Balancing Compliance and Innovation in Risk Management: A Discussion with Naveen Agarwal

Naveen Agarwal: 0:00

or you just admit to yourself honestly that all I care about is just running Boston. I don't care about winning, because that in itself is an accomplished, but let's be honest with each other, then we can say

Harsh Thakkar: 0:11

What's up everybody, this is Harsh from Qualtivate. And you're listening to the life sciences 360 podcast. <Podcast Intro> Alright, welcome to another episode of Life Sciences 360. My guest today is Naveen Agarwal. He is the principal and founder of Creative Analytic Solutions. He writes about risk management in medical devices and helps companies in that area. So I'm really excited to have him on the show today. Welcome Naveen.

Naveen Agarwal: 0:48

Thanks. So really glad to be with you today.

Harsh Thakkar: 0:51

Yeah, I want to start off, you know, because I mentioned that you write on LinkedIn, I've just want to go straight to LinkedIn. And see something that you posted yesterday and try to ask you, how did you what response did you get? So this is what you posted yesterday, you said - Does your risk management system run on courage or fear? That is the difference between patient focus and compliance focus? Can you elaborate a little bit on what was going on in your head when you posted that?

Naveen Agarwal: 1:21

Thanks Harsh for pointing that out. And this is an example of what I call thinking in public. And this is something that I'm learning for the first time. Because like most quality regulatory people, we are fairly reserved people who like to do our work with intense focus, and planning. And we are careful with the words that we choose to share in public for good reason, right. But I realized through my work over the last couple of years, engaging with people and helping everyone understand risk management at a deeper level, I realize that we are living in an age where we have to learn how to think in public. And what I mean by that is, we need to be transparent and honest at all times. Not pre planned, not spontaneous. As an example, for this show. We didn't plan, you didn't tell me the questions we were going to ask me, or I didn't have notes. Because the whole idea is present yourself to people, as honestly and as transparently as possible. So this was a thought that came to my mind. And I have been on LinkedIn for many, many years now, trying to engage people draw them out in a conversation with a posture which I call being provocative but not confrontational. So this is one of those questions that I posed, because it just popped into my mind, and I had been baffled by this question for the last several months is, why does risk management become so difficult in our professional work environment, when as individuals, we are managing risks in our daily lives, almost on autopilot. And with God's grace, we are safe. We take good deeds, we take good actions make good decisions in general. So I have been baffled by this question about why does risk management become so difficult for people? So I've been trying to get to this question in many different ways. And this was my attempt to kind of draw people out a little bit and have a conversation and what I have observed. In general, this is generally speaking, I'm sure there are exceptions. What I have observed is that in general, we are doing risk management in the industry, for the purpose of compliance. Because we are afraid of being found non compliant. In an audit, or an inspection. This is my observation and my observation only. By no means I want to generalize it across the industry, I'm sure there are pockets of excellence, but that's my general impression. So when we operate from a place of fear, as far as risk management is concerned, we actually don't do it well. We make life difficult for our engineers, we make life difficult for our quality and regulatory people. We make life difficult for our complaints handling specialists, or our statisticians, because we are not asking the right questions. The question we are asking is, how can we be safe in an audit? That's not the goal of risk manager? So what would it take to flip it around? What would it take to start focusing on the patient nothing harsh, let's think about the patient who is in a very critical condition. They are going to the doctor in a very serious situation which involves a very serious procedure involving high tech devices. They are taking a leap of faith. That is true courage. So can we be showing the same amount of courage when it comes to risk management and making decisions which are focused on the patient and not on an auditor? Yeah, that was the idea that came to my mind. And I just shot a note very promptly, without thinking much without pre thinking and inviting people to have a conversation with me. So I feel this is where I feel is that if we come from a place of courage, we will be patient focused, because we're going to ask the question, What can we do today, in our risk management system, that helps us to launch the next innovative product, which is safer, which does better things. And oh, by the way, it's also compliant. Because we want to serve our patients and doctors from a place of courage. Instead of saying, What can I do to dot the i's and cross the t's to satisfy my auditor? That's a place of fear. So I hope that kind of makes sense about my thinking and how, what I was trying to get to, and I hope people engage with me in a kind of open honest way. That's what I'm looking for.

