Risk management is part of good corporate governance

Novo Nordisk has developed a dynamic approach to risk management to ensure that key risks are effectively identified, assessed and managed so that they will not affect the company’s ability to achieve our business objectives. Maintaining and monitoring a systematic integrated process to continually assess business risks is the responsibility of Executive Management. The Risk Management Board, with representatives of Senior Management from relevant parts of the business and chaired by the chief financial officer, sets the strategic direction for the risk management process and challenges the overall risk and control profile for Novo Nordisk.

Our policy for risk management is to proactively manage risk to ensure continued growth of our business and to protect our people, assets and reputation. This means that we:

  • utilise an effective and integrated risk management system while maintaining business flexibility
  • identify and assess material risks associated with our business
  • monitor, manage and mitigate risks.

Our risk willingness is not one specific figure or formula, but varies depending upon the specific category of risk. The main characteristics of Novo Nordisk’s risk willingness are:

  • We develop new innovative products to improve treatment of serious diseases such as diabetes and haemophilia. We accept the high level of risk involved in bringing such products to market that meet the needs of patients in terms of both safety and efficacy.
  • We make every effort to reduce safety risks to the lowest level possible in both clinical trials and already marketed products as the safety of patients is paramount to us.
  • We take a conservative approach to the management of financial risks.
  • We strive to reduce supply chain risks through proactive business continuity planning, regular inspections and back-up facilities.
  • We never compromise on quality and business ethics.

The set-up of the risk management system

Novo Nordisk's risk management system covers the entire company in terms of geography, activities and functional areas. It has a cohesive management structure, with a designated Risk Management Board, which sets the strategic direction for enterprise risk management and challenges the overall risk and control profile for Novo Nordisk. The Risk Management Board is composed of senior managers, representing all key parts of the value chain. It is supported by its secretariat, Risk Office, which is responsible for supporting the organisation in the fulfilment of their risk management roles and responsibilities.

Novo Nordisk has developed a systematic, integrated process to continually assess a wide range of potential risk issues. Enterprise risk management increases the company's ability to assess and understand risks separately and in relation to each other. The key aim is not to avoid risks but ensure that they are proactively managed. Each quarter, all major business areas in the company are required to report to the Risk Office their most significant risks, along with plans or processes to manage these risks.

The Risk Office challenges business areas on reported risks and encourages exploration of longer-term concerns. Reported risks are then consolidated into a corporate risk profile containing an assessment of the company's key risks. This information is presented to the Risk Management Board, which challenges the overall risk and control profile of Novo Nordisk. The final profile is reviewed by Executive Management, the Audit Committee and the Board of Directors.

All assessments of risk take into account the likelihood of an event and its potential impact on the business. Impact is quantified and assessed in terms of potential financial loss or reputational damage. Risks are assessed both as gross risk and net risk. The assessment of gross risk assumes that no mitigating actions have been implemented, whereas net risk assessment takes into account mitigation actions and their anticipated effect.