Effective risk management and control is key to the delivery of our business strategy and objectives.
Our risk management and control processes are designed to identify, assess, mitigate and monitor significant risks, and provide reasonable but not absolute assurance that the Group will be successful in delivering its objectives.
Risk Management Process
Our strategy informs the setting of objectives across the business and is widely communicated. Strategic risks and opportunities are identified as an integral part of the strategy setting process.
The Board oversees the risk management and internal control framework and the Audit Committee reviews the effectiveness of the risk management process and the internal control framework.
Our Senior Executive Team (SET) owns the risk management process and is responsible for managing specific Group risks. The SET members are also responsible for embedding sound risk management in strategy, planning, budgeting, performance management, and operational processes within their respective Operating Segments and business units.
The Board and the SET together set the tone and decide the level of risk and control to be taken in achieving the Group's objectives.
SET members present their risks, controls and mitigation plans to the Board for review on a rolling programme throughout the year.
Internal Audit co-ordinate the risk reporting process and provide independent assurance on the internal control framework.
Internal Control Framework
Our internal control framework is designed to ensure:
- proper financial records are maintained;
- the Group's assets are safeguarded;
- compliance with laws and regulations; and
- effective and efficient operation of business processes.
The Dechra Values are the foundation of the control framework and it is the Board's aim that these values should drive the behaviours and actions of all employees. The key elements of the control framework are described below:
Our management structure has clearly defined reporting lines, accountabilities and authority levels.
The Group is organised into business units. Each business unit is led by a SET member and has its own management team.
Policies and Procedures
Our key financial, legal and compliance policies that apply across the Group are:
- Code of Business Conduct and How to Raise a Concern;
- Delegation of Authorities;
- Dechra Finance Manual, including Tax and Treasury policies;
- Anti-Bribery and Anti-Corruption;
- Data Protection;
- Sanctions; and
- Charitable Donations.
Strategy and Business Planning
We have a five year strategic plan which is developed by the SET and endorsed by the Board annually. Business objectives and performance measures are defined annually, together with budgets and forecasts. Monthly business performance reviews are conducted at both Group and business unit levels.
Our key operational control processes are as follows:
- Product Pipeline Reviews: We review our pipeline regularly to identify new product ideas and assess fit with our product portfolio, assess whether products in development are progressing according to schedule; and assess the expected commercial return on new products.
- Lifecycle Management: We manage and monitor lifecycle management activities for our key products to meet evolving customer needs.
- Pricing Policies: We manage and monitor our national and European pricing policies to deliver equitable pricing for each customer group.
- Quality Assurance: All our manufacturing sites have an established Quality Management System. These systems are designed to ensure that our products are manufactured to a high standard and in compliance with the relevant regulatory requirements.
- Pharmacovigilance: Our regulatory team operates a robust system with a view to ensuring that any adverse reactions related to the use of our products are reported and dealt with promptly.
- Financial Controls: Our controls are designed to prevent and detect financial misstatement or fraud and operate at three levels:
- Entity Level Controls performed by senior managers at Group and business unit level;
- Month end and year end procedures performed as part of our regular financial reporting and management processes; and
- Transactional Level Controls operated on a day-to-day basis.
The key controls in place to manage our principal risks are described in further detail in Understanding Our Key Risks.
Internal Audit provides independent and objective assurance and advice on the design and operation of the Group's internal control framework. The internal audit plan seeks to provide balanced coverage of the Group's material financial, operational and compliance control processes.
Improvements in 2018
We have continued to strengthen and improve a number of key control processes and the following changes have been implemented:
- our Group Code of Conduct and Third Party Code of Conduct have been developed to improve our ability to comply with existing and emerging legislation;
- a new Data Protection Policy and supporting procedures have been developed to support compliance with the EU General Data Protection Regulation (GDPR);
- we have made further enhancements to our manufacturing Quality Management Systems to continue to meet relevant regulatory standards; and
- our Tax and Treasury polices and procedures have been updated to comply with new tax regulations and to reflect a number of improvements in our Treasury processes, respectively.
Plans for 2019
We will continue to refine and strengthen our internal control framework where required in response to changes in our risk profile and improvement opportunities identified by business management, quality assurance and internal audit.