Case Study - Regulatory Affairs

Incomplete FDA New Drug Application (NDA) Data Submission

The Facts
PharmX has pending NDA's on some novel medications. It utilizes the services of six different Clinical Research Organizations (CROs) to administer its Phase 3 clinical trials, which are taking place in eight different countries.

PharmX's Regulatory Affairs personnel work from two different IT platforms, depending upon their location. Some CRO's have the capability to provide PharmX with clinical data electronically. Other CRO's submit handwritten results to PharmX on its standardized templates.

PharmX's Regulatory Affairs team is very short on staff - between headcount pressures related to tight budgets and the departure of two key individuals, the group is struggling to keep up with information received from the CRO's and relies heavily on temporary specialists.

PharmX has undertaken a global Enterprise-Wide Risk Management Program.

Identification
During the interview phase of the project, members of the Regulatory Affairs team note that the company may have a major vulnerability because clinical data from all the CRO's may not always make it into NDA submissions.

Sometimes incongruence between the IT platforms has caused issues during data reconciliation. Moreover, informational and statistical audit processes are not always followed due to time pressures.

Assessment
Upon follow-up in a multi-functional workshop, the "inherent risk" associated with incomplete or inaccurate NDA submissions is validated as "very high" in both Impact and Likelihood.

According to the Regulatory Affairs experts, the need to make even minor post-submission revisions could delay regulatory approval by at least three to six months. Larger issues that cast material doubt on the accuracy of the submission could delay review and approval by more than one year.

Business Unit staff estimate that the cost of launch delays, as well as the loss of credibility with regulatory agencies, could potentially run in the hundreds of millions of dollars. The public perception/ credibility cost to the company is incalculable. Among other things, the following key findings are noted:

  • IT system integration and system validation is required.
  • Independent benchmarking is needed to gauge the effectiveness of current processes and manpower and to identify any additional training that's required.
  • Processes, procedures and controls must be reviewed and revised
  • CRO training on PharmX policies and procedures is needed. CRO reporting processes should be standardized and should require electronic submission of all data. A new audit system is necessary to monitor CRO performance and the validity and accuracy of submitted results.
  • New internal controls are needed to assure the accuracy of data included in regulatory submissions.
  • Regulatory Affairs is perceived as a "back room" operation within the company. Many are unaware of the critical significance of proper and timely performance by this team to the corporate "bottom line".

Response
Risk Owners are identified and task forces are established to develop detailed Mitigation Plans and proposed budgets. Plans, recommendations and proposed budgetary requirements are presented to the Risk Council.

The Risk Council consolidates this work with that produced by other teams to create the Annual Risk Report and Recommendations, which are part of the annual budget and strategic planning cycle.

  • Once Mitigation Plans are accepted and budgets are approved, implementation teams are designated to address each challenge and to execute the approved Mitigation Plans. The Risk Council oversees progress and monitors performance against objectives.
  • IT systems are harmonized.
  • Audit procedures are improved to detect flaws in data reporting before submissions are filed.
  • Work flow and responsibilities are reviewed.
  • CRO interactions are reviewed and standardized; electronic reporting and tracking systems are installed. Appropriate training is conducted.
  • Regulatory processes and procedures are reviewed and revamped. Training is performed with all relevant personnel.
  • Opportunity benefit: Because of improvements in technology and workflow, Regulatory Affairs is able to meet its responsibilities with fewer people, resulting in savings from reduced headcount.

Management & Monitoring

  • The Risk Council facilitates self-assessments within the Regulatory Affairs organization and manages periodic audits against approved processes and procedures.
  • Certain reporting relationships are modified and internal process improvements are monitored with agreed-upon metrics, based upon comparative benchmarking. Human Resources monitors performance with head of Regulatory Affairs at least annually.
  • Regular audits objectively assess CRO performance. An annual certification process is developed.
  • IT platforms are kept up to date and regularly monitored for performance and accuracy. An IT liaison position is established for Regulatory Affairs. This individual becomes a specialist in Regulatory Affairs IT systems and supporting software.
  • Opportunity benefit: Due to the enhanced and coordinated electronic integration of data, Regulatory Affairs' workload becomes more consistent. Workflow improvements, improved morale, and the reduced need to amend prior regulatory submissions result in the submission of two NDA's three months earlier than anticipated. Global Strategic Marketing estimates that the earlier submissions could result in $10 to $20 million in additional sales revenue per month for each product. (Total opportunity value: $60 to $120 million in additional revenue).
  • "Best Regulatory Practices" are now viewed as essential to competitive advantage. Regulatory Affairs gains new prominence as a "mission critical" function.

All progress and continuing challenges are reported at least annually to the Risk Council.