Effective risk management and control is key to the delivery of our business strategy and objectives. Our risk management and control processes are designed to identify, assess, mitigate and monitor significant risks, and can only provide reasonable and not absolute assurance that the Group will be successful in delivering its objectives.
The Board is responsible for the oversight over how the Group's strategic, operational, financial and compliance risks are managed and for assessing the effectiveness of the risk management and internal control framework.
Our Senior Executive Team (SET) owns the risk management process and is responsible for managing specific Group risks. The SET is also responsible for embedding sound risk management in strategy, planning, budgeting, performance management, and operational processes within their respective Operating Segments and business units.
The Board and the SET together set the tone and decide the level of risk and control to be taken in achieving Group and business unit objectives.
Oversight of the Group's risk management and internal controls
Annual validation of the risk reporting process
Senior Executive Team
Owners of the risk management process and responsible for embedding risk management into business units
Identification, mitigation and monitoring of risks
Risk Management Process
Our strategy informs the setting of the objectives across the business and is widely communicated. Strategic risks and opportunities are identified as an integral part of the strategy setting process.
The SET provides a pivotal platform for evaluating and managing risk from both a bottom up and top down level and acts as a link between the Board and the business units to ensure management of operational risks is embedded in the business. Each SET member owns one or more Group risks and also maintains an operational risk register for their business unit.
For the risks which they own, each SET member identifies how the risks are currently controlled, what additional mitigating actions are required, and what monitoring and assurance mechanisms are in place.
The Board conducts a review of the risk management and internal control framework and the SET presents the most significant Group risks, controls and mitigation plans to the Board for review twice a year. The Audit Committee reviews the effectiveness of internal financial controls annually.
Internal Control Framework
Our internal control framework is designed to ensure:
- proper financial records are maintained;
- the Company's assets are safeguarded;
- compliance with laws and regulations; and
- effective and efficient operation of business processes.
The Dechra Values are the foundation of the control framework and it is the Board's aim that these values should drive the behaviours and actions of all employees. The key elements of the control framework are described below:
Our management structure has clearly defined reporting lines, accountabilities and authority levels.
The Group is organised as business units. Each business unit is led by a SET member and has its own management team.
Strategy and Business Planning
We have a five year strategic plan which is updated and reviewed by the Board twice a year. Business objectives and performance measures are defined annually together with budgets and forecasts. Monthly business performance reviews are conducted at both Group and business unit levels.
The product pipeline is reviewed regularly to:
- assess whether products in development are progressing according to schedule;
- identify new product ideas and assess fit with our product portfolio; and
- assess the expected commercial return on new products.
Policies and Procedures
Our key financial, legal and compliance policies that apply across the Group are:
- Code of Business Conduct;
- Delegated Authorities;
- Anti-Bribery and Anti-Corruption;
- Sanctions; and
- Charitable Donations.
Our key operational control processes are as follows:
- Quality Assurance: All our manufacturing sites have an established Quality Management System. These systems are designed to ensure that our products are manufactured to a high standard and in compliance with the relevant regulatory requirements.
- Pharmacovigilance: Our regulatory team operates a robust system with a view to ensuring that any adverse reactions related to the use of our products are reported and dealt with promptly.
- Information Technology: Our business units currently use a number of different local financial, manufacturing and warehouse management systems to support their operations. We are in the process of implementing Oracle across the Group.
- Financial Controls: Our financial controls are designed to prevent and detect financial misstatement or fraud and operate at three levels:
- Entity Level Controls performed by senior managers at Group and business unit level;
- Month-end and Year-end procedures performed as part of our regular financial reporting and management processes; and
- Transactional Level Controls operated on a day-to-day basis.
Improvements in 2015
The Board appointed Deloitte to undertake an assessment of the Group's risk management process and a review of internal financial controls in the second half of the previous financial year.
During the current financial year we implemented a number of improvements to the Group's risk management and review processes and to the business units' financial controls based on Deloitte's recommendations.
Each quarter, business units formally report to Group Finance on the operation of their key financial controls. They also submit and discuss progress reports on the implementation of agreed control improvements. These form the basis of financial controls assurance reports presented to the Audit Committee.
In April 2015, a Head of Internal Audit and Risk Assurance was appointed and has presented to the Audit Committee on the key changes required to comply with the revised UK Corporate Governance Code which becomes effective for the 2016 financial year.
Plans for 2016
We plan to implement a number of changes to our risk management process and internal control framework to ensure compliance with the changes introduced in the revised UK Corporate Governance Code.
The new Internal Audit and Risk Assurance function will provide independent assurance that major business risks are being managed appropriately, and that the internal control framework is robust and operating effectively.
We also plan to conduct pre-implementation assurance work on the Oracle system configuration and control design.
Read more on Delivering Our Strategy.
Read our Key Performance Indicators.