This paper reveals that, despite the recent financial crisis, risk management continues to focus on regulatory compliance rather than on a more comprehensive and enterprise wide view of risk. One promising development, however, is the significant investment in information technology (IT) over the past few years, which enables more controls to be automated rather than manual, with the potential for fewer human errors and better documentation.

Increasing reliance on IT, however, is also a risk as pharmaceuticals and life sciences companies continue transforming from "complete businesses" with all their core and noncore processes managed within each corporation to an increasingly complex web of third-party relationships (i.e., sources, alliances, and suppliers in countries around the world).

The report concludes that companies need to be aware of the risks not only in their own organization, but also in their third-party vendors. They need to view their enterprise, and enterprise risks, in this broader context.