The contents of this page are reviewed and updated regularly in the second quarter of each year or when necessary.
Identifying, analysing and responding appropriately to business risks and opportunities is vital to attaining Roche’s business objectives, protecting the interests of stakeholders and meeting legal requirements.
Managing risk and opportunities
The Roche Risk Management Policy describes our approach for managing material risks – the possibility that an event will occur and adversely affect the achievement of Roche’s objectives.
Risk Management is an integral part of the group’s business practice on all levels of the Roche group. Risk Management includes:
- analysis and evaluation of risks,
- the appropriate response,
- tracking and reporting of risks to provide assurance regarding the achievement of objectives.
On Roche Group level this is formalised in the Group Risk Management Process, where Divisional and Group functions and business areas assess risks and develop plans for the most material ones identified. This happens in parallel to the development of the business plans.
A consolidated Group Risk Report is then discussed and approved together with the business plan by the Corporate Executive Committee and reviewed by the Board of Directors.
This process is overall supported by Group Risk Advisory, which is responsible for the necessary alignment, co-ordination and development of Group Risk Management. Continuous improvement is applied to the Group Risk Management Process through stakeholder feedback and maturity measurement, and when appropriate external reviews.
In addition Group Risk Advisory is coordinating / consolidating various risk management activities across the organisation including training and risk awareness activities. Risk management trainings include customised trainings for line management and Risk Managers (including a mandatory online training). There are further trainings including classroom and online trainings that are available for employees. Additionally, upon request Risk Awareness workshops are conducted for functions and regions and Roche Affiliates can receive risk management training to establish their own Risk Management process. These activities also focus on identification and management of risks as well as opportunities.
Also under the lead of Group Risk Advisory, a Risk Forum was kicked off in 2014 to create a cross functional network to explore new ways to raise risk awareness across the organisation. This has evolved into a Risk & Opportunity Alliance (ROAD) which conducts innovation dialogues/workshops to address complex topics which have a cross functional/divisional significance.
Beside Group Risk Advisory many other 2nd lines of controls perform risk management activities and trainings (e.g. Healthcare Compliance, Medical Compliance, Safety, Health & Environment (SHE), Quality, Procurement, Pharma Global Technical Operations, etc.). In addition many cross-functional risk activities occur within Roche, a few of which are described below as examples.
Financial Risk Management within the Group is governed by policies reviewed by the Board of Directors. Policy implementation and day-to-day Risk Management are carried out by the treasury functions and regular reporting on these risks is performed by the relevant accounting and controlling functions.
Crisis Management, where every subsidiary of the Group have established Emergency Management teams, with corresponding alarm and escalation procedures and authority to act quickly in the event of a crisis. Also, at Roche Group level there is a Roche Emergency Management Organisation and Support (REMOS), supporting Local Emergency Management when needed. These teams comprise operational line management with appropriate authority and they rehearse different crisis scenarios regularly.
A risk-based compliance management approach was developed in 2013 for one of the regional organisations to target compliance efforts to areas most at risk. A Compliance & Risk Management Office has been established to address specific risks in the procurement area.
Safety, Security, Health and Environmental risks are managed by Group SHE. A comprehensive bottom-up approach is used to identify and assess all SHE risks which are consolidated in a risk inventory and integrated into the Roche GRR.
Product Development continues to apply a consistent methodology for identification and management of risks that could impact achievement of development projects.
Digital Media Risk and opportunities continue to be monitored and managed by a cross-functional group.
A group wide Business Continuity Programme aims to further strengthen our business continuity management (BCM) to ensure that all sites respond effectively to catastrophic events and deliver a minimum, acceptable level of key products and services. The respective Group BCM policy and guideline is in place, facilitating a consistent and aligned local implementation.
Business sustainability risks and opportunities
We consider Sustainability in a broader context to include three elements: society, the environment and economy. The three elements are interdependent. The Corporate Sustainability Committee is responsible for assessing social, environmental and ethical trends, which is done through the ‘Business Sustainability Risk Assessment’ process. Each year, emerging trends (including associated risks and opportunities) are identified from internal and external sources and are reviewed by selected internal stakeholder groups and the top 5 business sustainability trends are approved by the Corporate Sustainability Committee. These trends represent key areas where we would like to raise internal awareness so that the associated risks and opportunities can be considered as appropriate by our Roche Risk Managers in the respective Risk Assessment of their business unit. Since 2013 these Business Sustainability trends have been reported in the Roche Annual Report. This process continues to evolve and is reviewed by the Corporate Sustainability Committee annually.
These top 5 business sustainability trends and associated risks and opportunities are also shared with the Group Risk Managers involved with the Group Risk Management Process where they are then considered and if relevant included within scope of respective risk assessments. Mitigation of these business sustainability risks and opportunities are done at the business unit and/or group level as part of the Group Risk Management Process.
The 5 business sustainability trends identified for 2017 are:
- Technological Transformation: The accelerated technological transformation driven by the digital evolution demands innovation and allows to develop more effective and tailored solutions with the consequence to break into existing or even create new markets.