Harsh Thakkar: 6:03

Yeah, that's a really good explanation, but I can immediately - if I'm a skeptic, or if I thinking about challenging this notion, or even like having struggle with the balance, let's just say it's not about challenge. Let's just see the struggle with the balances. Okay, Naveen, you said, this patient focus and compliance focused. But I can drop any of the balls. I need both. Yes, that then how do I how do I find the the media that good media.

Naveen Agarwal: 6:38

Okay so I'll share this example with you. So I'm a runner. I like to run long distance, you know, half marathons and marathons. And for a runner like me, Boston Marathon is the absolute top event. Look at the qualifying times to get into Boston, not everybody can go get in good to run Boston on you know that, yep, you do qualify. For the last 25, 30 years, you know, I did this analysis for men, at least, the qualifying time in Boston has come down, you know, has gotten better. But it has remained pretty much the same level. Now, that's only the qualifying time, the winner is much better than the qualifying time. And that difference is big. Right? So the reason I mentioned this to you is because if we want to be just compliant, that's like qualifying for Boston. But that's not winning. If you want to win, we not only have to qualify, but also do more than and that takes courage. That takes a leap of faith. And that takes dedication and hard work. So if your work finding ourselves working hard, just to remain compliant, dear colleagues know that we are not working hard enough to win. That's the point. So we have to do both. Unfortunately, the flip side of this is this is if you stay focused on the patient, do your job well and know the principles really well. The other part will come automatic, right. So someone who wants to qualify for Boston may run, they practice running, they aspire to enter. But those who win Boston, they do a little bit more, their training is a little bit different. But they don't say, I'm just gonna be happy with qualifying for Boston. And all I want to do is bigger, make sure I just get in, they say no, I want to do a little bit more than so I think the point I'm trying to make here is that the courage will come only when we have faith and focus on our patients on our doctors, which is what I believe all of us do. Anybody who works in the medical device industry that I know of, are very passionate. They're very, very passionate people. I think we are stuck in a system and culture of compliance. And we can't seem to get out of it.

Harsh Thakkar: 9:12

Right. Yeah, that's a good point. Because like using your example of the Boston Marathon, somebody who's trying to win knows that it's not just about being able to run fast, right? There is a component of physical therapy, there is a component of the rest. There's a component of sleep, there is a component of nutrition. There's a component of avoiding foods that can cause inflammation, like the list could go on and on and on of all the little details that can make a 10, 20 second difference in the strategy to win so like I get it. Well, you're saying that it's not just one. It's not one activity that you need to do if you're trying to go above and beyond you'll find other connecting pieces that can help you get to that top level. where you're trying to go.

Naveen Agarwal: 10:01

Or, or you just admit to yourself honestly that and many people do that all I care about is just running Boston, I don't care about winning. Fair enough. Yep. because that in itself is an accomplished, bright, but let's be honest with each other, then. Right, then we can say, our department's mission, or our mission is 100% compliance in every inspection, every audit, because that's how we do our jobs, then let's not use very fluffy language that we are customer focused or patient focused.

Harsh Thakkar: 10:33

A lot of people are going to be upset about what you just said. But yeah.

Naveen Agarwal: 10:38

We can be both. Yep. Right, we have to be honest about it.

Harsh Thakkar: 10:42

So most of my experience in risk management has been with software or selecting a software supplier, because primarily, I'm involved in quality management system setting up QMS and hold other sort of manufacturing laboratory clinical trial systems, but is heavily software focused. So that's my experience in risk management. And this is a question that I get a lot from my clients. So I want to ask you what you think about it. There's a component of risk management that involves documentation. So either you do or FMEA, or you do some other risk assessment workshop, or you could do a simple risk assessment just on the system asking questions about what is the intended use of this system? Does it help do regulatory submissions? Does it help do X, Y and Z. But as you said, there's also a component of risk assessment that does not document or does not always get documented. So if I am a quality and risk management leader, what component of my risk assessment has to have documentation? And more importantly, what things can I do that are not documented but still helped me in the risk assessment? Because the auditor most most of the times, the auditor will ask you a document. Because you know, there's this saying in the industry, if it's not documented, it's not done. But you can document every single risk assessment step. So do you get this question a lot from your clients as to like, what component of risk assessment needs to rely on documentation? And what are certain areas where you can do risk assessment, even if you're not documenting it.

