THANK YOU FOR SUBSCRIBING
2020 was a year that saw the expectations of society towards companies become more important than ever before, and no industry has been under the spotlight more than the health sector. With a global health emergency reliant on a pharmaceutical solution, public trust in the health sector is beginning to grow, according to the Edelman Trust Barometer 2021.
As the Covid-19 pandemic continues to change the very fabric of society, the role companies play within society has shifted. As we can overcome the crisis only together, communities are now looking to companies for guidance and leadership, for reassurance and resilience, and for purpose and protection. This presents a unique opportunity for business to engage in a more transparent dialogue with the public in order to build trust and facilitate greater cooperation between the public and private sectors.
So what does it take to be a trusted organization, and what role does a company’s approach to risk management play? It all starts by establishing an integrated ethics, risk management, and compliance ecosystem that puts people first and embraces innovation.
Step 1: A Holistic Approach to Risk Management
First, having a clear and solid risk and compliance framework is non-negotiable. For any global company, resilience in challenging times is directly related to the early detection of risks and the ability to mitigate, monitor, and remediate them. Implementing an effective and efficient compliance system relies on associate’s awareness of the company’s risk exposure and understanding of their role and responsibility in managing them. Adopting a balanced-risk mindset in embedding an enterprise-wide integrated risk management approach enables an organization to respond to threats and crises with a united approach, ensuring business continuity.
Risk owners at Novartis have to measure risks appropriately and take care that reporting and escalation protocols are working as intended. Controls, which are used to identify, manage and respond to risks, ensure that this is possible. The “One Novartis Control Environment” program, created in collaboration between risk, internal audit and finance functions, enables a transparent and consistent process for the design, approval and lifecycle management of controls – ultimately supporting the business to detect and prevent non-compliance.
Step 2: Collaboration with Independence
Speaking of collaboration, strong collaboration with key functions, including finance and internal audit functions, is paramount.
At Novartis, we have introduced “integrated assurance”, which includes close cross-functional collaboration, exchange of information, and strong alignment on assurance quality and methodology, whilst respecting the independence of internal audit. In partnering with internal audit, risk and monitoring functions can leverage forward-looking insights to support the business with informed decision-making. Furthermore, this partnership paves the way for providing assurance and advice on risks and opportunities to organizational management and the Board.
"It all starts by establishing an integrated ethics, risk management, and compliance ecosystem that puts people first and embraces innovation"
This collaboration is enhanced by a Three Lines of Defense model, where business management and process owners are ultimately responsible for the risks created by their units and processes as the first line of defense. They are supported by the second line of defense–the risk management and compliance functions–who ensure the enterprise-wide framework for managing risk is in place. This second line of defense assumes responsibility for measuring risks and ensuring risk owners are doing their jobs in accordance to the framework and that risks are measured appropriately, risk limits are respected, and that reporting and escalation protocols are working effectively. Finally, the third line of defense provides independent assurance that the first and second lines are functioning effectively. This third line is, of course, an internal audit.
Only when these three lines are working collaboratively, with maintained independence, can we be sure of the effectiveness of the risk and compliance program.
Step 3: Measure Maturity and Effectiveness
Measuring the effectiveness of compliance programs has been a topic of much discussion for many years, with some arguing that it is not even possible to do so. When it comes to truly understanding the maturity of compliance programs in global organizations, we must look beyond counting cases of misconduct - which unfortunately will always occur in organizations despite robust compliance programs. Instead, we can understand progress on assurance levels and the company culture based on hard data, which organizations are constantly gathering in all relevant dimensions of a compliance program, including culture measurement surveys.
We use data to solve business questions, provide insights, and enhance our assurance efforts across Novartis. We are leveraging technology and digital platforms to standardize and simplify processes, removing barriers for our associates in order to enable compliance.
Embracing data and decision science to shape our environment leads us to think innovatively and brings us to a place where we can harness behavioral science to shape our culture and support associates in doing what’s right.
Step 4: Embed a Culture of Ethics to Enable Effective Risk Management
While policies, guidelines, controls and incentives have an important place in any organization, they will only be effective if they are supported by the right ecosystem and ethical climate. Smart risk taking, supported by robust governance and controls, will only truly be successful when applied in a culture that’s committed to doing what’s right from an ethical standpoint.
An organization’s code of ethics should act as the “moral constitution”, with principles and commitments covering the purpose and risks of the company. In 2020, Novartis launched a new code of ethics, crowd
sourced by thousands of associates. Within it are 22 commitments that cover key risk areas and opportunities, and four principles that guide our associates in making the right decisions when they encounter difficult situations or ethical challenges in the course of their work.
Underpinned by behavioral science, the Novartis code of ethics and supporting resources (including an interactive ethical decision-making framework) challenges unconscious biases, and asks all associates to be bold, be open, be honest and be accountable when making decisions.
Ultimately, a holistic approach to risk management and a strong compliance ecosystem must be enabled by a culture of good ethics. When all of these elements are in place, we can have confidence in our ability to deliver for our patients and to do what’s right for society.