When Everything Sounds Reasonable
Most boards believe they have good visibility on technical risk.
They usually do, just not early enough.
In well‑run MedTech organisations, risk almost never shows up as failure first. What it shows up as is reassurance. Milestones are being hit. The team sounds confident when they talk it through. The board pack reads clean. Nothing feels out of place. From where you’re sitting, it all looks broadly under control.
And that’s usually the moment when the real risk is hardest to see, because everything sounds reasonable.
This isn’t complacency. It’s plausibility.
Why Technical Risk Behaves Differently
The difficulty is that technical risk doesn’t surface in the same way as financial or commercial risk. It doesn’t spike early. It doesn’t shout. It accumulates quietly through a series of perfectly sensible decisions made in isolation.
An architectural choice here.
A regulatory assumption there.
A clinical consideration deferred because it feels downstream.
Each decision makes sense on its own, especially when delivery continues to move. The problem is timing. By the time these decisions collide, they no longer look like options. They look like constraints.
At that point, the discussion shifts. What could once have been shaped becomes something that must be managed.
What MDR and IVDR Quietly Revealed
Most boards have already lived through a version of this during the MDR and IVDR transition. The products weren’t unsafe. The teams weren’t underperforming. In many cases, organisations were doing exactly what they had always done.
What changed was when regulatory expectations finally met architectural reality.
As notified bodies began reviewing submissions, many manufacturers found themselves reopening decisions they believed were settled. Technical documentation had to be revisited. Clinical evidence strategies were expanded late. Design assumptions were questioned under scrutiny that could no longer be negotiated away.
What’s striking is how widespread this was. A 2022 Medical Device Coordination Group position paper, drawing on notified‑body data, reported that nearly 37% of manufacturers’ applications under the new EU regulations had been refused because they were incomplete, and a Team‑NB survey found that 75% of notified bodies said at least half of manufacturer applications had incomplete technical documentation. This pattern showed up across the market, including well‑resourced organisations with experienced leadership teams.
For boards, this data matters less as a compliance statistic and more as a governance signal. It suggests that risk wasn’t ignored. It simply became visible too late to be shaped cheaply.
When Late Decisions Become Expensive Ones
Once decisions reach that point, the cost profile changes quickly. Late‑stage technical and architectural changes rarely stay local. They cascade.
Revalidation.
Retraining.
Tooling changes.
Extended review cycles.
Delayed launches.
A 2023 study on engineering design changes reported an electronics‑manufacturing case where post‑manufacturing design changes added about 30% to costs due to new tooling and operator retraining, with other examples showing substantial revenue loss and delay from late changes. In regulated environments, those costs are amplified by validation requirements and lost time‑to‑market.
From a board perspective, this reframes early technical and regulatory integration as a capital‑efficiency decision, not an engineering preference. The earlier the judgement, the cheaper the option set.
Why Good Boards Still Miss It
What makes this particularly difficult is that the signals boards rely on are not wrong. They’re just incomplete.
Governance structures are designed to surface issues once they have definition. Technical risk rarely arrives that way. It arrives as ambiguity, trade‑offs, and judgement calls that sit below the threshold of formal escalation.
Most reporting systems reward certainty. Risks are summarised. Confidence is smoothed. Progress is translated into metrics that fit neatly into a pack. By the time something is framed as a board‑level issue, it has usually passed through several layers of interpretation, each one trying to be helpful rather than alarming.
Recent governance work on technology oversight highlights that traditional board and committee structures often struggle to keep pace with technology‑driven risk and opportunity, prompting many boards to clarify or redesign how technology and AI oversight is allocated between the full board, audit committee, and dedicated technology committees. This is less an admission of failure and more an acknowledgement that legacy models lag the way risk now accumulates.
This isn’t an admission of failure. It’s an acknowledgement of drift. The cadence of board oversight simply moves more slowly than the systems it is trying to govern.
The Signal Boards Often Misread
This is why boards so often misread technical risk. Not because they are inattentive, but because they are looking for the wrong kind of signal.
They look for variance, when the real danger is convergence.
