“Risk Management is a continuous process designed to proactively identify and mitigate risks to help promote the achievement of the organization’s objectives, strategy, and mission. Risk management also drives accountability and integrity of the organization’s work and helps ensure individuals within the organization see it as their responsibility to reduce risk as part of their daily jobs. The panel will explore specific issues relating to risk management in the international setting.” (Workshop Agenda)
Manning Muntzing, A Founder and Director of the International Risk Governance Council (IRGC), described the goals and activities of this relatively new organization. Based in Geneva, Switzerland, IRGC aims to support governments, businesses and other organizations in many countries and to foster public confidence in risk governance and in related decision-making. It reflects different views and practices on risk governance, provides independent authoritative information, contributes to understanding and assessment of important risk issues, and designs innovative, efficient and balanced governing strategies (IRGC, 2010).
1In this section and other sections summarizing presentations, views and opinions are attributed to the presenter unless stated otherwise.
IRGC has issued a number of publications exploring how its risk governance framework can be applied in various contexts and making recommendations for appropriate strategies. IRGC’s report on risk governance in nanotechnology is a good example (IRGC, 2007). The organization’s reports are prepared by experts from around the world, and are intended to incorporate conflicting opinions in order to reach an objective result.
Suzanne Servis, Director of the Risk Management Program at the National Institutes of Health (NIH), explained how NIH understands and manages risk. NIH’s general experience has been that outstanding management practices are essential to sustainable scientific innovation. Scientific merit is addressed through many internal and external processes at NIH, so the focus of risk management is on operational areas that support science such as finance, grants, information technology, radiation safety, and animal welfare.
A basic concept is that risk is the uncertainty around a future outcome. Framed in this way, risks are all around, and risk management is a continuous process. If risks are not managed effectively at research organizations the result can be a loss of public trust. Possible dangers include not allocating resources to address the higher priority risks, and complacency that might come from the mere existence of systems and processes in a given area. Looking at NIH’s structure, risks can come from intramural or extramural projects, ethics, facilities, and human resources.
Ms. Servis reviewed several areas of possible risk. Examples include inadequate human subjects protection due to faulty protocols or informed consent procedures. Problems might arise in extramural research if information is not disseminated within the grantee institution. Samples and other assets might be lost if the proper temperature and humidity conditions are not maintained in storage facilities. Policies and structures may not be in place to address risks, such as Institutional Review Boards (IRBs). Information technology security policies put in place to protect private information and maximize data integrity may not be adequate. Are these evaluated proactively in order to see how they are working, or only reactively in response to a breach?
NIH’s risk management approach has a number of goals: (1) Support the NIH research mission and vision, (2) Provide a consistent and cross-
cutting look at risks across NIH, (3) Identify risks and proactively manage those that present the highest risk to NIH, (4) Develop data and information about NIH risks, and (5) Improve strategic planning with data and information about risks. Figure 6-1 illustrates NIH’s risk management methodology.
Several issues are apparent in implementing this methodology. To begin with, the key subject matter experts need to be involved, particularly in identifying risks. Risks are scored based on the impact that it could have on the organization and the likelihood of that risk occurring. They are then plotted. Those risks that are of high likelihood and high impact are where effort should be focused.
Ms. Servis gave a hypothetical example to illustrate. Suppose an inexperienced researcher removes tissue samples from an organization without patient authorization. Then the researcher’s interest in personal gain could undermine the rights of human subjects, creating a conflict of interest. In the “assess phase” it might be determined whether researchers had received the required training in human subject protection. If the result is a finding that fifteen percent of researchers had not received the training, the business owner would be tasked with formally tracking the completion of training, and to develop a corrective action plan to fix the problem. Developing policies to communicate the importance of training to the research community, or to restrict researchers who have not completed training from participating in protocols, represent other options.