Naveen Agarwal: 12:32

So first thing I think we should be very clear about is having a good understanding of what the requirements are. And I can speak to from a risk management perspective under ISO 4971. Very, very clearly, you will learn about the documentation requirements in the standard itself. Here, it tells you in every clause, what needs to be done. What it doesn't tell you is how. So, another point to make is that documentation, in our mind, seems to be just something written on a piece of paper. But documentation can be a lot of different things. doesn't all have to be controlled. It doesn't have to be all into a risk management file. And then we have to think about why are we documenting? And why are we required to document something? So if you understand, and this is what I emphasize, in all my kind of training courses or any conversations is, understand the why why are they asking you to document what they're asking you. To what extent you document is up to you, and how you document is up to you. So for example, you and I are having this conversation, right? We are documenting it, because it's being recorded, you want to share that with other people doesn't take much effort, except that you have some software, we record it and you edit it and you produce it. Yep. We have to I think move beyond this mindset that documentation should take a lot of effort. We have to use technology in a way that allows us to document the important stuff. Because the end of the day that what is the purpose of documentation is communication. And more than the audit, it's communication with our own team. Risk Management file, Harsh. I had this insight a few months ago, that risk management file actually is a very amazing communication tool with your own team. Throughout the product lifecycle. Many people will come and go as part of your team supporting the price product. How will you tell them what has been done so far? What needs to be done next? It's only through documentation. And every good engineer and you know, I'm an engineer by training. Every good engineer actually does a lot of analysis in their heads. Doesn't mean that we have to extract everything out of their head and document it on a piece of paper. Because, you know, I've also heard this argument, what if you leave tomorrow, we're going to leave all lose all this knowledge. So we must document. You're right. That's not the reason to document. Because the person has some intelligence, some analysis, the way of thinking that output is useful to us. Their output is useful for us to communicate, we have to figure out how to transfer knowledge and document at the same time and do it efficiently. So long answer to your question is, I believe everything should be and can be documented, but not in the way that we understand from a regulatory perspective. We can document conversations with people's permission, we can say we will create a Knowledge Portal as a resource in our organization, we don't have to show that to the auditor. If you want to do knowledge management, there are systems that exist we can use. We can use lab notebooks, we can use memos, we can use voices, we can use video, we can use live conferences, zoom, you have zoom meetings, every Zoom meeting can be recorded. All you have to do is buy by storage. So from a risk assessment point of view, your question was specific to what aspect of risk management can be documented or should not be documented? Yep. Or you can not document our data. It's a judgment call. Right? It's a judgment call. And we had to think about the lifecycle of our documentation process. Right, you think of think of how art is produced, sometimes you do a rough draft or a quick sketch here and there in a notebook, then you on a different page, you will refine it on a different page, you will put color to it. So you can have stage wise documentation of your so called brainstorming sessions, you are still discovering a lot of risks during development. They are not finalized yet, you are still assigning probability levels or severity levels, they're not finalized yet. But if we walk away from this idea that documentation is fixed and permanent, I think we can find ways to document almost everything. Because it'll inform our decisions in the next development cycle. It will allow us to not to do things more efficiently. Yep. But if I were to pull a FMEA from a risk management file and say, this the FMEA of a product that is similar to what we are building now, I don't know how useful that is to people because it doesn't contain the decision making history. It's a snapshot in time. So I choose to be honest with you envision a world where we document everything, but not in a way that we have understood it to be in the regulatory and quality context.

Harsh Thakkar: 17:53

Well, so here, here's the other piece to this, right. And this is going back to the the initial conversation that we had about going with the compliance mindset or patient mindset, fear and encourage the balance between trying to innovate and trying to do too much of safety and risk management, right. So the common argument is all if I'm doing too much risk assessment or safety assessments, and I can't innovate, or it stops me from innovating. And what I have seen is just being in risk assessment meetings, like let's say, if I'm doing a risk assessment with five people in the room, every person's appetite for risk is different. So if I'm answering a question about the software, or what could go wrong with the feature to one person, it may not be a big deal. But to another person in the room, it could be end of the world. Yes. So the question I have for you is have you do you have any suggestions of how companies can assess the risk appetite of the people in their company that are involved with risk assessment? So they can understand like, oh, Joe tends to be risk averse, or Jessica likes to do X? Like, have you come across any examples or any templates or assessments, where you tried to figure out because that seems to be a common challenge in a lot of the risk assessment activities that have come in is

