This slashdot discussion starts out as a specific question, but then digresses into a much more general (and very interesting) conversation about how to handle problems in companies. The summation is:
I also work for a biotech but we're lucky enough to have a CEO who's a computer scientist so he knew the importance of IT. As such we have a rather larger IT dept which includes a software development team.
In order to show the bossesses that proper software maintenance/creation/validation procedures are important just explain what would the FDA or some other regulatory agency do to your collective bung holes if they were to probe deeper into your practices.
Mission critical data being handled by non-validated/non-documented software is just like having untrained people working with samples in the lab, it's a big no-no.
You need paperwork that supports your claim, start with all the areas where un-validated software is used, then add to that a second section explaining the cost of poorly planned development iterations. We work using monthly iterations and when we told the people responsible for the software in the field that an iteration cost about 30 000$ just in labor costs they started paying attention and making the lists of demands count, i.e. removing the superflueous demands (ex: "it would look nicer in blue" was replaced with "The standard deviation calculation should be done with X+1, not just X.")