Procurement Risk Management


Our suppliers are business partners with expertise and capabilities that we use to enable us to deliver medical solutions to address the needs of our patients and benefit society.

Roche’s Procurement Risk Management assesses supplier risk on a routine basis to ensure continuity of supply. To do so, we ensure that our suppliers continue to meet Roche’s requirements and standards (e.g. K15 Directive, Quality Standards, Roche Supplier Code of Conduct) throughout the lifecycle of the engagement.

Our Supplier Risk Process

Identify, Analyze, Treat, Review, Repeat

The Roche Risk Management methodology provides the foundation for Supplier Risk Management.


Roche Supplier Inherent Risk Score


Procurement Supplier Risk Classifications

We have two classifications for high risk suppliers who must undergo our most robust supplier risk management processes: Priority Risk and Sustainability Risk.

Priority Risk: Priority Risk suppliers are those who are critical to the production of Roche medicines and diagnostics, those with whom we do a high volume of business, or those who pose a high risk to human life, safety, health, or the environment. These suppliers are audited pursuant to the requirements of Roche’s K15 Directive.

Sustainability Risk: Sustainability Risk suppliers pose a risk to the human rights of Vulnerable Populations; or are at risk for corruption; or other high governance or economic risk. These suppliers are audited pursuant to the requirements of Roche’s Policy on Third Party Spend and Supplier code of Conduct.

Risk Assessment Cycle

We assess a supplier’s risk:

  • Before we enter into a relationship;
  • During an existing Supplier relationship where there is a significant change in the nature of the engagement, or where a new engagement with an existing Supplier significantly differs from a previous engagement, for example:
    • The Supplier will perform the activities in a new geography (e.g. relocation of the manufacturing site)
    • The Supplier performs a new or different type of activity for which it has not been risk assessed;
    • Key contractual terms and conditions have been changed or amended with a potential impact on the business risk to Roche
  • During any existing engagement where there is significant change in the Supplier’s performance.

We tailor our risk management approach to the supplier and the type of risk present. This means that certain high risk suppliers are assessed more frequently.

Supplier Sustainability Assurance Visit Program

Supplier compliance with the Roche Supplier Code of Conduct can be measured through Procurement’s Supplier Sustainability Assurance Visit (SSAV) program.

The SSAV Process

Roche works with third party auditors to perform onsite audits to measure supplier compliance with our Sustainability Principles.


Roles and Responsibilities

Supplier Sustainability Assurance Visits are collaborative. Our auditors are SA8000 certified and Corrective Action Plans are mutually agreed upon. Roche wants to ensure that you meet our Sustainability Principles and we will help you get there.


In 2020, we conducted 846 audits of global suppliers and service providers and many further ones at local suppliers. We audited global as well as local suppliers and service providers.

We conducted 60 Supplier Sustainability Assurance Visits and SHE audits worldwide. 20 visits were made in the direct spend area (goods that go directly into production) and 40 at service providers. The main findings related to health & safety, management systems, and quality.

In 2020, 38 supplier audit reports and self-assessment questionnaires were shared under the Pharmaceutical Supply Chain Initiative (PSCI) program.

Roche Supplier Audits

At Roche, audit type needed is determined based on the service or good provided and the associated risk. Three expert functions provide supplier audits: Group SHE; Global Procurement; and Quality. Each function maintains its own supplier audit program. The three functions meet quarterly to harmonize audit schedules and reduce the burden on suppliers.


Roche works with our suppliers to bring them into compliance with our standards.

However, if after attempts have been made to bring the supplier into compliance and the supplier remains unable to meet Roche’s minimum requirements, we will reconsider the engagement with that supplier, up to and including termination of the relationship.

2020 Roche Supplier Audits

Total Supplier Audits 846
Quality Supplier Audits 368
SHE Supplier Audits 12
IT 418