Select your language

Risk management for medical devices operates within a highly specific and regulated framework, guided by the MDR/IVDR and the ISO 14971 standard. This makes it distinct from the broader scope of financial risk management undertaken by a CFO. Despite these differences, there are intriguing parallels and opportunities for cross-disciplinary learning. Both roles play a vital part in ensuring organisational resilience – risk managers by safeguarding product safety and compliance, thereby enabling continuous market access, and CFOs by maintaining financial stability and strategic planning. Together, they support overall organisational performance, though their decision-making and risk mitigation approaches can differ significantly.

In this blog post, Valentin Chapuis, Senior Quality Engineer and Risk Manager and our Co-CEO Sandra Item explore how the effectiveness of risk managers and CFOs in their respective domains is shaped by their unique mindsets and how proactive and adaptive strategies are applied in each context. Additionally, they address shared challenges, including navigating decisions based on data of varying quality and completeness, enhancing decision-making processes, and fostering active collaboration across teams to identifying and mitigating risks.

Where Risk Management Meets Managing Financial Risks

At first glance, the roles of a CFO and a risk manager for medical devices may seem unrelated. However, both share a fundamental goal: ensuring the company’s success. While their responsibilities differ, both contribute to minimise risks that could jeopardise organisational resilience and long-term sustainability.

For medical device risk managers, success relies on achieving and maintaining compliance with regulatory frameworks and begins with design improvements to reduce risk as much as possible and, when necessary, evolves to include protective measures or user information. This proactive approach ensures risks are mitigated early, and potential issues are monitored throughout the product lifecycle. Compliance is not merely procedural – it is essential for ensuring patient safety, safeguarding the company’s reputation, and securing continuous market access. Without compliant products, the company risks losing its primary revenue streams, threatening financial stability and operational viability. Valentin describes conveying that risk management is not just about meeting regulatory requirements but is critical to patient safety and, ultimately, company success as one of his main challenges.

CFOs, meanwhile, play a complementary role by ensuring the organisation’s financial health. They manage resources effectively, maintain liquidity, and navigate risks that could undermine profitability or stability. Unlike the structured frameworks of MedTech risk management, financial risk management often focuses on external factors such as market fluctuations and geopolitical risks. CFOs use tools like risk matrices to evaluate and prioritise threats, balancing short-term financial goals with long-term stability.

These roles intersect in their shared mission to minimise risks – whether from regulatory non-compliance, product safety concerns, or financial instability. Risk managers focus on ensuring patient safety through product safety and protecting the company’s ability to operate in compliance, while CFOs ensure financial security by strategically managing cash flow generated by market access to support organisational goals. Together, they strengthen the company’s resilience, ensuring it can adapt and thrive in a competitive and regulated environment. At times, the risk manager's role in a medical device manufacturing company intersects directly with that of the CFO. Certain risks identified during the process may require mitigation strategies that have a financial impact, such as modifying the device design or conducting additional verification and validation (V&V) activities. In such cases, these measures may trigger friction with the executive board, particularly when balancing safety and compliance requirements with business considerations.

Proactivity is a key quality for a risk manager, as effective risk management starts early and continues throughout the device’s lifecycle.

 


Risk Management as a Continuous Process in Medical Devices and Finance

Risk management for medical devices is an iterative process that continues throughout the entire lifecycle of a product. It only concludes once the product is permanently (and completely) withdrawn from the market. Similarly, the management of financial risks is an ongoing process, persisting as long as a company operates. Both are dynamic and evolving undertakings, requiring continuous assessment, adjustment, and adaptation to changing circumstances, regulations, and market condition as well as a proactive and adaptive mindset.

Sandra and Valentin agree that the ability to adapt and incorporate new data is essential, with a strong data foundation being central to effective risk management. However, they acknowledge that challenges can arise from issues related to data quality and completeness. Risk managers and CFOs must frequently make decisions when the data is incomplete or unclear, requiring them to combine available information with intuition, professional judgement, and strategies to improve data quality. Recognising the inherent limitations of data is critical, as decisions must not only prioritise safety and compliance but also remain adaptable as new information emerges.

Acquiring reliable data can be a significant hurdle, especially when addressing new technologies or innovative product designs, as Valentin outlines. The iterative nature of risk management requires careful evaluation of the available data and close collaboration with Clinical and Engineering teams to address uncertainties. Post-market monitoring and follow-up actions are then essential to validate initial assumptions and ensure the continued effectiveness of risk mitigation strategies.

Sandra explains that for CFOs, the iterative process of financial risk management involves constant adaptation to a dynamic economic environment influenced by factors such as inflation, interest rates, and market trends. When faced with incomplete data, CFOs must rely on their expertise to anticipate potential outcomes and align their decisions with the organisation’s long-term strategy. By using trusted sources, such as central banks or reputable financial institutions, they can improve data reliability and minimise errors. Nevertheless, the CFO's challenge remains in balancing risk and reward, ensuring financial decisions support both short-term stability and long-term success.

The most challenging decisions arise when the data is ambiguous, requiring a judgement call to anticipate how a situation may develop.

 


Aligning Perspectives: The Role of Collaboration in Mitigating Risks

Effective risk management, whether for devices or in finance, cannot be achieved in isolation. Success depends on active collaboration across departments, ensuring a comprehensive approach to identifying and mitigating risks (of any kind).

