2016 Integrated Report

Risk management

Risk management at Pelion is focused on identifying potential events which might affect the Group's operations, maintaining risks below pre-defined limits and ensuring delivery of the business strategy.

Risk management objectives are defined, classified and communicated on an ongoing basis. They are in particular:

Pelion's risk management policy is based on the COSO II methodology. There are direct relations between the objectives (i.e. what Pelion intends to achieve) and components of its enterprise risk management (i.e. what is necessary to achieve them). Enterprise risk management is important for the entire organisation and its individual units. This is reflected in the third dimension of the cube containing Pelion's organisational units.

In line with the COSO II methodology, such relations are presented in the form of a three-dimensional matrix (cube).

Enterprise risk management process at Pelion

Risk management

zarzadzanie ryzykiem
The first line of defence
  • Management of Pelion's organisational units
  • Operational Staff
The second line of defence
  • Risk Committee
  • Risk Management Officer
  • Other Risk Management process owners
The third line of defence
  • Internal audit

The Supervisory Board of Pelion S.A. (Audit Committee)

supervises the enterprise risk management process. It assesses the risk management system for completeness in terms of policies and procedures related to supervision, risk aggregation and quantification, reporting and monitoring.

The Management Board of Pelion S.A.

is responsible for enterprise risk management, including supervision and monitoring of measures taken, as well as effective risk response and transparent reporting lines.

The enterprise risk management process at Pelion provides for three mutually independent lines of defence:

The first line of defence

supported by risk owners (at operating units) through risk management at a level of the operating unit or process, following the defined procedures of risk management, risk identification and assessment, as well as risk response. The first line of defence involves the internal functional control function, ensuring that risk control activities are applied and legal regulations are complied with.

The second line of defence

supported, in line with a model, by risk management process owners (the Risk Committee, Risk Management Officer, as well as owners of the compliance, quality assurance, information security, physical security, controlling, monitoring and debt collection processes) through development and updating of risk management procedures, ensuring risk management consistency with Pelion's strategy, assistance to risk owners and coordination of their actions (support in designing and developing risk control and management processes), identification of trends in synergies and opportunities, and serving as a liaison between the first and third lines of defence. The second line of defence, currently being developed, is intended to form the risk management system, including methods, tools, process and organisation.

The third line of defence

supported by the Internal Audit department through monitoring of risk management and independent assessment of the risk management adequacy.

Risk identification consists in indicating such events that will affect the implementation of the strategy and achievement of objectives. In identifying risk, management considers internal and external factors, potential risks or opportunities, in the context of the entire organisation. Risk factors are identified at the Management Board level of the Pelion companies.

Risk assessment allows the organisation to analyse to what extent potential events may affect the achievement of objectives. In the first stage of assessment, the Management Boards of the Pelion companies analyse risk factors through the lens of inherent risk. Once responses to risk are defined, management analyses residual risk. Individual events should be analysed for their impact on:

  • finance,
  • reputation,
  • health, life and safety
  • environment.

All information on identified risks is aggregated and classified by business area, risk category, source, materiality and other criteria. In this way, the risk profile for the entire area of Pelion's business is determined.

In 2016, 62 processes were audited in the execution of 17 audit tasks at different Pelion family companies. The auditors issued 71 post-audit recommendations, upon which the companies developed appropriate remediation plans.

(for more information on the subject, refer to the Directors' Report o the operations of the Pelion Group in 2016, sections ‘Risk factors and threats’ and ‘Statement of compliance with corporate governance principles’).


  • Life and health

    Failure to maintain proper conditions of storage Certified quality systems; implemented systems of good distribution practices; logistics base meeting the most stringent safety standards for storage; regular quality audits
    Introduction of falsified products to trade Supplier verification system
  • Technology

    Loss of stability of IT systems; unauthorised access to confidential information on Patients and trade partners Protection of IT systems and data using best practice in IT security, by a dedicated Group company
  • Market

    Deterioration of market position / Strong price competition Flexible pricing policy integrated with continuous monitoring of competitors' prices; launch of new distribution channels
    Short supply of offered products Supply optimisation; minimum delivery requirements; long-term contracts with suppliers
    Loss of pharmacy locations Monitoring of lease rights to premises; long-term lease agreements
    Changes in the distribution model [Manufacturer, Wholesaler, Retailer] [Direct distribution (Manufacturer -> Retailer), Establishment of pharmacy GPOs Modern logistics service for manufacturers; communication platforms for procurement market participants; specialised logistics base supporting storage and transport of thermally unstable products
  • Regulatory

    Ban on advertising in pharmacies, threat to competitiveness Seeking legal advice; dialogue with market participants, including the regulator
    Threats to the chain's development: standards governing concentration on the wholesale and retail markets; concentration criterion for the pharmacy market [1%]

    Monitoring the concentration level; active participation in consultations on new statutory regulations applicable to the Group's business

    Appointment of Compliance Officer

    Conducting regular quality audits

    Protests against operations; loss of a licence/permit for specific activity
    Regulations on official prices and margins; the government's reimbursement policy Proactive inventory management; cooperation with manufacturers to limit potential losses resulting from discounts; compensation agreements
    Trade in medical devices threatened by supply shortages in Poland Proactive inventory management; cooperation with manufacturers to limit potential losses resulting from discounts; compensation agreements
  • Human resources

    Loss of key personnel Incentive schemes for employees, including development of a fringe-benefit system: drug insurance for employees, promotion of healthy lifestyles, medical care programme
    Violating employee and human rights Monitoring ethical aspects and analysing all issues reported to the Ethics Officer (e.g. mobbing, molestation, discrimination, violation of employee rights or employees' right to join organisations, or working hour schedules)
  • Financial


    Credit risk/liquidity risk

    1. Concentration of receivables from a single customer relative to the Company's assets
    2. Incorrect assessment of a customer's creditworthiness
    1. Regular monitoring of the share of receivables from a single customer in total assets; definition of thresholds
    2. Constant monitoring of payments, written and telephone reminders, analysis of balances and amounts of receivables due supported by IT tools
    3. Implementing a limit-driven procedure for trade credit risk management at the decision-making level, defining the timing and conditions of granting/increasing a trade credit limit
    4. Implementing credit limits into the sales system, system protections preventing sales in excess of relevant trade credit limits
    5. Activities of a Group company dedicated to credit risk management
    No access to capital; loss of financing Cashpooling arrangements within the Group; diversification of credit facilities
  • Intellectual property theft

    Unlawful appropriation of R&D results Patent protection of R&D results on the Polish, European and global markets. Data protection and limiting key personnel turnover.
  • Social

    Nuisance to local communities, leading to disputes or conflicts (e.g. noise or excessive traffic)

    Monitoring local communities' opinions, analysis of complaints and opinions, taking remedial measures.

    Undertaking social outreach initiatives compensating the adverse effect of nuisances.

    Abuse, corruption, bribery

    Compliance with the Code of Ethics and the procedures for preventing unethical behaviour.

    Internal audit and monitoring of areas particularly at risk.

  • Environmental


    Inventory and waste management:

    1. Improper storage of inventories of raw and other materials and finished goods, posing a threat of chemical leakage
    2. Improper management of waste, including in particular expired drugs, posing a threat of chemical leakage
    3. Improper waste sorting
    4. Failure to comply with obligations imposed on an entity which introduces packaging to the market (waste packaging)

    Inventory storage procedures and monitoring system.

    Cooperation only with reliable waste management companies which guarantee and are able to document proper methods of waste management or disposal.

    Cooperation only with established package recycling organisations that guarantee reliable delivery of recovery confirmation documents.