Naveen Agarwal: 19:34

Yeah, and then there's a lot of discussion, right? arguing about severity rating, three versus four or a one versus three. Yeah, so it's a very, very important point and quite challenging in practice. So what I advise risk practitioners to do is understand that there is a dynamic in the team and I would not recommend doing individual assessments and putting people in a box that being risk averse or risk taker, I wouldn't do that. Because same person can respond differently under different circumstances. And what we want, actually, we want to capitalize on individual diversity. In thinking and experiences, we want to capitalize on that. But we don't want it to influence the group's thinking. I see. So actually, a risk practitioner also needs to be a good facilitator. And that's a leadership skill. For risk practitioners, they must develop over time, project management skill they should develop over time. And a very good way. A practical tip to manage this is whenever you have a ratings, when you are asking people to rate something, do not allow open conversation in the beginning. Give them a piece of paper and get them to give their rating on their own in their own time, with their own rationale and justification, like a quick line, then collect that information. See if there are discrepancies. If there are no major discrepancies, you get the group to align quickly and move on. But there are discrepancies, I think you should wait. And you should give it time for people to articulate because you will learn. Here's what you will learn. You will learn about you know that we have to build sequence of events leading to hazardous situations. Right? That's what you will learn by letting people talk about their understanding of a certain scenario, and how they would rate individually. If there are discrepancies, you will learn what sequence of events they're imagining in their mind that that is leading them to a certain rating. And you will have that conversation very rich conversation that you can document and summarize, in steps of clearly articulated sequence of events that is a major area of deficiency in our risk assessments today are we are not doing enough work on developing sequence of events that lead to hazardous situation. So I would summarize my answer by saying that become a good facilitator. If you want to practice risk management, leverage diversity of your team. And make them feel like they are looking for a common solution. They're not looking for an argument against each other. They're looking for a common solution, which is the best solution the group can come up with, compared to an individual. So I hope that will help you to kind of pick up some practical tips in managing these conversations, because they're very powerful. And you should actually leverage those in your organization.

Harsh Thakkar: 22:52

Yeah, and I didn't mean to say it in the sense like putting somebody in a box. But it's a challenge. It commonly happens, especially if you have a big group of software projects where you have somebody from the development team, you have a validation person, of IT person. And also, like you said, What has their exposure been in the past, that also plays a big role, right. Like if somebody who has done a lot of projects in the past on a software to them, they're able to take on, I shouldn't say take on more risk, but they're able to give a more accurate scoring because they understand the sequence of lifecycle events in that project like, oh, the software, here's the configuration, once the configuration is done, then the software gets tested, once it's tested, then we document the testing, then it's released to the users, they understand all those gates, but to somebody new, who has not done that, they might just want to take the higher scoring because they don't understand those sequence of events. So that was a really good point that you made.

Naveen Agarwal: 24:01

But you know, I quickly add to this is just because someone has done a lot of work in a certain area doesn't guarantee that their estimate will be accurate. There's a lot of research on the psychology side that actually I've been studying for a long time now. And people apply heuristics all the time, especially when it comes to estimating frequency or probabilities. They're most hard most difficult to estimate and people rely on heuristics, past experience rules of thumb and in most cases, there are systematic bias and that the earlier and the more you are experienced in some area, the more likely that your estimate will not be accurate. So you have to allow people have different views, different experiences, to come together. And as a facilitator you have to align them to a common answer align them, not forced them. We are not averaging scores. We are aligning scores so that everyone understands if someone gave a certain rating, which could be an overestimate or underestimate. If we have those differences, as facilitators, it's our job to seek alignment and understand different viewpoints. Because only then we will discover, or we will learn what the risk is. And I don't think we are doing that.

Harsh Thakkar: 25:30

Yeah. It's very, like I started doing quality and risk assessment on projects more than a decade now. And in some cases, and some projects, I see a lot of improvement, or just a completely different style of doing risk assessment. And I'm like, wow, this is, this is great. I've never done this. And I didn't know you could do it this way, as well. So I'm learning to and then there are other projects where I feel like I'm 10 years behind, because it's the same, you know, conditioning that we have done or meet non rehab done, but maybe the guidance documents and industry regulations have done to us that we can't go back and undo that, because that's how we know to do it.

Naveen Agarwal: 26:21

Yes. And I think what, what the most important thing to ask is, or or realize is that we should all feel empowered to do things are way because no regulation tells you how to do things. Right. They just tell you what you must do.

