SustainabilityBusiness ethics & integrity Internal Audit and Risk Management System

The Internal Audit and Risk Management System is a structured and organic set of procedures and organisational structures aimed at preventing or limiting the consequences of unforeseen results and enabling the achievement of company objectives, compliance to legislation and regulations, and the correct and transparent disclosure of information both internally and to the market. Furthermore, this System enables the identification, measurement, management and monitoring of the main risks in order to promote the efficiency and efficacy of company processes, protect the value of the Group's activities, ensure the reliability and integrity of accounting and management information and ensure that transactions comply with all existing legislative measures.

The Internal Audit and Risk Management System is based on an Enterprise Risk Management (ERM) approach and consists of a structured risk management process, in line with the provisions of international best practices on the subject and in compliance with current legislation.  The aim of this System is to facilitate activities consistent with the company goals, promoting informed decisions and ensuring the efficiency and efficacy of internal processes, as well as the reliability of financial information. 

By updating a Company Risk Catalogue, the System enables identification, measurement and control of the level of exposure of all Group Companies to various risk factors, as well as the management of overall exposure, and envisages the implementation of control measures and procedures able to flag any anomalies.

The identification, assessment and management of corporate risks is based on an Enterprise Risk Management (ERM) approach and also includes non-financial risks related to the topics expressly specified by Italian Legislative Decree no. 254/2016. 
In particular, the principle non-financial risks identified by Recordati relate to:

  • Environmental management and safety in the workplace (e.g. damage caused by meteorological events and incidents, HSE risks -Health, Safety and Environment- and industrial incidents);
  • Management of personnel and workers’ rights (e.g. compliance with human rights, change in dimension of the organisational structure, loss of key resources, etc.);
  • Supply chain (e.g. inappropriate selection of suppliers and commercial partners, interruption of supply by critical suppliers, rights of the personnel involved etc.);
  • Compliance (e.g. fight against corruption, compliance with international quality standards and with legislation pertaining to drug detailing).
  • Product responsibility (e.g. product recalls and impacts on patients’ health).

The aforementioned risks were identified by the Group and classified as medium-low risk, in terms of residual risk, assessed in terms of the likelihood of an at-risk event and the impact of such an occurrence. In fact, in relation to such risks, the Group has adopted specific policies, management models and activities aimed at the mitigation of the same. 

A brief description of the principle non-financial risks identified by the Group and related to the material topics of the Recordati group, as well as the procedures in place for their management and mitigation, is given below: 

  • Environmental topics: the risks in this context predominantly relate to the production process. In particular, such risks concern those deriving from industrial incidents that may have serious consequences for people and the environment, with resulting impacts in terms of economics and corporate image. The management of these risk is above all required by the quality standards provided for by the sector in which the Group operates, compliance with which is represented by the environmental certificates obtained by the Group’s main production sites. Specific measures are represented by a preventative risk analysis carried out by specific and qualified personnel, an audit plan and plant maintenance activities to which significant financial resources are allocated on an annual basis. These measures enable the Group to drastically reduce its exposure to risks of this nature.
  • Topics linked to HR management: these risks concern the rights, health and safety of workers as well as their professional development. In relation to health and safety in the workplace, compliance with legislation is guaranteed by the respect for technical-structural standards relative to equipment, plants, work places and chemical, physical and biological substances, as well as organisational activities such as emergency management, first aid, tendering processes and periodic safety meetings, and consultations with workers’ safety representatives. Finally, health checks, information sessions and training activities for workers as well as a programme of internal audits and audits by third parties enable the Group to monitor and reduce risks in this context. In relation to workers’ rights, the principle risk identified concerns the size of the organisational structure in terms of the adequacy of resources and skills, as well as the risk of losing key resources. To deal with these risks, the Human Resources Department constantly monitors the size of the workforce within the various divisions and units of the Group. Furthermore, the Company employs a specific skills mapping process (the Group Performance Appraisal System), mapping both managerial and technical skills and enabling the identification at Group level of key resources, with an initial focus on Managers and then considering lower levels within the company.
  • Topics linked to the supply chain: although the Group operates in a highly regulated sector, certain risks relating to the procurement chain have been identified, including that of establishing relationships with suppliers that do not guarantee responsible procurement processes regarding human rights, environmental protection and safety in the workplace, and the risk of being unable to source adequate commercial partners and the lack of control over performance of outsourcing contracts. The Group confronts these risks through contractual clauses that define the mutual responsibilities of the parties, the use of consolidated and qualified suppliers in line with applicable technical standards, document audit activities and on-site inspections carried out by qualified personnel. In order to protect the rights of workers in the supply chain, termination clauses are included in company contracts for failure to comply with the company Code of Ethics. Furthermore, the use of an IT platform for supplier approval, allowing relevant documentation such as certificates and declarations to be gathered organically, which further reduces the risk of partnerships with suppliers that have unsuitable technical, ethical, conduct and sustainability profiles.
  • Compliance: within the scope of the compliance area, in addition to risks of committing offences against the Public Administration, these include risks related to failure to comply with international quality standards and legislation pertaining to drug detailing. To prevent non-compliance with the quality standards (Good Manufacturing Standards - GMP) that regulate chemical and pharmaceutical production activities, the Group has adopted a consolidated management model that provides for the implementation of Standard Operating Procedures and a dedicated quality control department. The model is periodically subject to inspection by national and international authorities, as well as commercial partners. Regarding medical scientific information, compliance is ensured by appropriate company procedures, by control activities conducted by independent bodies and internally by dedicated organisational departments, as well as by the continuous training of personnel on compliance with ethical standards and industry legislation. In order to promote increasingly transparent relations with the medical community and healthcare facilities, the Group's branches publicly disclose Value Transfers in relation to business meetings, consultancy and donations. Finally, the Anti-Bribery Manual also aims to promote correct conduct in the various activities relating to scientific information and more generally to relations with the medical community and the Public Administration, areas particularly exposed to corruption risk.
  • Topics relating to product responsibility: these refer to Product Liability risks with the potential need for product recalls, impacts on patient health and consequent economic or reputational impacts for the company (including the risk of demands for compensation as a result of side effects caused by products). For this reason, for a number of years now the Group has introduced specific quality control personnel that carry out specific product analyses in order to identify the “robustness” and reliability of the production processes. These professional figures, required by industry legislation, such as the “Qualified Person”, the “Quality Assurance Officer” and the “Quality Manager” are responsible for ensuring compliance with Good Manufacturing Practices envisaged by specific internal procedures and existing legislation. Further control measures related to the topics outlined above include inspections of the Group's production units by third party bodies, as well as the constant increase in authorisations held by the Group's pharmaceutical laboratories. 

During 2020, the Group renewed its focus not only on concrete actions to reduce environmental impacts but also on the topic of climate change more generally. The Group is aware of the fact that climate change can determine various types of risks, e.g. financial risks (due to the increased cost of energy), operational risks (due to an increase in extreme phenomena such as drought or flooding in the territories in which the Group operates), health risks (due to worsening atmospheric pollution) and finally reputational risks (due to the growing awareness of stakeholders and the communities in the territories in which the Group operates).