FDA flubs off-label enforcement

July 30, 2008

The FDA takes too long to warn a pharmaceutical company about off-label promotion, according to a Government Accountability Office (GAO)

According to the GAO, the FDA:
  • Takes an average of seven months to warn a company about possible violations
  • Is unable to review all submissions because of the volume of materials it receives
  • Prioritizes reviews to examine those with the greatest potential impact on human health
  • Relies on staff to sort though large volumes of material and prioritize them for review
  • Is hampered by the lack of a system that consistently tracks the receipt and review of submitted materials

Between 2003 and 2007, the FDA issued 42 letters requesting companies stop marketing products for off-label uses, but did not refer any of the violations to the Department of Justice (DOJ) for enforcement actions. During the same time, the DOJ settled 11 civil and criminal cases that involved off-label marketing to some extent.

Senator Charles Grassley (R-IA) requested the review.
Source: ePharmaceuticals

PCAOB Approves Succession Rule

July 30, 2008

The change will make it easier for accounting firms to continue their work after a merger.

The Public Company Accounting Oversight Board on Tuesday approved a new rule that will allow accounting firms to keep their registered status after a merger or change of name.

The rule—and the accompanying form—spells out the circumstances where a firm can keep its registration status even if it becomes a new “legal entity.” First proposed in May 2006, the new rule is intended to protect auditors from having to stop their work because of a gap in their registration status.

“Today’s action will allow for registered firms—in appropriate and well defined circumstances—to provide audit services without a break in their PCAOB registration status when there has been some change in their legal form,” PCAOB Chairman Mark Olson said. “The rules would provide flexibility that is important given the serious implications of a firm operating without registration.”

The circumstances include any changes in a firm’s legal organization or the jurisdiction in which it’s organized. A registered firm can also continue operating if it acquires or combines with an unregistered firm to form a new company.

“An issuer’s compliance with federal law and regulations depends upon its auditor being registered,according to the proposal, which added that “disruption of a firm’s registration should not be taken lightly.”

The PCAOB unanimously approved the new rule, which will be submitted to the Securities and Exchange Commission for final approval.

Source: CFO.com

The Top 10 Enterprise Risk-Management Myths

July 30, 2008

To address Sarbanes-Oxley compliance, many companies put in place technology platforms that now support a variety of risk and compliance initiatives. Sarbanes-Oxley solutions were generally purchased with the tacit approval of IT, but few IT organizations standardized on a strategy for managing risk and compliance data.

A lot of companies have moved to augment enterprise risk management platforms with dedicated governance, risk and compliance (GRC) solutions. That trend isn’t going to disappear anytime soon, but some companies will likely come away disappointed with the results. It’s fair to say that automation can seem like anything but in a lot of cases. Newsfactor.com offers a list of 10 ERM-GRC myths.

Few companies can grow without taking risks. But poor risk management leads to surprises in business operations that can impact shareholder confidence, regulatory oversight and the bottom line. An unprecedented wave of regulatory oversight in recent years has convinced many organizations how inadequate their enterprise risk management (ERM) policies and procedures really are.

  1. Myth Number 10: IT Risk Management = Information Security
  2. Myth Number 9: CIOs Embraced Enterprise GRC
  3. Myth Number 8: A Rigid, Standardized Approach Is Best
  4. Myth Number 7: You Can Manage Risk Only from the Center
  5. Myth Number 6: You Can Manage Risk and Compliance with Spreadsheets
  6. Myth Number 5: Traditional Audit Planning Is Good Enough
  7. Myth Number 4: Enterprise Risk Management Is Dead!
  8. Myth Number 3: It Just Takes Common Sense
  9. Myth Number 2: TJX — It Can’t Happen Here
  10. The Number One Myth about ERM: You Can’t Plan for the Unknown