Internal Audit assists the Board of Directors and the ECN in discharging their governance responsibilities by providing independent assurance and advice on the effectiveness, efficiency and adequacy of processes and controls that support Novartis in achieving its objectives, managing its major risks, and ensuring compliance with applicable policies, laws and regulations. The Internal Audit function executes the risk-based annual audit plan approved by the Board-level Audit and Compliance Committee (ACC) and reports the results to the audited units, the ECN and the ACC.
In 2021, our Internal Audit function carried out a total of 46 audits, ten internal reviews and 14 advisories – most conducted remotely due to the ongoing COVID-19 pandemic. These engagements covered the entire value chain of Novartis and key strategic and operational risks.
Internal Audit is part of Novartis Business Assurance & Advisory (NBAA), an independent function that also comprises the Global Security function with its four pillars: falsified medicines, investigation, intelligence and executive protection. NBAA plays an important role in supporting the risk and compliance process, and provides protection, insight and advice to the business and the ACC.
2021 Internal Audit activities and observations
Recurring observations relate to:
- Data governance and management; oversight of digital initiatives
- Third-party management, including subcontracting oversight
- Design of certain commercial and R&D processes, and cross-functional collaboration over complex programs, such as Enterprise Resource Planning (ERP) implementation
- Patient support program, including monitoring of external service providers