Effective risk management and control is key to the delivery of our business strategy and objectives. Our risk management and control processes are designed to identify, assess, mitigate and monitor significant risks, and can only provide reasonable and not absolute assurance that the Group will be successful in delivering its objectives.
The Board is responsible for overseeing how the Group's strategic, operational, financial and compliance risks are managed, and for assessing the effectiveness of the risk management and internal control framework.
Our Senior Executive Team (SET) owns the risk management process and is responsible for managing specific Group risks.
The SET is also responsible for embedding sound risk management in strategy, planning, budgeting, performance management, and operational processes within their respective Operating Segments and business units.
The Board and the SET together set the tone and decide the level of risk and control to be taken in achieving the Group's objectives.
Overseeing of the Group's risk management and internal controls
Annual validation of the risk reporting process
|Senior Executive Team|
Owners of the risk management process and responsible for embedding risk management into business units
Identification, mitigation and monitoring of risks.
Risk Management Process
Our strategy informs the setting of the objectives across the business and is widely communicated. Strategic risks and opportunities are identified as an integral part of the strategy setting process.
The SET is responsible for evaluating and managing risk from both a bottom up and top down level and acts as a link between the Board and the business units to ensure management of operational risks is embedded in the business.
Each SET member owns one or more Group risks and is responsible for identifying how the risks are currently controlled, what additional mitigating actions are required, what monitoring and assurance mechanisms are in place, assessing the effectiveness of key control processes, and addressing any weaknesses identified.
The Board conducts a review of the risk management and internal control framework and SET members present their risks, controls and mitigation plans to the Board for review on a rolling programme throughout the year. The Audit Committee reviews the effectiveness of internal financial controls annually.
Internal Control Framework
Our internal control framework is designed to ensure:
- proper financial records are maintained;
- the Group's assets are safeguarded;
- compliance with laws and regulations; and
- effective and efficient operation of business processes.
The Dechra Values are the foundation of the control framework and it is the Board's aim that these values should drive the behaviours and actions of all employees. The key elements of the control framework are described below:
Our management structure has clearly defined reporting lines, accountabilities and authority levels.
The Group is organised as business units. Each business unit is led by a SET member and has its own management team.
Strategy and Business Planning
We have a five year strategic plan which is updated and reviewed by the Board annually. Business objectives and performance measures are defined annually together with budgets and forecasts. Monthly business performance reviews are conducted at both Group and business unit levels.
The product pipeline is reviewed regularly to:
- assess whether products in development are progressing according to schedule;
- identify new product ideas and assess fit with our product portfolio; and
- assess the expected commercial return on new products.
Internal Audit provides independent and objective assurance and advice on the design and operation of the Group's internal control framework. The internal audit plan seeks to provide balanced coverage of the Group's material financial, operational and compliance control processes.
Improvements in 2017
We have continued to strengthen and improve a number of key control processes and the following changes have been implemented:
- a number of portfolio and project management improvements have been implemented in our product development processes;
- the manufacturing Quality Management Systems in all our recent acquisitions have been assessed and improvements implemented to ensure they meet relevant regulatory standards;
- a risk assessment of the key contract manufacturing organisations (CMOs) that our supply chain is dependent upon has been completed and quality audits have also been conducted on the top 35 CMOs; and
- our standard financial control framework has been updated and rolled out across the Group, including all recent acquisitions, in response to a number of improvement opportunities identified from internal audit reviews.
Plans for 2018
We will continue to refine and strengthen our internal control framework where required in response to changes in our risk profile and improvement opportunities identified by business management, quality assurance and internal audit.
We are planning to review our key corporate compliance processes and training activities including our Group Code of Conduct, key Group Policies and our Third Party Principles Policy in order to improve our ability to comply with existing and emerging legislation.