All business activity has inherent risk. Our approach to risk management is to proactively manage risk to ensure continued growth of our business and to protect our people, assets and reputation. This means that we:
- utilise an effective and integrated risk management system while maintaining business flexibility,
- identify and assess material risks associated with our business, and
- monitor, manage and mitigate risks.
Our risk willingness depends upon the specific category of risk and examples of such categories are:
- Research and Development Risks
- Product supply, Quality and Safety Risks
- Commercialisation Risks
- IT Security Risks
- Financial Risks
- Legal and Compliance Risks
In Novo Nordisk, management teams in all organisational areas are responsible for continuous identification, assessment, and mitigation of risks. All areas have procedures and infrastructure to ensure successful management and reporting of risks, with dedicated local risk coordinators facilitating the process and providing advice and training. This setup allows us to respond timely to risks.
Biannually, management teams are required to report to the Insurance & Enterprise Risk Department their most significant risks, along with assessments and an overview of implemented mitigations and next milestones. All risk assessments take into account the likelihood of an event and its potential impact on the business. Impact is quantified and assessed in terms of potential financial loss or reputational damage. Risks are assessed both as gross risk and net risk.
Insurance & Enterprise Risk then challenges management on the reported risk information (including assessments, implemented mitigations and next milestones), and consolidates on a biannual basis reported risks into a corporate profile containing the company's key risks. The final risk profile is reviewed by Executive Management, the Audit Committee and the Board of Directors.
