Strengthening internal assurance and advisory

Novartis Business Assurance & Advisory (NBAA) plays an important role in supporting the risk and compliance process. It is an independent corporate function comprising Internal Audit, the SpeakUp Office (our whistleblower program) and Global Security that provides protection, insight, advice and assurance to the business and the Audit & Compliance Committee of the Board of Directors. In 2020, we invested in upskilling 115 NBAA associates to become better at identifying emerging risks, and we accelerated data and digital awareness.

With our joint ambition for integrated assurance and data and digital, we are leveraging new digital capabilities to seamlessly connect and analyze data from NBAA, ERC and across Novartis divisions into a single dashboard to detect emerging risks, trends and developments more quickly and accurately.

These enhancements were crucial in helping us adapt to the COVID-19 pandemic. As lockdowns took effect, we quickly shifted to remote audits, advisories and investigations, and recalibrated our focus on evolving threats such as cybersecurity in coordination with Novartis Information Security and Risk Management. These efforts helped ensure NBAA provided senior management and the Board of Directors with timely advice on how to optimize business continuity in critical units such as Novartis Technical Operations, which oversees global manufacturing operations, the supply chain and quality assurance. Support included early intervention advice to review business continuity and emergency management plans so sites could continue to operate seamlessly until Novartis had established a global response plan. 

We further strengthened our Internal Audit function by introducing data automation and laying the foundation for continuous risk assessment through data analytics. We also introduced automated analytics for commercial auditors, with an estimated 150 hours saved across commercial audits per year. We enhanced our understanding of key company risks as well as our coverage by using new approaches such as reviews covering smaller markets or emerging topics, and piloted culture pulse checks providing additional insight into the Novartis culture journey.

We performed 81% of planned activities (equating to 62 engagements) in 2020, most conducted remotely, despite the obstacles created by COVID-19. These engagements included 39 audits, 17 advisories and six internal reviews covering the entire value chain of Novartis and key risks.

We evolved our approach from a main focus on findings to truly understand the root causes, and started to share knowledge and learnings that our associates can apply. As an example, insights were shared from engagements exploring the unique challenges associated with Kymriah, our chimeric antigen receptor T-cell (CAR-T) therapy. Learnings regarding the need to strongly connect the supply chain and commercial functions, or how to implement innovative agreements with payers, helped us identify and mitigate risks linked to the new business model for this immunotherapy.