Contributed Commentary by Patrick Hughes

July 22, 2019 | Risk is ubiquitous in all areas of life and risk management is something that we all do, whether we are managing a clinical trial or simply crossing the road. The Oxford English Dictionary defines risk as:

1. A situation involving exposure to danger.

2. The possibility that something unpleasant or unwelcome will happen.

3. A person or thing regarded as a threat or likely source of danger.

4. A possibility of harm or damage against which something is insured.

5. A person or thing regarded as likely to turn out well or badly in a particular context or respect.

When we think of what "risk" means to us personally, it can have both negative and positive connotations, it's emotional or situational and is highly subjective. Some people like taking risks while others are more risk averse. Different perceptions need different ways to manage risk – regardless, we can't eliminate it, but we can manage it effectively to our advantage!

Risk exists in many day-to-day situations and usually comes with potential benefits. We are all risk managers, assessing the risks and benefits before we act.

• "Is it worth it?"
• "Is there anything I can do to reduce the Risk(s)?"
• "Is there another better way to get to my objective?"
• "What are my chances to get to my objective?"

The Origin of Risk Management

The study of risk management began after World War II. There are some important takeaway messages from a book written by Peter L. Bernstein "Against the Gods: The Remarkable Story of Risk".

"By showing the world how to understand risk, measure it, and weigh its consequences, a group of thinkers [Galileo, Pascal, Gauss] converted risk-taking into one of the prime catalysts that drives modern Western society."

"Since the beginning of recorded history, gambling—the very essence of risk-taking—has been a popular pastime."

Undertaking risk assessments and implementing risk controls helps us to focus on what really matters. If we take the game of roulette as an example, one places a bet on one or more numbers, a ball rolls around a circular wheel (roulette) and eventually falls into one of the 37 (or 38 in US) pockets on the wheel. The benefit is if the ball falls in the pocket that corresponds to your number, you win a payout. The risk is you lose your bet. There are three methods to manage that risk:

Risk management is not new, we are all trained on its core principle: Think before you Act! In the roulette example, the "unsupervised" approach gives the lowest risk outcome and best chance of success. It is the same in clinical trials—researchers know what they know so always try to test for it and make sure it isn't happening using a sort of "supervised" approach. This has its merit and is valuable BUT what about what they don't know?

A Risk Example: Have you thought about the ROI of a Smoke Detector?

When installing smoke alarms, we're not questioning the return on investment. We're not hoping that it will ring, we just want them there to warn us if something goes wrong. We make the investment because we want to protect our family first as much as our investment.

NFPA published some interesting metrics about the use of smoke alarms in the US. A whopping 40% of "home fire deaths in 2012-2016 were caused by fires in properties with no smoke alarms" or the "risk of dying in reported home structure fires is 54% lower in homes with working smoke alarms than in homes with no alarms or none that worked".

Data Quality Oversight (or Central Statistical Monitoring) is no different. It's not just about Risk-Based Monitoring, it’s not just about efficiency and therefore it's not just about determining the ROI. It's about protecting your patients and the significant financial investment it represents to run a clinical trial. It's there to put your mind at rest and that is priceless.

Risk Management in Clinical Trials

In all clinical trials, the risk exists. Sites and sponsors need to stop wondering if a risk-based approach to any given clinical trial is the right thing to do. The FDA's latest guidance document on the risk-based monitoring of trials reinforces the importance of performing a risk assessment before the study starts for all clinical trials, not just large Phase IIB or Phase III trials as the popular misconception seems to be.

Implementing a risk-based approach into a clinical trial does not introduce new risks but enables the existing ones to be better managed. It all depends on the Risk Management Strategy (Random vs Supervised vs Unsupervised). In all clinical trials, the level of risk is different, and one size does not fit all. Avoid complex strategies for simple projects but a strategy is still crucial. Technology is a catalyst to risk management, helping you to focus on what really matters (that you may or may not have anticipated). This is where the unsupervised "leave no stone unturned" approach comes into its own. It's the ultimate safety net and insurance policy for a trial and all trials will benefit from the approach from a patient safety and ultimate success perspective.

We're seeing a paradigm shift towards an entirely different Risk-Based Approach to Study Execution (RBx) from pre-study risk assessment, through risk identification and control to final auditable documentation. The focus should not only be on how monitoring activities address the risks. There are a number of unrelated activities that may help prevent or detect potential issues earlier. The resource rationalization and its related "focus on what really matters" concept are equally applicable to edit checks, queries, medical review, safety review etc. CluePoints calls this "Data Quality Oversight" and employs a boil-the-ocean approach to make sure that all important anomalies are surfaced for further review. The result is that, in some cases, interrogating operational metadata, such as the time of day that electronic diaries are completed, has determined cases of impropriety at clinical sites and appropriate actions have been taken to exclude that data. Hence, highlighting the need to explore all possible risks and not just the obvious primary endpoints and safety data.

Patrick Hughes is Chief Commercial Officer at CluePoints. Patrick holds a Marketing degree from the University of Newcastle-upon-Tyne, UK, and a post-graduate Marketing diploma in Business-to-Business Marketing Strategy from Northwestern University - Kellogg School of Management, Chicago, Illinois. Responsible for leading global sales, product, marketing, operational and technical teams throughout his career, Patrick is a Senior Executive with over eighteen years international commercial experience within life sciences, healthcare and telecommunications. He can be reached at patrick.hughes@cluepoints.com.