Risk management at Pelion is focused on identifying potential events which might affect the Group's operations, maintaining risks below pre-defined limits and ensuring delivery of the business strategy.
Risk management objectives are defined, classified and communicated on an ongoing basis. They are in particular:
Pelion's risk management policy is based on the COSO II methodology. There are direct relations between the objectives (i.e. what Pelion intends to achieve) and components of its enterprise risk management (i.e. what is necessary to achieve them). Enterprise risk management is important for the entire organisation and its individual units. This is reflected in the third dimension of the cube containing Pelion's organisational units.
In line with the COSO II methodology, such relations are presented in the form of a three-dimensional matrix (cube).
supervises the enterprise risk management process. It assesses the risk management system for completeness in terms of policies and procedures related to supervision, risk aggregation and quantification, reporting and monitoring.
is responsible for enterprise risk management, including supervision and monitoring of measures taken, as well as effective risk response and transparent reporting lines.
The enterprise risk management process at Pelion provides for three mutually independent lines of defence:
supported by risk owners (at operating units) through risk management at a level of the operating unit or process, following the defined procedures of risk management, risk identification and assessment, as well as risk response. The first line of defence involves the internal functional control function, ensuring that risk control activities are applied and legal regulations are complied with.
supported, in line with a model, by risk management process owners (the Risk Committee, Risk Management Officer, as well as owners of the compliance, quality assurance, information security, physical security, controlling, monitoring and debt collection processes) through development and updating of risk management procedures, ensuring risk management consistency with Pelion's strategy, assistance to risk owners and coordination of their actions (support in designing and developing risk control and management processes), identification of trends in synergies and opportunities, and serving as a liaison between the first and third lines of defence. The second line of defence, currently being developed, is intended to form the risk management system, including methods, tools, process and organisation.
supported by the Internal Audit department through monitoring of risk management and independent assessment of the risk management adequacy.
Risk identification consists in indicating such events that will affect the implementation of the strategy and achievement of objectives. In identifying risk, management considers internal and external factors, potential risks or opportunities, in the context of the entire organisation. Risk factors are identified at the Management Board level of the Pelion companies.
Risk assessment allows the organisation to analyse to what extent potential events may affect the achievement of objectives. In the first stage of assessment, the Management Boards of the Pelion companies analyse risk factors through the lens of inherent risk. Once responses to risk are defined, management analyses residual risk. Individual events should be analysed for their impact on:
All information on identified risks is aggregated and classified by business area, risk category, source, materiality and other criteria. In this way, the risk profile for the entire area of Pelion's business is determined.
In 2016, 62 processes were audited in the execution of 17 audit tasks at different Pelion family companies. The auditors issued 71 post-audit recommendations, upon which the companies developed appropriate remediation plans.
(for more information on the subject, refer to the Directors' Report o the operations of the Pelion Group in 2016, sections ‘Risk factors and threats’ and ‘Statement of compliance with corporate governance principles’).
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Failure to maintain proper conditions of storage | Certified quality systems; implemented systems of good distribution practices; logistics base meeting the most stringent safety standards for storage; regular quality audits |
Introduction of falsified products to trade | Supplier verification system |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Loss of stability of IT systems; unauthorised access to confidential information on Patients and trade partners | Protection of IT systems and data using best practice in IT security, by a dedicated Group company |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Deterioration of market position / Strong price competition | Flexible pricing policy integrated with continuous monitoring of competitors' prices; launch of new distribution channels |
Short supply of offered products | Supply optimisation; minimum delivery requirements; long-term contracts with suppliers |
Loss of pharmacy locations | Monitoring of lease rights to premises; long-term lease agreements |
Changes in the distribution model [Manufacturer, Wholesaler, Retailer] [Direct distribution (Manufacturer -> Retailer), Establishment of pharmacy GPOs | Modern logistics service for manufacturers; communication platforms for procurement market participants; specialised logistics base supporting storage and transport of thermally unstable products |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Ban on advertising in pharmacies, threat to competitiveness | Seeking legal advice; dialogue with market participants, including the regulator |
Threats to the chain's development: standards governing concentration on the wholesale and retail markets; concentration criterion for the pharmacy market [1%] |
Monitoring the concentration level; active participation in consultations on new statutory regulations applicable to the Group's business Appointment of Compliance Officer Conducting regular quality audits |
Protests against operations; loss of a licence/permit for specific activity | |
Regulations on official prices and margins; the government's reimbursement policy | Proactive inventory management; cooperation with manufacturers to limit potential losses resulting from discounts; compensation agreements |
Trade in medical devices threatened by supply shortages in Poland | Proactive inventory management; cooperation with manufacturers to limit potential losses resulting from discounts; compensation agreements |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Loss of key personnel | Incentive schemes for employees, including development of a fringe-benefit system: drug insurance for employees, promotion of healthy lifestyles, medical care programme |
Violating employee and human rights | Monitoring ethical aspects and analysing all issues reported to the Ethics Officer (e.g. mobbing, molestation, discrimination, violation of employee rights or employees' right to join organisations, or working hour schedules) |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Credit risk/liquidity risk
|
|
No access to capital; loss of financing | Cashpooling arrangements within the Group; diversification of credit facilities |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Unlawful appropriation of R&D results | Patent protection of R&D results on the Polish, European and global markets. Data protection and limiting key personnel turnover. |
RISK DESCRIPTION | MITIGATION MEASURES |
---|---|
Inventory and waste management:
|
Inventory storage procedures and monitoring system. Cooperation only with reliable waste management companies which guarantee and are able to document proper methods of waste management or disposal. Cooperation only with established package recycling organisations that guarantee reliable delivery of recovery confirmation documents. |
Social
Monitoring local communities' opinions, analysis of complaints and opinions, taking remedial measures.
Undertaking social outreach initiatives compensating the adverse effect of nuisances.
Compliance with the Code of Ethics and the procedures for preventing unethical behaviour.
Internal audit and monitoring of areas particularly at risk.