Oriola has specified the company’s risk management model, principles, organization and process in the Risk management policy. The Group’s risk management seeks to identify, measure and manage risks that may have an adverse or beneficial impact on Oriola’s operations and achievement of the set goals. Additionally the Group has a Code of conduct policy and a Treasury policy covering compliance and financial risks.
Oriola´s risks are classified as strategic, operational and financial. Risk assessment and management are kay elements in the strategic planning, operations and daily decision making in the company.
Oriola operates in a strictly regulated pharmaceuticals distribution and dispensing sector. Regulation covers all aspects of handling pharmaceuticals, and the company is regularly audited by the medical agencies and pharmaceutical companies in each operating country. The exact processes and procedures are documented and validated.
The main trends impacting Oriola’s business environment are increased spending on health and well-being, growth in specialty pharmaceuticals, the efforts to control the growth in the costs of the public healthcare, and the digitalization of the retail trade and services.
Oriola has identified the following principal strategic and operational risks that can have an adverse impact on the results of the company:
- Changes in the pharmaceutical market regulation, pricing and public reimbursement;
- Increased competition through growing number of pharmacies and companies in pharmaceutical and health product e-commerce;
- Decreasing share of single channel distribution in public healthcare, and
- Loss of several key pharmaceutical company agreements.
The main financial risks for Oriola involve currency rate, liquidity, interest rate and credit risks. Changes in the value of the Swedish krona has an impact on Oriola’s net sales, earnings and consolidated statement of financial position. Changes in cash flow forecasts can cause goodwill write-off. Financial risks are discussed more in detail in the Financial Statements of Oriola-KD Corporation.
Near terms risks and uncertainty factors
Oriola’s strategic development projects involve operational risks which may have an effect on Oriola’s profitability. Group wide strategic projects ongoing in 2017-2018 include the implementation of a new ERP and warehouse management system (SAP), and the extension and automation of the Enköping distribution center.
The Board of Directors of Oriola Corporation guides and supervises the planning and implementation of risk management. The Board-appointed Audit Committee supervises risk management in the Group.
The President and CEO of Oriola, and the Group Management Team have the operative responsibility for risk management, which is organized in the Business Areas and in the Group Function, and covers risk assessment process and mitigation actions and tools like Group insurance portfolio. Risk management is an integral part of the strategy process, governance and management system.
The risk management process
- Risk identification
- Evaluation of likelihood of occurrence
- Evaluation of the consequences by estimating the possible financial loss
- Inclusion of the risk in the strategic planning
- Follow-up in the operative management system and in the yearly planning
Risk and internal control systems connected with financial reporting
The internal control and risk management systems related to Oriola’s financial reporting aim to ensure the reliability of the company's financial statements and financial reporting, as well as the company's compliance to legislation and generally approved accounting principles.
The Board of Directors and the President and CEO have the overall responsibility for organizing the internal control and risk management systems pertaining to financial reporting. The responsibility for the accounting and administration, as well as the implementation of the Group Accounting Policy has been centralized into an organization under the CFO.
Oriola Group follows the International Financial Reporting Standards (IFRS) approved for application within the European Union. Instructions and accounting principles for financial reporting are collected in an accounting manual that is updated as soon as standards change, as well as in the financial department's instructions that are followed in all Group companies. The CFO and the Group accounting and reporting organization is responsible for following and keeping up to date with financial statement standards, upholding the principles concerning financial reporting and distributing information about these to the business units.
Measurement and follow-up
The performance of the Group is monitored in the Business Area specific Operational reviews and in the Group Management Team with monthly reports. The financial situation of the Group is also monitored in the meetings of the Board of Directors. The Audit Committee and the Board of Directors approve the interim reports and financial statements before their publication. Monitoring of the monthly reports also ensures the effectiveness of the internal supervision. The evaluations contain balances and analyses, which are compared with previous periods, forecasts and various economic indicators.
Internal control forms an essential part of the company's governance and management systems. It covers all of the Group's functions and organisational levels.
The purpose of Oriola’s internal contol system is to support the implementation of the Group strategy and to ensure compliance with rules and regulations. The company’s internal control is based on a Group structure, in which the Group’s operations are organised into Business Areas and Group functions.
Group functions issue Group-level guidelines and monitor the compliance thereto. The guidelines cover such areas as authorisations, accounting, reporting, financing, investments and business principles. An important area of internal control system is the Access control to Group’s systems for accounting and financial transaction handling, as well as processes for maintenance of system Master data. All new instructions and guidelines are published on the company’s internal website and staff members can provide feedback to the management and anonymously report any questionable activities through the company intranet.