The operating cost of risk management has escalated significantly due to increasingly complex compliance and regulatory requirements, which are becoming cross-functional efforts. Many chief experience officers across industries are looking for opportunities to meet such compliance obligations at a lower cost.
To achieve this objective, it is vital for corporate functions to adopt a unified compliance and risk management model based on a common goal to prevent reworks caused by incongruent approaches.
Optimize the development and sale of products
We propose optimizing product development and sales as the common goal for product and service companies. Each relevant corporate function must measure its success based on how well the function optimizes its support of the company’s product development, delivery, sales, service, and maintenance, all for the benefit of end users and customers. The product referenced in this context can be broad, encompassing hardware, software, medical devices, pharmaceutical drugs, services, or experiences. The optimization at issue begins from early product conception through design, development, sales, and post-sales. It includes optimization of the entire product experience, starting from the customers’ purchase and user experiences and extending to potential benefits a product may bring long after the customer’s usage.
Then how can a corporation best optimize its development and sale of products? The answer lies squarely in proactive risk management.
Optimization through proactive risk management
Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.” Similarly, risk prevention is significantly less costly than risk mitigation after the incident. By anticipating potential risks and requisite compliance or regulatory policies from various stakeholders related to each area of the entire product lifecycle, a company can more effectively optimize its product development and sales across its corporate functions. Take steps to address these issues before they arise and put in place procedures to enable systematic response to these risks if they do surface.
In other words, it is critical to clearly identify product development and sales risks in each relevant corporate functional area and manage them effectively. The chain of liability (CoL) analysis model described below is an effective approach to accomplish this objective.
CoL provides an elegant and intuitive tool to naturally align corporate functions to optimize product development and sales through risk management.
What does CoL mean? For simplicity, let us take a general-purpose, business-to-business (B2B) enterprise software company as an example, as shown in Figure 1, to explain the CoL model. A typical enterprise B2B software product life cycle comprises design, development, sale, and post-sale stages. Research and development (R&D) and business units (BUs) are typically responsible for the design phase. BUs, software release management, product marketing, and sales teams are typically responsible for the software development stage as well as planning and implementing the product’s release to the market.
To some extent, sales teams, business operations, and business units are also responsible for the post-sale phase. Let’s look at this chain of activity from a typical legal function’s perspective. During the first stage (i.e., design), we list examples of key risk factors relevant to a legal function. Similarly, under the second stage (i.e., development), the third stage (i.e., sale), and the fourth stage (i.e., post-sale), we list examples of relevant major risk factors, respectively.
Figure 1 provides a holistic view of product compliance management for the company’s legal function. For example, during the design stage, the legal function needs to preemptively consider risk factors related to cybersecurity, product physical security, intellectual property (IP) infringement, data management, innovation management and patenting, and testing adequacy. Some of these risk factors appear again in the next stage, while other new risk factors appear midstage. It resembles links in a chain from left to right; thus, we dubbed this the chain of liability model. A chain is as strong as its weakest point. A risk factor introduced on the left side of this chain may propagate toward the right and adversely impact the stages downstream. Therefore, it is important to consider relevant risk factors as early as possible in the chain (i.e., “shift left in the lifecycle”).
The CoL model then applies a checklist tailored for each function at each stage for every relevant risk factor for each product. This is a chronological process synchronous with product development. Course corrections are recommended in successive stages. Relevant responsible teams focus on risks pertinent to their stage or “link” in the activity chain. This minimizes costly re-architecting late in the development process and reduces overall product cost. Please note that although the example above is software-based, the approach equally applies to various corporate functions for other industries, such as hardware, services, or pharmaceuticals.
We are highly impressed by the elegance of applying the CoL approach to product risk management and its applicability to all corporate functions. It is intuitive and naturally aligns corporate functions with optimizing product development and sales through risk management. It considers product compliances and regulatory requirements early in the product life cycle, thus reducing costly reworks through compliance by design.
