Search the report:

• Home |
• Downloads |
• Glossary |
• Sitemap

Directors' Report:
Business Review

• Introduction
• Goals, strategy and performance measurement
• Business environment
• Business organisation
• Our resources, skills and capabilities
• Corporate governance and managing risk
  • Corporate governance: Operation of the Board of Directors
  • Corporate governance: Operation of the Board Committees
  • Corporate governance: Principal UK and US governance requirements
  • Corporate governance: Other matters
  • Managing risk

Managing risk

We continue to integrate risk management across all business functions to ensure that managers understand the importance of identifying risks and how they should be managed. We provide a risk management framework that managers can use to recognise, assess and actively manage the challenges in their areas. Set out below is a diagrammatical depiction of the principal risks that we face and, in broad terms, the way in which those risks are managed. Further details are provided in the Risk section.

Risks

To eliminate duplication of effort and ensure clear accountabilities, we made a number of refinements to our risk management structure during the year. Building on our increasing focus on integrated risk management, the Risk Advisory Group was dissolved and its responsibilities assumed by our business leadership teams who identify, monitor and manage risks as an integral part of business planning and performance management.

Key risks are included in each function’s or the Senior Executive Team’s (SET) quarterly performance report and the SET will focus in particular on cross-functional risks, agreeing on the most significant risks affecting the organisation and the industry. We review our key risk profiles annually on both a functional and a Group level, and the results of these reviews are considered by both the Audit Committee and the Board. Risk management tools and expertise are deployed, where appropriate, to assist senior managers in identifying, assessing and developing strategies for managing risk in their respective areas of responsibility. There is also a rolling programme of training staff in effective integrated risk management and a network for the sharing and embedding of best practice.

The main areas of risk that we face are discussed in the Risk section and the summary of internal controls and management of risk in the Corporate Governance section. Examples of our approach to managing certain specific risks are set out below.

• Our internal programmes and management systems are designed to ensure that we maintain compliance with all applicable environmental, health and safety laws, regulations, licences and permits at each of our operating facilities. We also implement robust programmes that anticipate, and proactively manage, policy and legislative developments relevant to the business.
• As part of our risk management process in R&D, we have developed priority criteria intended to predict the success of compounds early and so to give those compounds in our programmes the best chance to reach the market. Our focus on quality, speed and volume has resulted in greater outputs from discovery into development. An increased use of biomarker data has made major contributions at the key decision points on whether to progress or reject compounds. We also use predictive tools to guide chemical synthesis activities and clinical data and genetic information to validate targets. The overall effect should be to give us a stronger portfolio.
• To manage pressure on price and market access, we continue to focus on developing differentiated products that offer improved treatment options to meet patient needs and bring economic benefit to healthcare systems. When setting the price of a medicine, we aim to reflect its full value to customers, patients and society in general. Our pricing will also take account of the fact that, as a publicly-owned company, we have a duty to ensure that we continue to deliver value for our shareholders. We balance many different factors, including ensuring appropriate patient access, in our global pricing policy, which provides the framework for optimising the profitability of our products in a sustainable way.
• Our approach to risk management includes the development of robust business continuity plans, and such plans are designed to provide for situations in which specific risks have the potential to have a severe impact on our business. During 2007, our business continuity planning activities continued to build on the work previously done to prepare for the possibility of pandemic flu, aimed at ensuring the development of robust plans to support business continuity for all regions and key business processes. At the same time we took the opportunity to review and further strengthen our crisis management planning and response structures, including plans, escalation processes and crisis communications. This resulted in the production of draft global standards for crisis management and business continuity, which will be rolled out and implemented during 2008, and will support the Group Risk and Control Policy. We will be seeking full compliance with the standards by the end of 2008, including alignment of documentation, training of line managers and the use of crisis simulation activities to test the new procedures.

During 2007, we strengthened our corporate responsibility leadership and governance with the establishment of a new function, Group Public Affairs, which is leading the development of our strategic approach and aligning the tactical delivery. The new group works closely with Global Compliance and with senior business and functional leaders across AstraZeneca to ensure that we have appropriate systems in place for identifying the risks and opportunities associated with our corporate responsibility, together with effective frameworks for managing them, monitoring progress against our objectives and ensuring compliance with all relevant policies and standards.