- Socioeconomic Shifts: Major shifts within global socioeconomic landscape: Increasing socioeconomic gap between rich and poor in major countries (Canada, France, Germany, Italy, Japan, UK, US); rising number of people living in urban areas resulting in physical growth of cities; growing share of population reaching middle-class income levels in emerging economies etc.
- Changing Climate: Change of climate, which is attributed directly or indirectly to human activity, that alters the composition of the global atmosphere, in addition to natural climate variability.
- Political Unrest: Inability to reach agreement on key issues within countries because of diverging or extreme values, political or religious views leading to increasing national sentiment among populations and political leaders affecting countries’ national and international political and economic positions.
- Shifting power:Shifting power from state to non-state actors and individuals, from global to regional levels, and from developed to emerging market and developing economies including changing landscape of global or regional institutions (e.g. UN, IMF, NATO, etc.), agreements or networks.
Using Technological Transformation and Changing Climate as examples you can see below how these are then developed into specific risks and opportunities at the level of the functions where specific mitigations are applied and managed.
For Technological Transformation
Trend descriptor: The accelerated technological transformation driven by the digital evolution demands innovation and allows to develop more effective and tailored solutions with the consequence to break into existing or even create new markets.
- Technological advances: Artificial intelligence, geo-engineering, synthetic biology, computing power, big data offering new opportunities and/or causing human, environmental and economic damage
- Disruptive innovation: Changes in business models, value chain as well as the operational processes
- Competition: New competitors/ new players (e.g. non-pharma, Google, etc.)
Opportunities Risks (Threats)
- Exploring new business models and markets
- Engaging in new strategic partnerships with companies from different industries and expanding innovation capabilities
- Increasing automation, productivity and efficiency (e.g. faster innovative clinical trial design, improved ability to measure safety and efficacy of a drug)
- On-demand patient interaction
- End-to-end process oversight (e.g. blockchain)
- New communication channels to support one brand experience (e.g. social media management)
- Inability or failure to compete in the digital health arena
- Challenges of integrating companies from different business areas
- Inefficiencies due to increased complexity of the technological landscape and interconnectivity
- Prohibited promotion to the public due to increased use of multiple social media channels
- Failure to position ourselves as an attractive employer
- Failure to attract people with right capabilities
- Regulation hindering technological developments
- Pharmacovigilance risks due to lack of reporting of side effects with potential fines or warning letters
Risk mitigating actions include the redesign and expansion of the previously established Digital Governance Network, now Digital Growth Network, which provides:
- Governance of external channels (web, social media, mobile apps)
- Roche Directive on Digital (to guide employees how to use digital media platforms in a responsible way)
- Digital Registry to ensure oversight of channels and ongoing monitoring of digital registry metrics
- Best practice sharing (e.g. at conferences such as Corporate Risk Minds and internal Knowledge Sharing Webinars such as the quarterly Digital Innovation Webinar with >1400 subscribed users and via an internal G+ Digital Innovation Group)
- In addition, the risks associated with technological transformation (e.g. digital evolution) are assessed and managed through the Group Risk Management process for each business unit and consolidated at the Group level.
Additional information on the trend, its potential impact and mitigating actions:
For Changing Climate
Trend descriptor: Change of climate, which is attributed directly or indirectly to human activity, that alters the composition of the global atmosphere, in addition to natural climate variability.
- Failure of climate-change mitigation and adaptation: pressure on governments and businesses to enforce or enact effective measures to mitigate climate change, protect populations and help businesses impacted by climate change to adapt
- Extreme weather events: major property, infrastructure and/or environmental damage as well as loss of human life caused by extreme weather events
- Natural disasters: major property, infrastructure and/or environmental damage as well as loss of human life caused by geophysical disasters such as earthquakes, volcanic activity, landslides, tsunamis, or geomagnetic storms
- Operational impact: organisational ability to operate as usual and to perform research, to develop, produce and supply drugs and diagnostic tests
Opportunities Risks (Threats)
- Positive reputation building of Roche as a sustainable organisation
- Nature interrupting supply of products (e.g. hurricanes)
- Pollution of the environment (e.g. ground water)
- Challenge of the existing SHE practices (e.g. employee safety)
- Challenge of the existing BCM practices
- Increasing pressure on the supply chain due to stricter regulations
The approach to climate change is embedded in Roche’s environmental footprint and is an integrated part of the daily business. Roche minimises its environmental footprint by improving environmental efficiency with innovation in its own operations; e.g.:
- Building 1, Basel, is a highly energy-efficient building, heated with waste heat and cooled with groundwater, while setting new energy performance standards with its efficient façade design and LED lighting.
- R&D location in Penzberg, Germany operates a tri-generation plant, generating heat, cooling and electricity at the same time. This represents an extremely efficient use of energy.
- Roche’s site in Pleasanton, USA fuel-cell co- generates electricity and heat in an environmental-friendly and efficient way.
- The risks associated with changing climate (e.g. natural disasters, supply chain interruption) are assessed and managed through the Group Risk Management process for each business unit and consolidated at the Group level.
Additional information on the trend, its potential impact and mitigating actions: