Compliance & auditing

Ensuring and auditing compliance with our policies and standards is a critical part of good corporate governance and risk management.

Our Global Compliance organisation leads the development of global frameworks and programmes designed to drive best practice in compliance and support effective management of the highest compliance risks facing the business. This includes:

  • focusing our efforts on key compliance risk areas
  • communicating clear policies to employees
  • improving compliance behaviours through effective training and support
  • ensuring employees can raise concerns and that they will be properly addressed
  • ensuring fair and objective investigations of possible policy breaches
  • monitoring and auditing compliance with policies working with Group Internal Audit
  • providing key stakeholders with assurance and effective reporting of key issues

These priorities are closely aligned to AstraZeneca’s strategic priorities and reflect our drive to strengthen our efforts for oversight at all levels of our business, including risk management relating to third parties, anti-bribery and anti-corruption.

Global Compliance has local and functional compliance officers across the company who help to implement compliance programmes within their geography or functional area. These officers work within the business to promote compliance with our policies and standards through effective training, monitoring, auditing and enforcement processes. They have direct reporting lines into Global Compliance.

Global Compliance work closely with Group Internal Audit (GIA) and both functions separately provide assurance reporting to the Audit Committee.

SHE Compliance

Our SHE performance is regularly monitored and managed through a range of assurance programmes, including the Integrated SHE & Security audit programme, the SHE reporting system; an annual management review; through which sites and functions conduct a self-assessment of performance; and AstraZeneca’s global continuous assurance system that is used by senior management to identify, manage and resolve breaches of AstraZeneca Policy.
AstraZeneca operates a global SHE reporting system through which business areas and facilities communicate accidents, incidents and progress against our global performance metrics. We also benchmark our performance with other companies.

During 2013, we continued our rolling risk-based programme of internal audits that focus on the performance of local facilities, regions and functions against our policies, standards and programmes relating to safety, health & environment (SHE) and security aspects of our CR agenda. Specific protocols help to guide auditors in this work, which is a critical component of our performance assessment. Co-ordinated by our global SHE team, trained accredited auditors are drawn from across the organisation to perform the audits on a risk-based programme established annually. This schedule reflects the individual risk profile of particular facilities and functions, management changes, timing and other considerations.
20 such audits were conducted in 2013 (28 in 2012). Audit results confirm that our local operations are effectively managing SHE and security risks and maintaining compliance with internal and external requirements. They also highlighted areas for attention and continued improvement, including driver safety and understanding of security management requirements Audit findings are reported to the function or facility senior management and specific action plans are established to resolve any findings in a timely manner. Progress against action plans is continually tracked and reviewed. The audit programme is designed to both evaluate performance against internal and external requirements and to share learning in a way that fosters continuous improvement across the organisation.

Group Internal Audit

Our Group Internal Audit (GIA) function is an independent assurance and advisory function that reports to and is accountable to the Audit Committee. GIA's budget, resources and programme of audits are approved by the Audit Committee on an annual basis and the findings from its audit work are reported to and are discussed at each meeting of the Audit Committee. A core part of the audit work carried out by GIA includes assessing the effectiveness of selected aspects of AstraZeneca’s risk control framework, including the effectiveness of other assurance and compliance functions within the business.

Audit Committee

The Audit Committee, a committee of the AstraZeneca Board, currently comprises five Non-Executive Directors. In addition to the reports it receives from GIA, the Audit Committee also regularly receives reports from the Global Compliance function, the Financial Controls and Compliance Group, the external auditor and from management on a range of financial reporting, risk, governance, compliance and business areas. Among other things, the Audit Committee reviews and reports to the Board on the overall framework of internal controls and is responsible for promptly bringing to the Board’s attention any significant concerns about the conduct, results or outcome of internal audits. The Audit Committee also regularly receives reports relating to calls made by employees to our ethics helplines.

External SHE compliance

In 2013, our facilities were associated with 12 warnings from regulatory authorities relating to environmental permits, with one resulting in a fine of $6,600.

Category 2009 2010 2011 2012 2013
(Successful legal action taken in a civil court against AstraZeneca)
0 0 0 0 0
Enforcement actions
(Any formal enforcement proceedings by a regulator that requires the Company to do, or not do, something)
1 1 0 1 0
Regulatory warnings and alerts
(Written communication from a regulator, stating that the Company may be out of compliance with an applicable requirement)
0 6 2 8 12


We occasionally receive complaints from members of the public in relation to our operations. Each one is investigated and, where possible, issues are resolved. No complaints were received in 2013.

  2009 2010 2011 2012 2013
External complaints 1 0 1 1 0


No significant spills occurred from our facilities in 2013.

Go back to...

Next section

Governance & management

Read about how we identify, prioritise & manage the issues relating to our business that affect our stakeholders.

Read more

Code, policies & standards

Everyone at AstraZeneca is required to be aware of, and conduct their activities in accordance with our Code of Conduct.

Read more
Katerina Ageborg, Chief Compliance Officer

Trust in AstraZeneca is built on all employees acting with integrity in everything that they do on a daily basis – and feeling able to raise any concerns about possible breaches.

Katarina Ageborg, Chief Compliance Officer

Global SHE audit