How we manage risk
Our strategy brings opportunities for our stakeholders and society – for example, by creating new medical breakthroughs or expanding access to our medicines. At the same time, our strategy also carries risks. Many of these relate to our business environment, such as the uncertainty inherent in research and development (R&D), or changing societal expectations of our industry.
Our approach to risk
The Novartis Enterprise Risk Management (ERM) framework is designed to generate a holistic view of risks for the company and drive a culture of smart risk-taking. While our Code of Ethics sets the ethical framework for all employees to manage risk across our business, risk management is a fundamental leadership responsibility that involves active engagement by leaders at each stage of the process.
The overall ERM process is the responsibility of the Chief Ethics, Risk & Compliance Officer, with oversight from the Executive Committee of Novartis and the Board of Directors. For further details on governance of risk at Novartis, please see the section “Our corporate governance approach.”
Our ERM framework is aligned with our strategic planning and helps us better understand our overall level of risk exposure. The Risk & Resilience team conducts risk workshops and collaborates with all risk assurance functions to identify key risks across the company. Each Novartis unit organizes a focused risk workshop at the leadership level. In parallel, risk workshops are held in our largest markets by revenue and in certain focus markets.
The outcomes of these workshops are consolidated into the Novartis Risk Compass, which groups risks into three categories: strategic, operational and emerging. Risks are rated based on likelihood and potential impact over the next five years, using the “most-probable worst-case” scenario for each risk as a reference point. Once key risks are identified, mitigation plans are created. In addition to the three categories described above, we identify separate “awareness topics” that we believe may become new risks over time.
The Risk Compass helps senior management and our Board of Directors focus discussions on key risks and align strategy with risk exposure. We regularly monitor risks and revise our assessments, if necessary.