organizational learning from perfect storms fda regulatory ... · most consent decrees require a...
TRANSCRIPT
© 2007 Quantic The Quantic Group, Ltd., All Rights Reserved
The Quantic GroupSM
Organizational Learning from Perfect Storms
FDA Regulatory & Compliance Symposium at Harvard, Cambridge, Mass
Claudio PincusOwen Richards
Dan PincusTim Oswald
August 24, 2007
Rev 07
1© 2007 The Quantic Group, Ltd., All Rights Reserved
Copyright 2007, The Quantic Group, Ltd.
This document contains and refers to methodologies that are a Trade Secret of The Quantic Group, Ltd. and are presented with the purpose of describing Quantic’s capabilities or experiences. These Methodologies remain the exclusive property of The Quantic Group, Ltd.
Contact Claudio Pincus, PresidentThe Quantic Group, Ltd.5N Regent Street Suite 502Livingston, NJ [email protected] 992 0505
2© 2007 The Quantic Group, Ltd., All Rights Reserved
Introduction Perfect Storms
Over 20 years, many major companies have been cited and fined for GMP and related regulatory actions
Product is deemed adulterated even though within specifications
Due to unforeseen forces, “good people” get blindsided
Industry has been far more injured by manufacturing issues than other issues
3© 2007 The Quantic Group, Ltd., All Rights Reserved
What we’ve seen
Management has in most cases demonstrated surprise, or has been blindsided by situations they did not see.
“We honestly didn’t know we had this problem.”
4© 2007 The Quantic Group, Ltd., All Rights Reserved
Examine the Causes of Blinding
This paper attempts to define the “blind spots” for management
We will not address people acting with malicious intent
5© 2007 The Quantic Group, Ltd., All Rights Reserved
The Cost of Failure is $30+ Billion
Cost of Non-Compliance
Discontinuation of ProductsProduct lost market shareLate new product introductionReputationFines
Consent Decrees require major remediation and interventions over long periods of time
Very few Consent Decrees have been vacated
6© 2007 The Quantic Group, Ltd., All Rights Reserved
Consent Decree Contents
Most Consent Decrees include Management Controls
Third party to assess corporate operations and site management capabilities to ensure compliance
Establish policiesEmpowerment of Quality UnitCreation of Quality SystemsEvaluate adequacy of organizational skills and numbers
The third party evaluates data, interviews, communications, performance reviews, metrics, and incentives for the organization and reports to FDA
7© 2007 The Quantic Group, Ltd., All Rights Reserved
Imposes Outside Oversight
Most Consent Decrees require a third party to review and certify investigations and batch disposition as a surrogate for the Quality Unit
This action, de facto, is a declaration that there is no trust by FDA of the decision ability of the Quality Unit until certification
8© 2007 The Quantic Group, Ltd., All Rights Reserved
Implications for Management Controls
IntrusiveChallenges past behavior and decisions“Adequate” is open to interpretation
Therefore,organizational effectiveness for compliance is key for determining adequacy
9© 2007 The Quantic Group, Ltd., All Rights Reserved
FDA Sends a Compounding Message
A. The QUALITY ASSURANCE UNIT failed to follow written procedures, which require oversight and review responsibilities
B. Company failed to have a QUALITY CONTROL UNIT adequate to perform its functions and responsibilities
C. Company failed to establish procedures for MANAGEMENT with executive responsibility to review the suitability and effectiveness of the quality system to ensure that the system satisfies the requirements
10© 2007 The Quantic Group, Ltd., All Rights Reserved
CASE 1
A company merged years ago and created standardized processes for all factories
Self-assessment reports confirmed that changes were implementedAfter the merger, one factory grew from a focused one product, US Market, high volume factory to multiple presentations and many other products for Global supply
District FDA had considered the site a model factory 10 years ago
An FDA audit, with new auditors, determined that there were major management and operational compliance gaps
