The Risk Management Framework to Address and Assess Risks

Lundbeck is exposed to risks throughout the value chain, from the initial stages of developing innovative pharmaceuticals in our in-house facilities to the proven pharmaceuticals reaching the patients. Our risk management processes are continually updated and adapted to match internal and external requirements, where risks related to trends, global economic developments, geopolitics and long-term forecasts are assessed as part of Lundbeck’s long-term strategic planning. This macro context, together with a comprehensive overview of Lundbeck’s activities and resources, gives Executive Management a clear foundation for decision-making not only on our overall risk-exposure but also, resulting opportunities.

The overall responsibility of risk management lies with the Board of Directors. Oversight of compliance within the established enterprise risk management framework is delegated to the Audit Committee.

The Lundbeck Risk Management framework guides our processes to address and assess risks.

The process starts in the decentralised teams within Business Units and Corporate Functions, which have detailed and extensive knowledge of the risks within their areas of responsibility. They are strategically placed to mitigate our risk exposure in the first instance.

Business Units and Corporate Functions report to the central Risk Office on a semi-annual basis. The central Risk Office provides the risk framework and conducts interviews and workshops with management from Business Units and Corporate Functions, risk contributors and risk responsible individuals. This represents an integral part in the alignment of risks reported to the Risk Office.
Together they assess the likelihood of an event occurring and the potential impact on the Group in terms of financial loss. The key risk overview is presented to Executive Management for their assessment and approval, before it is reported to the Audit Committee and approved by the Board of Directors.

The corporate risk register kept by the Risk Office provides a consolidated overview of our risk exposure by detailing each risk, risk category and type. The risk descriptions provide details on the event, its status, the status of the response and the likelihood and potential impact. Our reporting process defines six risk categories:

• Research and Development
• Market, Commercial, and Strategy
• Supply, Quality and Product Safety
• IT security
• Legal and Compliance
• Finance

Lundbeck has developed a streamlined process covering day-to-day risk identification, monitoring, mitigation and reporting within Business Units and Corporate Functions, all the way to the final reporting to Executive Management. This process puts Executive Management in a position to control Lundbeck’s risk appetite when deciding strategy and practice, and when making day-to-day decisions.