They look for missed milestones, when the real risk is early decisions quietly hardening into constraints.
By the time technical risk becomes obvious, it has already narrowed the field of viable options. What remains is execution under pressure, rather than choice.
Seeing Earlier, Not Knowing More
For Portfolio Chairs, the challenge is rarely whether technical risk exists. It is whether it becomes visible early enough to matter.
Once it reaches the board in a form that feels concrete, much of the real choice has already gone. What remains is management, not stewardship.
The boards that navigate this well are not those that demand more detail or tighter reporting. They are the ones that develop a feel for where early technical judgement is forming, often informally, before it ever reaches the boardroom. They intervene sooner, not because something is broken, but because they understand how quickly plausibility can turn into constraint.
In the end, technical risk is not something boards fail to see. It is something they often see too late. And in MedTech, where regulation, architecture, and clinical reality converge, timing is the difference between governing outcomes and inheriting consequences.
Postscript
Most boards don’t need more information. They need earlier signals. If this piece resonated, it may be worth reflecting on where technical judgement is forming before it ever reaches the boardroom, and whether those moments are visible early enough to preserve real choice.
Frequently Asked Questions
What does it mean that boards “misread” technical risk?
It does not mean boards are inattentive or under-skilled. It means that the signals boards rely on tend to surface technical risk only once it has definition, cost, and momentum behind it. Early technical risk is often ambiguous, informal, and dispersed across functions, making it difficult to escalate through traditional governance channels.
Why does technical risk feel different from financial or commercial risk?
Financial and commercial risks tend to present as variance against forecast or performance. Technical risk accumulates through early design and governance decisions that appear reasonable at the time. By the time it becomes measurable, the opportunity to influence it cheaply has often passed.
How did MDR and IVDR make this problem more visible?
The MDR and IVDR transition forced regulatory scrutiny deeper into product architecture, evidence strategy, and lifecycle control. Many organisations discovered late-stage gaps not because their products were unsafe, but because earlier decisions had been made without regulatory context fully integrated. This created rework, extended reviews, and certification delays.
Is this primarily a regulatory problem or a leadership problem?
It is a leadership and governance problem expressed through regulation. Regulation acts as the forcing function that reveals where early decisions were fragmented or insufficiently governed as a system.
Why don’t standard board reports surface this risk earlier?
Because most reporting systems prioritise clarity and confidence. Ambiguity is smoothed out. Trade-offs are summarised. Risks are reframed into categories that fit dashboards. In doing so, weak signals are often lost.
What kind of technical leader helps reduce this blind spot?
Leaders who can hold engineering, regulatory, and clinical considerations in the same frame early on. Their value shows up less in delivery speed and more in decisions prevented, rework avoided, and options preserved.
How can boards improve early visibility without becoming operational?
By paying attention to where key technical decisions are being made informally, how often architectural assumptions are revisited late, and whether regulatory and clinical perspectives are present early enough in system design discussions.
Is it ever too late to address this kind of risk?
No, but the cost of intervention increases rapidly over time. Earlier visibility expands choice. Later visibility narrows it.
What should Portfolio Chairs take away from this article?
That technical risk is not something to eliminate, but something to see earlier. In MedTech, governance is not about control alone. It is about timing.
About the Author
Harun Rabbani works with Portfolio Chairs, boards, and CEOs in MedTech who understand that the greatest risks rarely announce themselves early. His work sits at the intersection of technical leadership, governance, and long-term value protection in regulated environments.
Before advising at board level, Harun spent years inside the MedTech and medical devices industry, working closely with engineering, clinical, and regulatory teams. That experience shaped his view that many delays, compliance issues, and late-stage surprises are not failures of execution, but failures of early alignment.
Today, Harun operates as a trusted advisor to senior leaders across multiple portfolios, helping boards recognise where technical judgement is forming long before it reaches formal governance. His focus is not hiring volume or tactical fixes, but preserving optionality by making risk visible early enough to matter.
He writes to give language to patterns experienced leaders already sense, but rarely see named clearly.
Harun Rabbani 
Leave a comment