The company suffered because of misperceptions by management of the consistency in applying new policies, and the acceptance of new processes, procedures and systems
11© 2007 The Quantic Group, Ltd., All Rights Reserved
CASE 2
The company received a 483; Operations and management knew that the site had antiquated technology but believed it was adequate for biological production
All previous discussions regulators were science-focused, and positive,
Knew that the technology and facilities were out of date with similar facilities
FDA changed its audit approach with Team Biologics, and cited major gapsThe company had relied on the FDA to define the acceptable state of compliance, and did not remain current with FDA and industry standards
Company convinced that they were in compliance – with the “old” standards
12© 2007 The Quantic Group, Ltd., All Rights Reserved
CASE 3
The company created a decentralized global network of factories allowing each region to interpret and implement processes against broad global quality standards
They relied heavily on corporate auditors to evaluate sitesReported risk to the compliance office
Sites were rewarded based on comprehensive performance metricsincluding financial, customer and compliance metrics;
The compliance metric was “Number of 483 observations received”Investment was made commensurate to the future role of the factory
Factories with lower roles received less investmentThe decentralized factories moved products without regard to compliance capabilityThere was no central Quality Leader
Strong empowerment and accountabilities were expected from each site operation
FDA realized that the sites were no longer compliant, that products and processes were transferred between the sites with very different procedures, and that management did not have an adequate estimation of needs to ensure compliance
13© 2007 The Quantic Group, Ltd., All Rights Reserved
CASE 4
Company supported the integration of biologicals and the pharmaceutical business; Created a single centralized management process with one set of policies and procedures
Management did not appreciate the resistance to changeThere were changes in the regulatory inspectorate and major improvements by peersManagement was not informed that FDA had changed to a “Team Biologics” approach The biologicals employees believed that their products were scientifically different and therefore regulators interpreted the GMP based on science instead of manufacturing process and QA controls (Pharm GMPs)
Management did not recognize, nor was informed of, the risk to ‘cultural compliance’, and resistance to change
14© 2007 The Quantic Group, Ltd., All Rights Reserved
Culture of Compliance
“The Bus”
15© 2007 The Quantic Group, Ltd., All Rights Reserved
Conclusions about the Culture of Compliance
Culture of compliance is the group dynamic of knowing Why you comply, and What principles we rely on
Culture leads to celebration of “good” behaviorGroup self-enforcement
Community provides feedback to leadersRecognizing leaders, teachers, and mentors
Creates continuous learningValues are reinforced and clarified over timeApply values and mission to achieve agreement in specific situations
When outsiders enforce procedures, they may enforce whether they apply or notProcedures prescribe actions
Rules replace values when people forget why
16© 2007 The Quantic Group, Ltd., All Rights Reserved
From the Bus Story
Culture Expected behaviorSelf EnforcementContinuous learningReward and peer pressure
Leadership Message clarity and repetitionMentor and develop peopleRole of adults, parents and teachers
Management Create policiesEstablish proceduresAudit and EnforcementIncentives
Power Authority of outsidersInterventionInterpretation of the rulesPunishment
17© 2007 The Quantic Group, Ltd., All Rights Reserved
Culture of Compliance
Organizational effectiveness for compliance is achieved
by knowledge of why, what to do and how to comply
andwhen deficiencies are detected
predictable and consistent correction occurs
18© 2007 The Quantic Group, Ltd., All Rights Reserved
Culture of Compliance
What groupings of tools do we have to influence the agreement as to the Why/What to do questions vs. the How to questions?
