The Risk Oversight and Compliance Council (ROCC) is chaired by the corporate compliance officer and includes at least three members of the Corporate Executive Team appointed by the CEO. Other members include the General Counsel, Company Secretary and the Head of Global Internal Audit.
Additional members may be added by the ROCC Chairman from time to time as appropriate.
The ROCC assists the Audit & Risk Committee in its review of activities and helps to ensure that effective internal controls are implemented for all significant risks. Establishment of the ROCC was approved by our Board, guided by the Corporate Compliance Officer, with the following terms of reference:
- Identify all significant risks to which GSK is exposed
- Monitor the effectiveness of internal controls implemented to manage those risks
- Ensure adequate information and reporting to support the annual review by the directors of such internal controls
In accordance with its role, the Audit & Risk Committee reviews information and reports from the ROCC and in turn reports to our Board on these matters.
The ROCC is responsible for carrying out the following tasks:
- Assessing all significant risks to which GSK is exposed
- Working with all sectors and functions to ensure a sound system of internal controls for the management of all significant risks, including process, accountability and reward programs
- Establishing and managing a reporting process for major sectors to provide regular reports on internal controls for significant risks affecting their businesses
- Directing audits, reviews and other methods to monitor the effectiveness of these internal controls
- Integrating risk management into business process improvement programs
- Ensuring best practices are shared among sectors and compliance and audit groups