Risk management
Galenica has implemented a comprehensive risk management system that aims to identify and assess potential risks at an early stage. We use a structured risk matrix to identify strategic and operational risks and assess them according to their probability of occurrence and their potential financial and reputational impact. We regularly review and adjust our risk management measures to enable us to respond to changing risks. These measures ensure that we achieve our corporate goals and secure our long-term stability and reputation.
Galenica defines risk as the possibility of an event or action leading to immediate financial loss or other negative consequences. Our risk management process supports the Board of Directors, the Executive Committee and the respective management teams of the Group companies in identifying and assessing potential risks in good time and taking the necessary preventive measures. The goal of this process is to identify, assess and reduce significant risks at all management levels and to manage them while making conscious use of the opportunities the process provides.
A strong risk culture within the company is important to us. To raise awareness of risks, we hold regular training courses and workshops in which employees learn to identify risks at an early stage and take appropriate measures.
Group-wide risk management
Group-wide Galenica Risk Management (GRM) comprises the systematic identification, assessment and management of risks. Regular risk analyses help us to identify potential threats to our business processes in good time. These analyses involve assessing the probability of occurrence and the potential impact of each risk. Based on these assessments, we develop risk mitigation measures, such as implementing control mechanisms and contingency plans. In addition, we continuously monitor our risk landscape and adapt our strategies to respond flexibly to new challenges.
Responsibilities and processes
Our risk managers and the Risk Committee are responsible for the strategic planning and implementation of risk management. The risk management is integrated into Galenica’s organisational structure, which means that processes for identifying, assessing and managing risks are defined and integrated into day-to-day operations. The Galenica Board of Directors receives a summary of the most important risks and measures from the Executive Committee at least twice a year and approves the GRM. Suggestions for risk assessments and measures are implemented as part of the subsequent risk management process.
The risk management process is managed centrally by the Controlling unit, while the operational units are responsible for risk management in their respective areas. Specifically, the specialists responsible for each risk area survey, categorise and assess the risks every year in spring and take measures accordingly. This standardised process is based on a risk matrix in order to identify the most important strategic and operational risks as well as their possible financial and reputational effects and assess them according to their probability of occurrence and potential impact.
Most important risk clusters and measures (pursuant to Art. 964a et seq. CO)
Galenica categorises risks into different risk clusters for a structured and targeted analysis. A detailed risk description is prepared for each risk cluster, including the nature of the risk, the potential causes and the potential impact on the company. These descriptions are based on predefined criteria and include both qualitative and quantitative evaluations.
Specific risk mitigation measures are then developed. These measures include preventive strategies to avert risks, as well as reactive plans to minimise the impact in the event of their occurrence. Examples of measures of this kind include implementing control mechanisms, training employees and developing contingency plans. Regular reviews and adjustments of the measures ensure that they are always up to date and effective.
This systematic approach enables us to ensure that the relevant risks are identified and appropriately addressed to ensure the long-term stability and success of our business. In 2024, we included climate-related risks in Galenica risk management as a separate risk cluster. Reporting on this can be found in the “Climate report (according to TCFD)” section.
|
Risk cluster |
Risk description |
Measures |
|
Market regulation |
Cost-cutting measures by political bodies or regulatory restrictions such as price reductions for medications or other services and products covered by statutory health insurance. |
Detailed analysis of the impact of any measures and legislative proposals and development of mitigation measures. |
|
Competitors |
Shortage of skilled workers and high staff turnover. |
Development of mitigation measures. |
|
Operational infrastructure and IT security |
Failure of technical systems and jeopardisation of delivery readiness. |
Regular maintenance and adherence to maintenance schedules. Renewal of facilities, control systems and maintenance contracts with key suppliers. |
|
Cyberattacks on core IT infrastructures and the associated loss of sensitive data and business interruption. |
Regular group-wide awareness training programme. |
|
|
Patient safety |
Incorrect delivery/dispensing of medication (incl. blister packaging) to patients (health risk), damage to patient due to an internal process error. |
Ongoing development of the quality management system in the pharmacy, including training. |
|
Data protection |
Data protection incident due to unauthorised access or unintentional disclosure of personal or sensitive data. |
Regular group-wide awareness training programme. |
|
Employees |
Lack of development opportunities for employees. |
Further development of training and continuing professional development concepts and identification of development opportunities via suitable channels. |
|
Procurement market |
Delivery delay/availability of products/raw materials. |
Safety Stock initiative in collaboration with pharmaceutical companies to ensure supply. Forward-looking planning and increased inventory coverage for sensitive medicinal products/raw materials. |
|
Climate-related risks |
Operational restrictions, including staff shortages, due to rising temperatures and cooling requirements in pharmacies and logistics as well as increasing operating costs due to climate action regulations. |
Protective measures, such as cooling, for employees; operational and medication safety measures. |
Internal control system
As part of its risk management system, Galenica operates an internal control system (ICS) to ensure reliable internal and external financial reporting and to prevent misstatements and errors about business transactions. The ICS offers the necessary processes and controls to ensure that risks in connection with the quality of the company’s financial reporting can be identified and managed in good time. A thorough review of the existence of the processes and controls of the Galenica ICS is carried out annually by the external auditors at the time of the interim audit. The results of these reviews are reported to the Audit and Risk Committee. Management takes appropriate measures to continuously improve business processes in the areas of purchasing, procurement, investment, sales, human resources, general financial management and reporting, and IT controls.
Internal Audit
Internal Audit carries out audits of operational and strategic risk management and the ICS in accordance with the audit plan determined by the Audit and Risk Committee. It carries out audits, analyses and interviews throughout the Group and supports the Service Units in achieving their objectives by ensuring an independent assessment of the effectiveness of internal control processes. Internal Audit prepares regular reports on the audits carried out and reports directly to the Audit and Risk Committee in writing. The activities of Internal Audit are conducted through contracts issued to external service providers.