Harsh Thakkar: 26:36

Yeah, that's a good segue into, into the next topic I had for you is managing risk with new technology, because I don't know there's a lot of regulations out there that tell you how to manage risk with something like AI or machine learning, I'm sure. I know, there's a risk management framework from NIST, which is probably one of the most in depth, comprehensive frameworks. But still, it's on the early side of things where there aren't that many regulations. So how, in your opinion, how should somebody approach doing risk assessment in an area like AI, where there isn't much from regulations or guidance documents?

Naveen Agarwal: 27:23

To add to the NIST, there's also a guidance document prepared by me, I forget the number me okay. But there is a lot of work being done in that area. So I don't call myself a regulatory consultant Harsh. You're right. I'm a practitioner. And my view on this is, at the end of the day, whether it's AI or anything else, we still have to do things in pretty much the same way that we are doing, understanding, understanding how risk could occur, or how a hazard could get activated. Right. So that is more of a kind of technical problem solving in my mind. So as far as AI is concerned, the difference is how it's coming to a solution, or how it coming is coming to an answer. Now, you might wonder if that answer is accurate enough. If it's biased or not, do we really understand how that answer is being arrived at? But do we really understand how humans make decisions? Yeah? Do we really understand how our engineers come up with creative ideas that solves a problem? If we were to capture what goes in their brain, we would not know what's going on? We can image and do whatever, but there is no formula. Yeah, so at the end of the day, it's no different what humans are doing and what AI is going to do. The only difference is how it's delivering to you an answer. So the questions are still the same? That answer could be incorrect. It could be biased. How do I confirm whether it's correct or not? Same applies to any human problem solving approach. So what's the hazard here? Let's say you are creating, like a diagnostic aid using AI. And you know, I've reviewed several of those. A good way to actually look at them is look up what FDA has published on their website to these dinos or other publications, and look at what risks they are highlighting in those denials and what kind of controls they are expecting. And they're not that complicated, really. We don't have to make it too complex because fundamental questions still remain the same. So I don't see any difference. In your approach, if you do risk management correctly, whether you are dealing with AI or human produced outcome, even AI is driven through human interaction. So maybe maybe if your concern you think About some vulnerabilities on the human interface, and the input side, not on the output side.

Harsh Thakkar: 30:07

I've talked to a lot of people about this topic and how it's going to impact risk assessment or quality management. But the point you made was really interesting, which is, let's say, a human, an employee who's doing risk assessment or quality management, whether in medical devices, life sciences, whatever. They are reviewing documentation, SOPs, policies, and they make decisions, whether they document those decisions by signing a form or doing something or executing a protocol, or they make a decision. It's very hard to know, every single sequence of their thoughts when they made that decision. Because you just look at the end output. You say, Oh, you signed this protocol. And this is not right. Okay. Human error, go and get retrained. Right. That's, that's how you you would resolve that if you had a kappa? Oh, you didn't follow this, go retrain on the SOP. But nobody says, Wait a second. What was going on? In your mind? Why did you? Did you just not read? Sometimes you may ask that. But it's impossible to figure out every single thing, that person might have had a car accident in the morning, or has a sick family member at home? I'm just making like, you know, any blanket arguments, right? Anything could have happened? Sure. But then when you come to AI, people are like, Oh, no, no, I need to know how the algorithm works. I need to know every single thing. It's, it's too new. I'm not going to do it. So I'm glad that you made this point, because you're not doing it with humans either. Right?

Naveen Agarwal: 31:48

No, it's not foolproof, but I think. But I think the point here is that I think we are beginning to learn a little bit more about how certain code is performing and how it's, I think we're learning more. And we think about a very complicated manufacturing operation, which is highly automated, right? It cannot be a blank box, because you wouldn't know how to control it, you would put in process controls. That's what we are learning now how to put in process controls. Within AI. It's common sense. And that's how you will learn where the code might go wrong. So we are learning where to put those controls during our in our and that's what the that's I think regulators are looking for that specifically FDA, when they call when they talk about transparency and visibility to how the code is acting. We would want to know that too. But we should also learn understand that there is no way we can learn everything about how it is doing because it does do magic, right? In many ways, and humans do magic too. So the point to I think think about is that what controls we can put on the inputs. And in process steps like we would do in a manufacturing operation to produce the output we want with the reliability love. And so I believe that we can apply the same principles that we apply to hardware manufacturing operation to an AI operation.

