Lundbeck is exposed to risks throughout the value chain, from the initial stages of developing innovative pharmaceuticals in our in-house facilities to the proven pharmaceuticals reaching the patients. Lundbeck’s risk management processes are continually updated and adapted to match internal and external requirements, where risks related to trends, global economic developments, geopolitics and long-term forecasts are assessed as part of Lundbeck’s long-term strategic planning. With this understanding of the wider context and an accurate and complete overview of Lundbeck’s activities and resources, Executive Management has a clear basis for decision-making on our overall risk-exposure and resulting opportunities.
The overall responsibility of risk management lies with the Board of Directors. Oversight of compliance within the established enterprise risk management framework is delegated to the Audit Committee.
Risk management framework
In Lundbeck, enterprise risk management is considered an integral part of doing business, which is reflected in the risk management process.
The process starts in the decentralized teams within Business Units and Corporate Functions, which have detailed and extensive knowledge of the risks within their areas of responsibility. They systemically identify, quantify, respond to and monitor risks, and they are ideally placed to mitigate our exposure in the first instance.
Business Units and Corporate Functions report to the central Risk Office on a semi-annual basis. The central Risk Office facilitates workshops for management from Business Units and Corporate Functions, risk contributors and risk responsible individuals. These workshops play a crucial part in the alignment of risks reported to the Risk Office.
The Risk Office assesses the likelihood of an event occurring and the potential impact on the Group in terms of financial loss, and identifies the key risks. The key risk overview is presented to Executive Management for their assessment and approval, before it is reported to the Audit Committee and the Board of Directors.
The corporate risk register kept by the Risk Office provides a consolidated overview of our risk exposure by detailing each risk, risk category and type. The risk descriptions provide details on the event, its current status, the status of the response and the likelihood and potential impact. Our reporting process defines six risk categories:
- Research and Development
- Market and Commercial
- Supply, Quality and Product Safety
- IT security
- Legal and Compliance
Lundbeck has developed a streamlined process covering day-to-day risk identification, monitoring, mitigation and reporting within Business Units and Corporate Functions, all the way to the final reporting to Executive Management. This process puts Executive Management in a position to control Lundbeck’s risk appetite when deciding strategy and practice, and when making day-to-day decisions.