GlaxoSmithKline logo
Advanced search


Corporate Responsibility Report 2008

Assurance and internal audit

External assurance of EHS activities

The information we provide about environment, health and safety activities at GSK has been externally assured by independent, third-party assurers.

Our reporting on environment, health and safety performance is assured by SGS, an external assurer. The assurance process includes verification of key environment, health and safety data through site visits and telephone calls to EHS professionals and review of systems and processes for collecting, collating, analysing and interpreting the data. Read the EHS assurance statement by SGS.

External assurance of access to medicines activities

In our 2007 CR Report, information on access to medicines was externally assured. Read how we are responding to the recommendations made by the assurers on our access to medicines activity and reporting.

This year we did not conduct assurance on the CR report other than that described above for the EHS section. We plan to conduct assurance of one new section of the report every other year, so a section of the 2009 report will be subject to external assurance.

Internal audit and assurance

GSK has developed an assurance programme that provides a holistic assessment of internal control processes, risk management and audit within the company. A key part of this programme is an extensive and independent internal audit schedule, delivered by four specialist audit groups. These audits assess compliance with laws, regulations and company standards, and evaluate the effectiveness of the risk management process in identifying, managing and mitigating the more significant risks facing GSK.

  • Global Internal Audit (GIA) is responsible for evaluating the financial and operational controls that ensure financial reporting integrity and safeguard assets from losses, including fraud
  • Corporate Environment, Health, Safety and Sustainability (CEHSS) is responsible for assessing the management of health and safety risks and environmental impacts
  • Global Manufacturing Supply Audit and Risk Management (ARM) assesses the quality and supply risks relating to manufacturing and supply chain processes for GSK commercial products
  • Global Quality and Compliance (GQC) is responsible for assessing risks relating to medicines, vaccines and medical devices throughout the product development process, including the manufacture of clinical trial material

The central assurance function is responsible for developing the assurance programme, and for ensuring that the GSK audit groups work together in the most efficient and effective way to deliver the audit schedule.

Global Internal Audit audits the other three audit groups for alignment with the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.

The CEHSS, ARM and GCQ audit groups have additional responsibilities for the auditing of contract manufacturers and key suppliers to GSK.

GSK employs approximately 150 full-time internal auditors across the four audit groups. Audits range in duration from two man-weeks for simple activities where the scope is limited, to several months for an audit involving complex or highly technical processes. The audit teams may also be supplemented by external experts with specific technical skills, or by the use of guest auditors from within the business.

Audits are conducted based on the level of risk. They regularly assess the level of internal control for a number of responsibility areas, including:

  • Animal research
  • Business continuity planning
  • Community investment
  • Conduct of clinical trials
  • Employment practices
  • Environmental factors
  • Ethical conduct
  • Financial processes
  • Health and safety
  • Information technology
  • Intellectual property
  • Interactions with patient groups
  • Manufacturing and supply chain standards
  • Patient safety
  • Sales and marketing practices

When issues or control deficiencies are identified, the audit groups recommend processes for improvement. GSK managers develop corrective action plans to eliminate the causes of non-compliance and gaps in internal controls. The audit groups track these plans to completion and report results to senior management and the Audit Committee.

Each audit group reports to the Audit Committee as part of the assurance programme, and provides an assessment of whether adequate controls are in place to manage significant risks. Any significant audit results are also reported to the Audit Committee at the earliest opportunity.


Quick links


Assurance
More on