Harsh Thakkar: 33:17

Exactly. It's to me, it ultimately is about probability, right? Because, yes, AI is not a superhuman that knows everything in the world, even though that's what some people believe it to be. AI is basic, basically a supercomputer that processes vast amount of data, and understands what's the most probable outcome with that input. So if I say I put a picture of something that looks like a dog, the AI would analyze every single pixel, and say that 100 people or 1000 people who put similar picture in the past was a dog. One was a cat, but 99 were a dog. So looks like your your pictures also a dog.

Naveen Agarwal: 34:06

It's a learning. So it's a learning system. And humans are learning systems, too. Yep. And we all learn in a different way. And that's the beauty of it. The same thing about AI, a machine learning model that you develop, or I develop would be different. But over time, they will learn with the results that are being produced, and they will get better over time. So the human element is not going I think one of the things that people are afraid of is the human element goes away completely, it is not going to go up. In fact, it is going to force us to think in a more smart way in a smarter way and implement appropriate controls. So we have confidence in doubt. And a lot of work is being done. It is actually amazing. The way this technology is moving and I'm really optimistic about its application in the medical device space. Already. Lots of good examples coming up.

Harsh Thakkar: 35:00

Yeah. So yeah, I mean, this is this has been like really amazing conversation thanks for for sharing all of these I want to talk about it's kind of risk management. But I know like you've, you have some courses and online stuff like you have a course or E-products. That's an area like I'm trying to as I create more content, like I'm doing content creation, on LinkedIn, but I'm trying to like see, what else can I do? Like how else can I transfer the knowledge in my brain? Or what I work? Can I maybe launch a course or something? And I know maybe there are other consultants and freelancers or people in the industry who are thinking how they can, I don't want to use the word monetize their knowledge, but I can't think of a better word right now. So do you have any ideas of how you got started creating courses?

Naveen Agarwal: 35:53

yes, so my, my view on training is harsh. There's a lot of it out. But in my view, training is not sufficient. Because you can take a course you can pass a quiz, get the certification, it doesn't really ensure that you will have the knowledge and skills to do the job. The competence aspect builds over time. So what my focus right now is to create a platform where certification training courses are available. But that's only a starting point. The platform allows us to create a community of risk practitioners, where our assumptions are very simple. No one person has all the answers. And the second assumption is that it's only through ongoing conversations that we learn together and build competence. Based on those two assumptions, what I'm focused on doing is creating a very dedicated focus platform for the risk management practitioner. They have to be compliant. Remember, they have to qualify for Boston, but they also have to win the race. And we are trying to create, yeah, so we are trying to create a community of practitioners through my lead stock risk initiative. There is a newsletter out there. And we're going to be doing very focused one on one monthly webinars on focus topics where people have an opportunity to have a conversation. I also do every Friday on LinkedIn and audio event, which is called the"Let's Talk Risk with Dr. Naveen Agarwal" event. And it has, we have done it for like 20 weeks now. Just a casual conversation, we are not going into slides, we're not doing a presentation or a webinar. It's just a conversation, because our assumption really is when people talk, when people connect with each other. We learn all together. And we build competence. So that is to your question about monetization. I say it's okay, because everyone has to pay the bills. And I want to do it full time. Because I think this is a way for us to take our game risk management game in the industry to the next level, we want to win. We just don't want to just be in the game we want to win. And I believe with deep knowledge of risk management, we can help our organizations win. And be patient focused. We just have to do it again.

Harsh Thakkar: 38:21

Yeah, no, it's really, yeah, it's really amazing. Like I've seen your, your website and the products and the community that you're building. So that's an area that I haven't really done much in, but maybe 2024, that will be my focus, to try to provide more value, right, essentially, that's what I'm doing. Like I have done some webinars with industry partners, where they're like, Hey, we're talking about QMS, do you want to be a speaker? But it's not something like I'm investing I guess me doing this podcast is another way of just capturing these conversations. I think we first met way before I even started this podcast, I had even told you that time that I was thinking, thinking about starting the podcast, and then you know, then I started doing it. So yeah, this is just a way of providing more value.

