GSK Annual Report 2002
GSK Annual Report 2002
GSK Annual Report 2002
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
36 GlaxoSmithKline Corporate governance<br />
Having considered the Audit Committee reports on the<br />
effectiveness of controls, the Board believes that the system<br />
of internal controls provides reasonable although not absolute<br />
assurance against material misstatement or loss. The process<br />
accords with the guidance on internal control issued by the<br />
Turnbull Committee in 1999.<br />
The Audit Committee also keeps under review the scope and<br />
results of the external audit and the independence and objectivity<br />
of the external auditors. The Committee reviewed the nature and<br />
extent of non-audit services the external auditors provided during<br />
<strong>2002</strong> to ensure that the services were not so significant as to call<br />
into question the auditors’ independence from the Group. With<br />
effect from 1st January 2003 the Committee will pre-approve all<br />
non-audit services to be provided by the external auditors.<br />
The Corporate Social Responsibility Committee of the Board<br />
reviews, amongst other matters, external issues that have the<br />
potential for serious impact upon the Group’s business and<br />
reputation and as such forms part of the internal control<br />
framework.<br />
Management structure<br />
The Board has overall responsibility for ensuring that the Group is<br />
appropriately managed and achieves the strategic objectives agreed<br />
by the Board. To enable it to exercise this responsibility, the Board<br />
requires from management information concerning the business,<br />
including relevant information on risk exposures, internal controls<br />
and external developments. The CEO reports to the Board and is<br />
responsible for the management of the Group. To assist him in this<br />
task, the CEO has established the CET, which is not a Committee<br />
of the Board. Key functional activities and management sectors<br />
are represented on the CET.<br />
The internal control framework includes central direction, resource<br />
allocation, and risk management of the key activities of research<br />
and development, manufacturing, marketing and sales, legal,<br />
human resources, information systems, and financial practice. As<br />
part of this framework there is a comprehensive planning system<br />
with an annual budget approved by the Board. The results of<br />
operating units are reported monthly and compared to the<br />
budget. Forecasts are prepared regularly during the year. Extensive<br />
financial controls, procedures, self-assessment exercises and risk<br />
mitigation activities are reviewed by the Group’s internal auditors.<br />
Commercial and financial responsibility, however, is clearly<br />
delegated to local business units, supported by a regional<br />
management structure. These principles are designed to provide<br />
an environment of central leadership coupled with local operating<br />
autonomy as the framework for the exercise of accountability and<br />
control within the Group.<br />
The Group also attaches importance to clear principles and<br />
procedures designed to achieve appropriate accountability and<br />
control. A corporate policy, ‘Risk Management and Legal<br />
Compliance’, mandates that business units establish processes<br />
for managing risks significant to their businesses and the Group.<br />
In a number of risk areas, specific standards that meet or exceed<br />
requirements of applicable law have been established.<br />
Specialist audit and compliance groups (for example Corporate<br />
Environment, Health and Safety and Worldwide Regulatory<br />
Compliance) assist in the dissemination and implementation of<br />
and carry out audits of these standards.<br />
Risk Oversight and Compliance Council (ROCC)<br />
The ROCC is a council of senior executives authorised by the Board<br />
to oversee the risk management and internal control activities of<br />
the Group and to ensure that business units have designated<br />
managers to manage significant risks. Membership comprises<br />
several members of the CET and the heads of departments with<br />
internal control, risk management, audit, or compliance<br />
responsibilities. The ROCC’s responsibilities also include ensuring<br />
that regular analysis is carried out to identify gaps in internal<br />
controls and providing reports to the CET and Audit Committee in<br />
addition to the separate reports provided by individual internal<br />
control, audit, and compliance departments. A direct reporting line<br />
to the Audit Committee provides a mechanism for bypassing the<br />
executive management if irregularities are ever identified.<br />
The internal control framework relies on the ROCC, as well as<br />
sector and other business unit Risk Management and Compliance<br />
Boards (RMCBs), to help identify risks and to provide guidance to<br />
the risk management and compliance initiatives at the corporate<br />
and business unit levels. The ROCC meets regularly to review and<br />
assess significant risks and mitigation plans directed against those<br />
risks. The ROCC has developed the corporate policy referred to<br />
above and provided the business units with a framework for risk<br />
management and for reporting risks to management and the<br />
ROCC. Mitigation planning and identification of a manager with<br />
overall responsibility for management of any given risk is a<br />
requirement. While the ROCC oversees many of the risks deemed<br />
significant to GlaxoSmithKline, each RMCB oversees risks important<br />
to its business or function, thus increasing the number of risks that<br />
are actively managed across the Group. The ROCC is supported by<br />
the Corporate Ethics & Compliance department.<br />
Corporate Ethics & Compliance<br />
The Corporate Ethics & Compliance department is responsible for<br />
supporting the development and implementation of practices that<br />
facilitate employees’ compliance with laws and Group policy.<br />
The thrust of the Group’s compliance effort is due diligence in<br />
preventing and detecting misconduct and non-compliance with<br />
law or regulation by promoting ethical behaviour, compliance with<br />
all laws and regulations, corporate responsibility at all levels, and<br />
effective compliance systems. Compliance officers support the<br />
Group’s main operating sectors of R&D, Manufacturing,<br />
Pharmaceuticals, and Consumer Healthcare. The Corporate<br />
Compliance Officer chairs the ROCC, coordinates some of the<br />
risk management activities among the various compliance and<br />
audit functions across the Group, and provides summary reports<br />
on the ROCC’s activities and the Group’s significant risks to the<br />
Audit Committee on a regular basis.<br />
Areas of potentially significant risks<br />
Areas of potentially significant risk that are subject to regular<br />
reporting to and by the ROCC include the following. Further<br />
details of the risks affecting the Group may be found in Note 30<br />
to the Financial statements, ‘Legal proceedings’ and in<br />
‘Risk factors’ on pages 64 and 65.<br />
Human resources<br />
The legal requirements regarding discrimination and harassment,<br />
the integrity of the workforce, including pre-employment screening,<br />
and the control and use of contractors and temporary staff are<br />
risks inherent in a Group with over 100,000 employees.