Leadership Tools
Cultural Tools
ManagementToolsPower Tools
Exte
nt to
whi
ch p
eopl
e ag
ree
on W
hy a
nd W
hat t
o do
Bro
ad C
onse
nsus
No
Con
sens
us
Adapted from C. Christensen, M. Marx, H. Stevenson, The Tools of Cooperation and Change, Harvard Business Review
Extent to which people agree on How to
Broad ConsensusNo Consensus
19© 2007 The Quantic Group, Ltd., All Rights Reserved
Culture Discussion (+)
Culture is the set of behaviors that are known to the group,
which celebrates right behavior and
self-corrects wrong behaviors
Positives
The organization can continuously learn and self correct“we hire the best and rotate them, starting in Quality”“Manufacturing controls itself, and does not rely on QA to catch mistakes”
Culture is systemic
20© 2007 The Quantic Group, Ltd., All Rights Reserved
Culture Discussion (-)
The group fails to remember the ways to perform the behaviors or replaces the group decisions with procedures
NegativesDifficult to change
“GMP do not apply to vaccines”“OTC can not compete under such an interpretation”“The merger failed and we no longer comply because we did not agree on new processes”We will change the culture in Puerto Rico for them to accept newprocedures”
Mergers and new management often need to change culture but fail toDecentralized companies have multiple compliance positionsChange is very difficult especially when imposed from the outsideDifferent regulatory authorities create different culture (FDA v. EU) and can be difficult to integrate
Compliance failures occur when management does not recognize resistance to change
21© 2007 The Quantic Group, Ltd., All Rights Reserved
Leadership (+)
The actions and messages management takes to enable the organization to reach agreement on What to do & WhyPositive
Credo, vision and mission statementsThe patient is our customer and not the regulatorCompliance is declared as a competitive advantage
Get products approved fasterSingle message of compliance
Compliance is not a derivative of qualityWe shall not rely on the government to defineRecognize that compliance must equally be satisfied in times of growth or declineYou can always be more efficient, but not more than compliant
22© 2007 The Quantic Group, Ltd., All Rights Reserved
Leadership (-)
Actions that attempt but fail to create success Negative
Assumes that our employees will do “noble” work just because it is a medicine for a patientMessages are not supported by deeds – No Walk the Talk
People can “spot the fake”, but corporations try to have both ways
There is conflict between the budget and the compliance goalsDoes not realize that compliance takes investmentRewards are not commensurate with resultsAtmosphere of intimidation and retributionAssume that any new system changes will incorporate compliance at the same level (or better) – Ignore the learning curve, no interim controlsMistakes compliance as only science or facility/operational or QADoes not recognize that compliance is perishable
Over time operations are no longer aligned or adjusted
23© 2007 The Quantic Group, Ltd., All Rights Reserved
Power (+)
Internal
Often organizations recognize the compliance deficiencies and create temporary organizations focused on the situation –Provides attention, importance, urgency and interim controls
External
Regulatory action often results in a third party intervention as a surrogate to management and the Quality Unit in critical productcompliance decisions
24© 2007 The Quantic Group, Ltd., All Rights Reserved
Power (-)
GMP/GxP assumes knowledge and controls at the lowest level of involvement by personnel to ensure repeatability and consistent right decisions
Does not result in a learning organization
Difficult to scale to the whole organization
Disenfranchises the workers
Relies on the “power” of testing Quality into the product, because of lack of control in GMP processes
25© 2007 The Quantic Group, Ltd., All Rights Reserved
Management (+)
Create consistent and well defined processes, procedures and organizations designed to achieve compliance, quality and business requirements
The new ‘Quality Management System’ provides assurance that each and every operation can implement compliant practices on a consistent basis
GMPS of the 21st Century are based on Quality Systems and Risk Management concepts
Management controls are defined in several Consent Decrees, including the responsibility to create policies, establish a Quality Unit and the controls necessary to ensure site compliance
26© 2007 The Quantic Group, Ltd., All Rights Reserved
Management (-)
ProceduresIn place vs. In useOver reliance on proceduresSystems = Process+ Procedures+ Organization Effectiveness+ Decision Process
AuditsCorporate vs. Organizational KnowledgeReliance on FDARoot Cause vs. LearningFocus on Science vs. Facilities vs. QA
Risk and the Compliance OfficeRisk vs. SeveritySystem FailuresGMPs of the 21st Century Empowerment vs. EnforcementPerishable Compliance
MetricsRight the First TimeQuality vs. ComplianceLeanIncremental Deterioration
27© 2007 The Quantic Group, Ltd., All Rights Reserved
Good Assessments consider both In-Place & In-Use
Most reports to management on operational compliance describe the “in place” processes and procedures
Often management is blind to the poor “in use” complianceFDA Focuses first on In-Use then In-PlaceEMEA focuses first on In-Place then In-Use
Companies need a continuous In-Place/In-Use evaluation/redesign
28© 2007 The Quantic Group, Ltd., All Rights Reserved
Internal Audits
Audits only detect a small number of gaps and noncompliance trends
