November 2005

• The workshop had the following outputs
• A map of the current pharmaceutical supply
  network as agreed by all stakeholders in
  attendance
• Identification of examples of risk and where they
  exist on the supply chain map
• Prioritisation of risk as determined by
  attendees.

14
Current top issues in the PSC as identified by
the workshop.

• Poor performance
• Product unavailability
• Patient safety
• Buyer-supplier relationships
• Contract negotiation
• Vendor management
• Inventory management
• Wholesalers v short-line stores
• Unlicensed medications
• Parallel imports
• Counterfeit drugs.

15
How can risk be assessed?
16
Measuring risk - Criteria

• Can include Impact, Severity, Frequency,
  Probability
• Likelihood, Recipient, Control factor.
• May be purely qualitative analysis, e.g. identify
  a risk, determine its severity/probability and
  formulate a mitigation strategy.
• May be based on mathematical modelling and
  simulation e.g. Monte Carlo simulation.

17
(No Transcript)
18
Research conducted as part of award

• Questionnaire constructed based on risk
  assessment and management literature
• Incorporated 15 questions focusing on nature of
  risk assessment and management, drivers, tools
  used, method of analysis, rating criteria, and
  corporate responsibility.

19
Results

• The number of surveys circulated 212 (see next
  slide for breakdown)
• Follow-up e-mails to the pharmaceutical industry
  12
• Response from these 5
• Limitations to methodology timing, database
  source accuracy, access to most responsible
  person, choice of data collection tool.
• Sweetener coffee.

20
Questionnaires circulated
21
Usable responses by sector.Standard Industry
Classifications 1992.
22
Results

• 3 of the 19 companies could not provide a
  definition of risk as used within their company
• The general response focused on the negative
  impact of risk in safety terms and on business
  performance.
• Only 1 respondent seen risk as an opportunity and
  not a negative entity e.g. hazard.
• Risk was seen as been sub-divided into Corporate,
  Tactical and Operational, with the distinct focus
  on the business itself.

23
Why perform risk assessments?

• General consensus
• To meet legislative requirements
• Because the supply chain is complex
• To identify and mitigate against risk
• To manage HS in workplace
• To proactively manage risks to reduce later
  impact
• One respondent focused solely on the business
  to monitor the exposure of the company and its
  stakeholders.

24
What prompts a risk assessment?least important
(1) to most important (7).

• Identification of a hazard (affecting health and
  safety) 6.5
• Identification of an interruption to the
  operation 5.1
• Legal obligations 6.3
• Moral obligations 5.9
• Ethical obligations 5.8
• Health and safety consciousness with staff 5.7
• Health and safety consciousness with customers
  5.4
• To reduce or eliminate risk to heath safety 6
• To reduce or eliminate risk to operational
  performance 6
• Part of staff responsibilities 4.6
• Has to be done as dictated by parent group 3.5
• Compliance with maintenance of standards/accredita
  tion 5.2
• Opportunity to reduce costs 4.4

25
Risk assessment tool/framework/model used

• A recognised/pre-defined model
• NR (4), N (7), Y (8)
• An internally developed model
• NR (1), N (3), Y (15)
• A consultants model
• NR (6), N (10), Y (3)
• A model applied by the parent company
• NR (6), N (11), Y (2)

26
Why this one?

• Meets company needs
• Trained in this one
• Simple yet effective
• Mandatory
• Better outputs
• Covers internal and external riskIt is simple
  for non-risk experts (senior managers) to
  understand at summary level, but provides
  extensive detail behind it for the risk
  professionals to use.

27
Use of other tools (before current)

• 11 of the 19 respondents stated that they had not
  used any other risk assessment tools previously.
• 6 stated that they had e.g. FMEA
• The reason given for not using other tools was
  that they had been superseded, were less
  effective and more complex and that the outcome
  was not always realistic.

28
Qualitative v Quantitative

• Risk assessments can be conducted on either a
  qualitative or quantitative basis.
• 14 of the companies questioned stated that they
  would use a combination of qualitative and
  quantitative tools.

29
What are the key criteria used to formulate a
risk rating?

• Probability of occurrence 95
• Impact on immediate customers and staff health
  68
• Impact on operational capacity 58
• Impact on buyers and suppliers 37
• Controllability factor 47
• Financial Repercussions 42
• Feasibility of elimination 58
• Severity rating 89
• Other 21

30
What are the output categories of the risk
assessment process?

• Low-medium-high risk bands 58
• 1-10 risk rankings 37
• Tolerable-intolerable risk 26
• Long-medium-short term risk 21
• No action immediate action 26
• Probabilities 26
• Other 26

31
Responsibility and review

• The responsibility for RA resided generally with
  more senior management, or with dedicated
  personnel e.g. Quality Assurance Manager or the
  HS Manager, Head of, Director of etc.
• 1 respondent said that no-one was clearly
  responsible so it fell to the MD by default
  whilst another stated that it was their Board of
  Directors.
• A number of respondents felt that all employees
  were responsible for managing risk.

32
Responsibility and review

• The person responsible for managing risk was not
  always the individual who conducted the risk
  assessments (in 74 of the cases).
• The review period for the risk assessment process
  was generally annually.
• 1 company stated that it was reviewed every
  quarter and another every 6 months.
• I respondent agreed that their process was
  reviewed occasionally and another when a risk was
  identified.
• 5 companies felt that it was good working
  practice to continuously review their risk
  assessment practice.

33
General Comments

• The survey response was disappointing so its
  difficult to say if results are representative of
  the pharmaceutical sector or industry.
• The results would indicate that companies
  acknowledge the importance of this issue and its
  impact on both business performance and health
  safety.
• The simplest models appear to be most preferable
  and those most commonly used are developed
  in-house or by consultants.
• Is risk assessment/management something that is
  and has to be done but no-one gets that excited
  about?

34
Thanks.

• To Roger for presenting this for me in my absence
• To PDIG and Pfizer for sponsoring this study
• To the industry for the support they have shown
  and hopefully will continue to show in the future.

35
THANK YOU

• Contact l.breen_at_bradford.ac.uk