Information and monitoring tools of the Board of Directors with respect to management
Risk management
Galenica has a risk management process in place which enables the Board of Directors, the Corporate Executive Committee, and the relevant management of Group companies to identify and assess potential risks in a timely manner and take the preventive measures necessary. The goal of this process is to identify and assess significant risks at all management levels and to manage them while making conscious use of the opportunities the process provides.
As part of Group-wide Galenica Risk Management (GRM), the companies in the Group conduct a risk assessment at least twice a year. This standardised process is based on a risk grid in which the most important strategic and operational risks and their possible effects – particularly from a financial and reputational perspective – are identified in line with pre-defined criteria and then evaluated in accordance with the probability of their occurrence and their effect. These risks are entered into a risk matrix for each Service Unit and, depending on the importance, also incorporated into the Group risk matrix.
The Board of Directors of Galenica receives an overview of the most important risks from the Corporate Executive Committee when circumstances require it, but at least twice a year. The Board approves the overview, adding information as needed, and where required takes decisions on any preventive measures necessary, which will then be implemented Group-wide as part of the risk management process.
Galenica defines risk as the possibility that an event or an action will lead to immediate financial loss or other negative consequences.
Additional information about the management of financial risks can be found in the Notes to the consolidated financial statements 2023, Note 27 Financial risk management.
Internal control system
As part of its risk management system, Galenica operates an internal control system (ICS) to provide reliable internal and external financial reporting and to prevent false information and errors about business transactions. The ICS provides the necessary processes and controls to ensure that risks relating to the quality of the company’s financial reporting can be detected and managed in a timely manner. A thorough review of the existence of the processes and controls of the Galenica ICS is carried out annually by the external auditors at the time of the interim audit. The results of these reviews are reported to the Audit and Risk Committee. Appropriate measures are taken by management to continually improve the company’s processes with regard to the process areas of purchasing, procurement, investments, sales, HR, general financial management and reporting, as well as IT controls.
Internal Audit
Internal Audit carries out audits of operational and strategic risk management and the ICS in accordance with the audit plan determined by the Audit and Risk Committee. It carries out reviews, analyses and interviews across the Group and helps the Service Units to meet their targets by ensuring an independent assessment of the effectiveness of the internal control processes. Internal Audit regularly produces reports on its audits and reports directly to the Audit and Risk Committee in writing. The activities of Internal Audit are conducted through contracts issued to external service providers.