Naveen Agarwal: 39:11

But I think you're already doing it Harsh, you have produced so many poddcasts, you have talked to different people. I'm not a podcast person. Yeah. So I focus on things that I can do best. But all of us look you are creating value in a different way. And I think it's all of us working together, that we can take our whole community, our whole industry to the next level. So if we focus on that, and share kind of selflessly and share with with volume, so we have to do more of it. And we have to engage with people so I I think you do a great job. I really appreciate you inviting me for this conversation and I hope people listening basically feel inspired to just take the next step and say, Hey, all of us, each one of us has something to contribute We don't have to look up to gurus or experts, because no single person can claim that it's only when we communicate with each other and network with each other, that we share this passion together. So yeah, you didn't please continue. Yeah. You know, I would be tuning into your podcasts and listening to all the guests, because each one of us has a different perspective.

Harsh Thakkar: 40:27

Yeah, I appreciate that. Yeah. And I know that we're, we are almost up on our time, and I know you're super busy. What outside of risk assessment and risk management are what what are you most excited about right now in your life?

Naveen Agarwal: 40:42

Also, outside of risk management? As I said, I'm, so you know, I, I run, I'm very interested in healthy living, especially as I grow older. Yep. So balancing exercise nutrition work. And I want to do something that I can. I mean, I'm over 20 years in the industry, I have reached a point in my career where with God's grace, again, that's a good place. Yeah. So I'm not necessarily driven by career advancement, my I'm driven by something that I can contribute in a meaningful way. And I can only do that if I'm healthy. Yeah. So I'm very interested in healthy nutrition, healthy living. I'm an introvert by nature. So I'm not a very kind of, you know, social or odd going type of a person. But I do have a lot of kind of big network, good relationships, I love to engage with people. So it's like your mental health, your physical health, your nutrition, health, everything matters. And you know, that has been a big interest to me. And the second interest Harsh is really to understand how we all make decisions and judgments. And on that note, I'm actually reading very fascinating books. The research that has been done in the psychology space has a lot of kind of meaningful ideas and thoughts for us to practice in our quality management or risk management system. So I'm trying to bring that knowledge in as well. So those are, I would say, top of mine, my current interests, and then again, spending time with family like everybody else.

Harsh Thakkar: 42:12

Right. Can you drop a name or one of the books that that you recently read or reading?

Naveen Agarwal: 42:19

Absolutely. So I'm now currently reading a book by Daniel Kahneman. He, he's a psychologist, but he won the Nobel Prize in economics. And this book is called Thinking Fast and Slow. Another book I'm reading is and I read three or four books at the same time, same here on reading is by Dan Ariely, which is Predictably Irrational. So those are two books in this space, which is helping me which are helping me understand the psychology behind our decision making process, and how we make judgments. And by understanding that, I think we can really leverage the diversity of thought that we have, which is what makes us special as a as humans, we bring so much to the table when we work.

Harsh Thakkar: 43:07

Yeah, those are great books. I haven't heard of Predictably Irrational. But the other one, Thinking Fast and Slow. I know many other people have read it really loved that book, though.

Naveen Agarwal: 43:19

It's a big one. So it will take time to review and really digest that information. It's really, really a phenomenal piece of work.

Harsh Thakkar: 43:28

Alright, Naveen, thank you again, so much. It was really fun talking to you and loved your insights side. I don't. I've asked people about risk management in other episodes, but none of them was in depth and as deep as this one, because this is your area of expertise. So I really loved the way you you expressed your answers. It was very thoughtful. And I'm sure a lot of the listeners are going to love your take on it. And where can people connect with you or collaborate with you?

Naveen Agarwal: 44:00

Yeah, so the best place to kind of connect with me and collaborate with me is on our lead stock risk community. And Harsh I'll send you the link, you can share that with your, with your listeners, we already have 1100 plus people are actively engaged and participating. We have a chat feature where we have conversations, informal conversations. And the second place to connect with me, of course, is LinkedIn. I'm very active on LinkedIn. Please share your opinions in open, casual, informal way. And let's have a conversation.

Harsh Thakkar: 44:33

All right. Thank you, Naveen. I wish you all the best with all the work with your platform that you're doing and all your content creation efforts and all your business ventures.

Naveen Agarwal: 44:43

Thank you very much. I wish you all the best too.

Harsh Thakkar: 44:46

Thank you. Thank you so much for listening. I hope you enjoyed today's episode. Check out the show notes in the description for a full episode summary with all the important links. Share this with a friend on social media and leave us a review on Apple podcast, Spotify, or wherever you listen to your favorite podcast