Risks and corrective action plans need to be inventoried and monitored over time, because they change. If significant progress is made, the risk might be rescored. Management should be provided with regular information on what risk assessments are being done, the results, and corrective action plans.
Maria Velez de Berliner, Managing Partner at Intelligent Decision Partners, LLC, discussed the less obvious risks that sometimes can do significant damage to organizations. These risks may arise from external political, economic, or social conditions. Decision-makers need to recognize the global nature of risk, and understand that information will usually find its way to the public arena.
One element is the nature of governments. Democratic governments have a proclivity to interfere in collaborations. Some research—on atomic
FIGURE 6-1 NIH risk management program, methodology The NIH Risk Management methodology is a customized six-step approach that provides a standard means of addressing risks and assessing internal controls.
SOURCE: National Institutes of Health.
weapons, human subjects, and so forth—is heavily regulated in the United States and elsewhere. In some countries, provincial or state regulations have more weight than national level rules. And changes in national or provincial governments that result from elections may affect the regulatory environment or the funding for research. Even if these changes cannot be predicted, it is important to consider the possibilities.
Dr. Velez de Berliner pointed out another emerging reality. U.S. institutions are not the only ones launching collaborative research efforts in countries such as Brazil and Columbia. Chinese researchers and institutions are also pursuing collaborative research agreements.
As has been mentioned by other speakers, it is important to understand the cultural and institutional context of potential partners when agreements are negotiated. Even with a detailed written agreement, enforcement may vary in different countries. It is always important to ask “what can go wrong here,” and “what is the worst that can happen”? The BP oil spill of 2010 showed how difficult it is to cope with low likelihood-high consequence risks.
The context for the Risk Management breakout session was set by a paraphrase of the Sufi sage Mulla Nasrudin: “Good judgment comes from experience. Experience comes from bad judgment.” The context for managing risk in international research collaborations includes the global challenges addressed by collaboration, the greater ease of communications, and the possible impact of negative consequences.
Individual participants made a number of points during the discussion. This is a non-exhaustive list, and is not intended to represent consensus views of the workshop or the breakout session:
- Organizations and researchers cannot eliminate risk, they can only minimize and mitigate it. Participants in collaborations are challenged to prepared to deal with risks that were not anticipated, while trying to imagine all the eventualities that they can.
- It is helpful for participants in international collaborations to understand their international counterparts as fully as possible. A shared vision among collaborators can be important. Establishing relationships can be vital to establishing successful collaboration, and is preferably done prior to a formal contract.
- Involving university deans and others who can help ensure implementation can be critical. Overseas visits can be very helpful.
- Encouragement and support for student visits abroad and exchanges could be helpful. Some universities are doing a lot, but overall only a small percentage of U.S. students have a study abroad experience.
- Cultural issues in U.S. academia can be an important factor. It is important for U.S. academics to understand some ways in which they might be different from academics elsewhere. For example, American faculty can be fiercely independent, and they might take the view that their actions do not reflect on their institution. They may lack awareness of centers of excellence outside the United States. Students can drive internationalization and encourage reluctant faculty to modify the curriculum or to give credit for courses taken elsewhere.
- Sample suggestions for successful collaborations: (1) Seek mutual interests at the outset, (2) Identify benefits for each participant, (3) Ensure that collective resources are sufficient to achieve objectives, (4) Ensure that agreements are made at the right level to commit necessary resources.
- Potential partners outside the department: (1) The business school, which may have international programs, (2) Federal labs which have international activities, (3) States with international consortia (e.g., Washington, Oregon), (4) International universities, INSEAD being an example.
IRGC (International Risk Governance Council). 2010. IRGC Summary Information. Geneva. Available at http://www.irgc.org/IMG/pdf/IRGC_SumInfo_13July.pdf (accessed January 2011).
IRGC (International Risk Governance Council). 2007. Nanotechnology Risk Governance: Recommendations for a global, coordinated approach to the governance of potential risks (Policy Brief). Geneva.