Novo Nordisk’s risk management process is governed by Executive Management and designed to ensure that key business risks are effectively identified, assessed and mitigated so that they do not affect the company’s ability to achieve its business objectives. The risk management system covers the entire company in terms of geography, activities and functional areas.
All business activity has inherent risk. Our approach to risk management is to proactively manage risk to ensure continued growth of our business and to protect our people, assets and reputation. This means that we:
Our risk willingness depends upon the specific category of risk and examples of such categories are:
Please refer to the Annual Report 2018 pp. 41-43 for a more detailed
description of the above categories and Novo Nordisk’s key
In Novo Nordisk, management teams in all organisational areas are responsible for continuous identification, assessment, and mitigation of risks. All areas have procedures and infrastructure to ensure successful management and reporting of risks, with dedicated local risk coordinators facilitating the process and providing advice and training. This setup allows us to respond timely to risks.
Each quarter, management teams are required to report to the Risk Office their most significant risks, along with assessments and an overview of implemented mitigations and next milestones. All risk assessments take into account the likelihood of an event and its potential impact on the business. Impact is quantified and assessed in terms of potential financial loss or reputational damage. Risks are assessed both as gross risk and net risk.
The Risk Office then challenges management on the reported risk information (including assessments, implemented mitigations and next milestones), and consolidates on a quarterly basis reported risks into a corporate profile containing the company's key risks. The final risk profile is reviewed by Executive Management, the Audit Committee and the Board of Directors.