In Novo Nordisk, management teams in all organisational areas are
responsible for continuous identification, assessment, and mitigation
of risks. All areas have procedures and infrastructure to ensure
successful management and reporting of risks, with dedicated local
risk coordinators facilitating the process and providing advice and
training. This setup allows us to respond timely to risks.
Biannually, management teams are required to report to the
Insurance & Enterprise Risk Department their most significant
risks, along with assessments and an overview of implemented
mitigations and next milestones. All risk assessments take into
account the likelihood of an event and its potential impact on the
business. Impact is quantified and assessed in terms of potential
financial loss or reputational damage. Risks are assessed both as
gross risk and net risk.
Insurance & Enterprise Risk then challenges management on the
reported risk information (including assessments, implemented
mitigations and next milestones), and consolidates on a biannual basis
reported risks into a corporate profile containing the company's key
risks. The final risk profile is reviewed by Executive Management, the Audit
Committee and the Board of Directors.