• Home
• Responsibility
• Our values and policies
• Business ethics
• Risk management and compliance

Risk management and compliance

We are committed to high standards of business conduct and to good risk management, to protect the company’s assets, safeguard shareholder investment and ensure compliance with applicable legal requirements. Our Group policies lay out an integrated and effective system of internal controls for risk management and legal compliance within the company across all operations throughout the world.

We regard compliance with our Group policies as an integral element of good risk management and we regard good risk management as an important responsibility of all our management roles. All our managers have responsibility and accountability for managing the risks arising in their areas of responsibility.

Each manager of a business or functional unit is responsible for periodically reviewing the risks facing their unit, identifying all significant risks and implementing effective controls to manage those risks, including most importantly designating responsibilities, and providing for upward communication of any significant issues that arise.

The risk of failing to comply with legal requirements (eg, quality/GMP requirements in manufacturing, or anti-competitive laws in sales and marketing ); and financial, operational and reputational risks which could be significant to us (eg, a recall or supply failure of a major product) are referred to collectively as significant risks.

The management and reporting of significant risk and compliance issues is overseen by our Risk oversight and compliance council (ROCC). The ROCC is a council of senior executives authorised by the Board to assist the Audit committee oversee the risk management and internal control activities of the Group. Membership comprises several Corporate executive team (CET) members and the heads of departments with internal control, risk management, audit, or compliance responsibilities. A direct reporting line to the Audit committee provides a mechanism for bypassing the executive management should the need ever arise.

The ROCC is supported by Risk management and compliance boards (RMCBs) in each of the major business units. Membership often comprises members of the senior executive team of the respective business unit, augmented by specialists where appropriate. The RMCBs oversee management of all risks that are considered important for their respective business units. Each RMCB regularly reports the status regarding its significant risks to the ROCC.

In a number of risk areas, specific standards that meet or exceed requirements of applicable law have been established. Specialist audit and compliance groups (for example Corporate environment, health and safety, Global quality assurance and Worldwide regulatory compliance) assist in the dissemination, implementation and audit of these standards.

The ROCC is also supported by the Corporate ethics and compliance (CEC) department which is managed by the Corporate compliance officer (CCO) who reports directly to the CEO. The CCO chairs the ROCC and coordinates some of the risk management activities among the various compliance and audit functions across the Group, and provides summary reports on the ROCC’s activities and the Group’s significant risks to the CET and the Audit committee on a regular basis.

Back to top