Effective risk management and control is key to the delivery of our business strategy and objectives. Our risk management and control processes are designed to identify, assess, mitigate and monitor significant risks, and can only provide reasonable and not absolute assurance that the Group will be successful in delivering its objectives.
The Board is responsible for overseeing how the Group's strategic, operational, financial and compliance risks are managed, and for assessing the effectiveness of the risk management and internal control framework.
Our Senior Executive Team (SET) owns the risk management process and is responsible for managing specific Group risks.
The SET is also responsible for embedding sound risk management in strategy, planning, budgeting, performance management, and operational processes within their respective Operating Segments and business units.
The Board and the SET together set the tone and decide the level of risk and control to be taken in achieving the Group's objectives.
Overseeing of the Group's risk management and internal controls
Annual validation of the risk reporting process
Senior Executive Team
Owners of the risk management process and responsible for embedding risk management into business units
Identification, mitigation and monitoring of risks
Risk Management Process
Our strategy informs the setting of the objectives across the business and is widely communicated. Strategic risks and opportunities are identified as an integral part of the strategy setting process.
The SET is responsible for evaluating and managing risk from both a bottom up and top down level and acts as a link between the Board and the business units to ensure management of operational risks is embedded in the business.
Each SET member owns one or more Group risks and is responsible for identifying how the risks are currently controlled, what additional mitigating actions are required, what monitoring and assurance mechanisms are in place, assessing the effectiveness of key control processes, and addressing any weaknesses identified.
The Board conducts a review of the risk management and internal control framework and SET members present their risks, controls and mitigation plans to the Board for review on a rolling programme throughout the year. The Audit Committee reviews the effectiveness of internal financial controls annually.
Internal Control Framework
Our internal control framework is designed to ensure:
- proper financial records are maintained;
- the Company's assets are safeguarded;
- compliance with laws and regulations; and
- effective and efficient operation of business processes.
The Dechra Values are the foundation of the control framework and it is the Board's aim that these values should drive the behaviours and actions of all employees. The key elements of the control framework are described below:
Our management structure has clearly defined reporting lines, accountabilities and authority levels.
The Group is organised as business units. Each business unit is led by a SET member and has its own management team.
Strategy and Business Planning
We have a five year strategic plan which is updated and reviewed by the Board annually. Business objectives and performance measures are defined annually together with budgets and forecasts. Monthly business performance reviews are conducted at both Group and business unit levels.
The product pipeline is reviewed regularly to:
- assess whether products in development are progressing according to schedule;
- identify new product ideas and assess fit with our product portfolio; and
- assess the expected commercial return on new products.
Policies and Procedures
Our key financial, legal and compliance policies that apply across the Group are:
- Code of Business Conduct;
- Delegation of Authorities;
- Anti-Bribery and Anti-Corruption;
- Sanctions; and
- Charitable Donations.
Our key operational control processes are as follows:
- Quality Assurance: All our manufacturing sites have an established Quality Management System. These systems are designed to ensure that our products are manufactured to a high standard and in compliance with the relevant regulatory requirements.
- Pharmacovigilance: Our regulatory team operates a robust system with a view to ensuring that any adverse reactions related to the use of our products are reported and dealt with promptly.
- Information Technology: Our business units currently use a number of different local financial, manufacturing and warehouse management systems to support their operations. We are in the process of implementing Oracle across the Group.
- Financial Controls: Our controls are designed to prevent and detect financial misstatement or fraud and operate at three levels:
- Entity Level Controls performed by senior managers at Group and business unit level;
- Month-end and Year-end procedures performed as part of our regular financial reporting and management processes; and
- Transactional Level Controls operated on a day-to-day basis.
Improvements in 2016
In September 2014, the Financial Reporting Council issued a revised UK Corporate Governance Code (the Code) which introduced additional disclosure requirements on risk management and internal controls.
The Group's existing risk management and internal control processes met many of the requirements of this revised Code. The following changes have been implemented to meet the requirements fully.
The key changes that have been implemented are the:
- identification of material internal controls and key monitoring processes in more detail;
- assessment of the effectiveness of these internal control processes;
- introduction of a rolling programme of risk control reviews by the Board with each SET member; and
- stress testing of the Group's cashflow forecasts to assess the impact of a number of downside risk scenarios in order to support the viability statement, which can be found in the Corporate Governance.
In addition, an internal audit programme has been established to provide independent assurance on material financial, operational and compliance controls over a three year cycle.
Plans for 2017
We plan to continue to refine and strengthen our internal control framework where required within our core business and in recently acquired businesses.
The implementation of Oracle is expected to deliver improvements in our control framework through standardisation of business processes and greater automation of transactional level and period end control processes.