Operations knows 80% of gapsAudits focus on in place v. in useAuditors only visit a site at a point in time and at best detect a small percentage of gapsRisk analysis is performed with limited data
Needs a total disclosure process and incentivize operations to declare compliance risks
29© 2007 The Quantic Group, Ltd., All Rights Reserved
Regulatory Audits
Relying on regulatory audits has blinded management to the true state of compliance
Regulators do not certify sitesDo not profess to be comprehensiveDependent on inspectorsFocus on outputs before assessing process and organization
The commonly used compliance metric of number of 483 observations is a very poor predictor of future compliance
30© 2007 The Quantic Group, Ltd., All Rights Reserved
Root Cause vs. Organizational Learning
Most deviation investigational processes end with the identification of “root cause”
Seldom does the event create a process for institutional learningMistakes are often repeatedManagement assumes that the organization has learned
Recognize and reward systemic learning by investigational teams; follow up on implementation of CAPA
31© 2007 The Quantic Group, Ltd., All Rights Reserved
Tensions between Science, Facilities and QA
Different emphasis is placed on key elements of compliance by different groups and individuals
This results in an incorrect assessment of the overall state of compliance
For example, too much focus may be given to scientific aspects of quality, neglecting the facility elements or the QA Processes
Management can get blinded by not recognizing an organizational bias towards or away from one aspect of the Quality Unit focus
Science
QA ProcessFacilities
32© 2007 The Quantic Group, Ltd., All Rights Reserved
Risk
Risk evaluations are performed with data from internal and external sources; classification of risk often confuses risk with severity; it discounts as “minor” a great number of frequently occurring gaps that are indicative of a system failure
Change the risk evaluation process to assess system performance
Risk = Severity * Frequency
No system
System Failure
Performance Failure
Severity
Frequency
33© 2007 The Quantic Group, Ltd., All Rights Reserved
GMPs of the 21st
Century
The new FDA GMPs of the 21st Century initiative and ICH expect increasing investment in product/process knowledge based on risk parameters as well as a comprehensive quality system
Great opportunity for industry to become more agile and flexibleCompete with less FDA oversightIntroduce new technologies
It could backfire if failures are not detected because of lack of investment in knowledge
34© 2007 The Quantic Group, Ltd., All Rights Reserved
Compliance is Perishable
With time, organizations, facilities and programs lose capabilities
Continuous investment is needed just to maintain current compliance
Often management gets blindsided when past investments have depreciated, and they do not recognize the magnitude of investment to maintain current compliance
35© 2007 The Quantic Group, Ltd., All Rights Reserved
Views on Right the First Time
Right the first time is a major metric fro efficiency and compliance, however they have different meanings
If management relies on a six-sigma based definition as a measure of compliance, they will have a false sense of security
Efficiency
Right the First Time is a goal of Six Sigma initiatives that seek to optimize the return to shareholders
When not right is measured in wasted $, time, or opportunity
Compliance
Right the First Time is a demonstration of product and process knowledge
A measure of repeatability
When not right, requires investigation and correction to safeguard the patient
36© 2007 The Quantic Group, Ltd., All Rights Reserved
Lean
Lean programs drive operational efficiency, often reducing the control points in use to ensure compliance
Management has been told that Lean results in efficient, effective and therefore compliance operations
Often, lean programs are not based on product and process knowledge
Knowledge Control Improvement Lean
37© 2007 The Quantic Group, Ltd., All Rights Reserved
Incremental Deterioration
Over time, factories are not compliance because they have undergone many changes; Neither the equipment, facilities, procedures, systems nor organizations are adequate for current demands of products and regulators
New products require different technologiesNew markets require satisfaction of different regulatorsDeviations result in changes to SOPsLean programs result in fewer controls
Management needs a “zero” baseline assessment of the total operational capabilities
38© 2007 The Quantic Group, Ltd., All Rights Reserved
Summary of a perfect storm
Good companies get blinded to compliance risk, and pay severe penalties
Leadership Misperception of agreement that people will follow change; belief that people will act nobly and comply
Provide clear, simple and achievable goals that enable intrinsic motivation
Compliance is perishable; Factories often reach total compliance failure due to substantial change to product mix and markets
Provide continuous investment and reinforcement
Management Overly rely on procedures; confuse procedure with systems; assume in place is in use
Apply holistic quality systems approaches
Overly rely on audits; read an absence of negative as acceptance by auditor
Expect Operations to evaluate and disclose
Culture Failure to realize resistance to change; esp. after mergers, reorganizations, new strategies, new policy or procedure, new capital investment, new systems
Build on the strengths of the existing culture
39© 2007 The Quantic Group, Ltd., All Rights Reserved
Questions?
40© 2007 The Quantic Group, Ltd., All Rights Reserved
Thank you,ClaudioOwen