In medical device development, risk managers work closely with engineering, clinical, and other teams to gather critical data on engineering failures, clinical outcomes, and patient safety. The CFOs is involved when risks with significant financial implications, such as project delays or missed sales, require escalation and clear, data-driven communication to support executive decision-making. Acting as project managers, risk managers coordinate input from various divisions: engineering teams provide insights into potential failure modes, while clinical experts evaluate the implications for patient safety. This cross-functional collaboration ensures that all relevant perspectives are integrated into risk assessments and mitigation strategies, resulting in a holistic approach to managing risks.

Sandra highlights that CFOs similarly rely on collaboration with team leaders across the organisation to effectively assess and address financial risks. She emphasises that open communication with those directly involved in day-to-day operations enables CFOs to identify potential risks with financial implications early on. This proactive engagement allows them to incorporate financial risks into the company’s broader risk management framework, aligning operational insights with strategic decision-making.

By embracing collaboration, both roles highlight the importance of cross-functional communication in fostering a unified approach to risk management, bridging operational and strategic goals.

 


Navigating Buzzwords: Compliance, Safety, and Control

Buzzwords like "compliance," "safety," and "control" can spark heated debates. Sandra and Valentin shared their thoughts:

Compliance

Compliance

After patient safety, compliance is the second most important aspect of risk management. Without it, you’ll run into trouble.

Compliance

Compliance

We are deeply committed to and excel in compliance, whether it pertains to devices, patients, or financial matters. It forms the foundation of everything we do.

Safety

Safety is the top priority. All risk management actions should maximise safety, provided they don't compromise the benefits offered to the patient.

Safety

From a financial perspective, there are times when you must choose between a safer or riskier investment approach. However, patient safety can never be compromised in these decisions.

Control

I like the idea of control. Risks can’t be fully eliminated - they’re always present. Risk management is about controlling those risks, suppressing them when possible, and ensuring they remain manageable over time.

Control

For me, control is about collaboratively finding a path forward with a safe and considered approach. While control is essential, it centres on consistently identifying and addressing risks, evaluating them thoroughly, and adjusting as necessary.

Compliance

Valentin

After patient safety, compliance is the second most important aspect of risk management. Without it, you’ll run into trouble.

Sandra

We are deeply committed to and excel in compliance, whether it pertains to devices, patients, or financial matters. It forms the foundation of everything we do.



Safety

Valentin

Safety is the top priority. All risk management actions should maximise safety, provided they don't compromise the benefits offered to the patient.

Sandra

From a financial perspective, there are times when you must choose between a safer or riskier investment approach. However, patient safety can never be compromised in these decisions.



Control

Valentin

I like the idea of control. Risks can’t be fully eliminated - they’re always present. Risk management is about controlling those risks, suppressing them when possible, and ensuring they remain manageable over time.

Sandra

For me, control is about collaboratively finding a path forward with a safe and considered approach. While control is essential, it centres on consistently identifying and addressing risks, evaluating them thoroughly, and adjusting as necessary.

 


Fictional Allies to Shape Perspectives on Knowledge and Decision-Making

The exchange between the two experts clearly demonstrates that a proactive and adaptive mindset is crucial for tackling complex challenges. Achieving this requires a comprehensive understanding and a great depth of knowledge, enabling informed and flexible decision-making in dynamic situations. And sometimes, a little help from fictional characters offers a fun way to reimagine support.

If Sandra could enlist a superpowered teammate, her choice would be Cosmic Cat, a space-faring feline from the early '80s British animated series Doctor Snuggles. Known for answering any question, Cosmic Cat may seem whimsical, but Sandra’s choice underscores an important aspect of decision-making: the value of having a reliable source of information to navigate complex scenarios. In essence, Cosmic Cat would serve as the ultimate AI assistant, providing solutions when the questions seem endless.

Valentin, on the other hand, opts for a choice more grounded in reality, but not less fictional. He would select Dana Scully from the X-Files. While not a devoted fan of the show, Valentin sees Scully’s blend of medical expertise and investigative skills as an ideal fit for the demands of risk management. As a medical doctor with a methodical, science-based approach, Scully embodies the critical thinking and analytical mindset required to evaluate the risks associated with medical devices. Her investigative nature ensures a thorough examination of every potential issue, leaving no stone unturned. Valentin’s choice highlights the importance of understanding clinical impacts and maintaining a critical eye when assessing the risks posed by innovative medical technologies.

Both roles demand a forward-looking, systemic approach to managing uncertainty while maintaining resilience and adaptability. While the immediacy of their consequences may differ – for instance, financial losses versus potential harm to human life – the underlying methodologies share significant common ground. This overlap underscores the value of cross-disciplinary discussions, even between roles that do not regularly collaborate. As this blog post demonstrates, fostering dialogue across disciplines creates opportunities to share insights, deepen understanding, and learn from one another, ultimately strengthening the collective expertise within the organisation.

 


About The Experts


Sandra, Co-CEO and owner of ISS AG since 2022, brings extensive experience in both finance and regulatory compliance. She holds an MA in Egyptology from the University of Basel and an Executive MBA from the University of St. Gallen, combining a unique academic background with strategic leadership expertise.
Sandra Item
Co-CEO
Valentin, a Senior Consultant at ISS AG since 2022, brings extensive expertise in engineering, quality assurance/regulatory affairs, and risk management. He holds an MA in Materials Science and Engineering from EPFL, combining technical proficiency with a strong focus on regulatory and risk management strategies.
Valentin Chapuis
Senior QA/RA Consultant

 


Author


Read Other Blogs Related to This Topic