We also established a cross-functional, cross-territorial Issues Management Council (IMC), which monitors our external environment for new and emerging issues relating to our business that affect or concern our stakeholders. This team then works with the people who are responsible for managing the issues internally to agree appropriate actions, timelines and, where possible, key performance indicators. The Vice-President, Public Affairs chairs the IMC and is also a member of the Global Compliance Committee to ensure that any reputational risk is fully captured at the appropriate level.

These developments during 2007 are intended to strengthen our approach to integrating corporate responsibility into our business management and governance frameworks. In so doing, we eliminated the need for a Global Corporate Responsibility Committee, which was discontinued during the year. Having used this committee as a forum for developing the frameworks we needed for integrating corporate responsibility across the business, we believe its elimination will further enhance line manager ownership and accountability.

Working with suppliers

We believe that effective risk management extends to managing any potential reputational risks associated with our purchasing activities. We therefore aim to work only with those suppliers who embrace standards of corporate responsibility that are similar to our own. This applies across the full range of our purchasing activities, from promotional items to pharmaceutical ingredients, and includes any specialised work for which we use external contractors to complement our in-house effort, such as animal research. We provide guidance for our purchasing community that describes the framework for developing and implementing the functional, regional and site-specific programmes needed to ensure that we effectively and consistently integrate corporate responsibility considerations into our buying practice.

A rolling implementation

Integrating corporate responsibility (CR)considerations into the many thousands of supplier relationships we have around the world will take time. CR considerations are included in all new contracts and master agreements in the US, the UK and Sweden, our three main business hubs where over 80% of our suppliers are based and we are now extending the geographic reach, focusing initially on suppliers in countries where we have other major marketing, manufacturing or research activities. These include Japan, China, India, Canada, Mexico and Puerto Rico, as well as more countries in Europe.

Monitoring performance

In January 2007, we broadened the scope of our rolling programme of audits that include CR to cover formulation and packing suppliers in addition to chemical intermediate and active pharmaceutical ingredient suppliers. During the year, we audited a total of 33 manufacturing sites at 29 different suppliers, and these audits included SHE, CR, quality and security of supply. The increase on 2006 (17 audits) reflects the extended scope of our programme described above. Major findings relating to occupational health and safety at two of our suppliers have been discussed with, and satisfactorily addressed by, the companies concerned.

We updated our supplier evaluation procedure in 2007 to ensure that our audit activities prioritise those groups with the highest potential to impact our business continuity and our reputation. A major step has been the further strengthening of the social elements of the evaluation, in particular human rights and labour standards. Training will be provided to auditors to support the addition of these strengthened areas to the evaluation procedure during 2008.

The new procedure requires all our high-risk category suppliers be audited at least once every four years. Medium risk suppliers are audited at the start of the business relationship and refresher audits are planned if there are any significant changes at the supplier. Between 2004 and 2007, we have conducted audits of approximately 82% of the total number of suppliers eligible for audit, and plan to audit the remainder during 2008.

RISKS
EXAMPLES OF LEGAL/ REGULATORY/ COMPLIANCE RISKS Adverse outcome of litigation and/ or government investigations and risk of insufficent insurance coverage Difficulties in obtaining and maintaining regulatory approvals for new products Failiure to observe any continueing regulatory oversight	EXAMPLES OFINDUSTRY/ ECONOMICENVIRONMENT RISKS Expiration of patents or marketing exclusivity Patent litigation and early loss of patents, marketing exclusivity or trademarks Expiration or earlier loss of patents covering competing products Failiure to obtain patent protection Impact of fluctuations in exchange rates debt-funding arrangements Owning and opperating a biologics and vaccines business Competition, price controls and price reductions Taxation Substantial product liability claims Performance of new products Environmental/ occupational health and safety liabilities Developing our business in emerging markets Product counterfeiting	EXAMPLES OF BUSINESS EXECUTION RISKS R&D's failiure to yield products that achieve commercial success Unsuccess strategic business alliances Reliance on third party suppliers Failiure to manage a crisis Product launch delay IT and outsourcing dependence Productivity initatives