Compliance & auditing
Ensuring and auditing compliance with our policies and standards is a critical part of good corporate governance and risk management.
Our Global Compliance organisation leads the development of global frameworks and programmes designed to drive best practice in compliance and support effective management of the highest compliance risks facing the business. This includes:
- focusing our efforts on key compliance risk areas
- communicating clear policies to employees
- improving compliance behaviours through effective training and support
- ensuring employees can raise concerns and that they will be properly addressed
- ensuring fair and objective investigations of possible policy breaches
- monitoring and auditing compliance with policies working with Group Internal Audit
- providing key stakeholders with assurance and effective reporting of key issues
These priorities are closely aligned to AstraZeneca’s strategic priorities and reflect our drive to strengthen our efforts for oversight at all levels of our business, including risk management relating to third parties, anti-bribery and anti-corruption.
Global Compliance has local and functional compliance officers across the company who help to implement compliance programmes within their geography or functional area. These officers work within the business to promote compliance with our policies and standards through effective training, monitoring, auditing and enforcement processes. They have direct reporting lines into Global Compliance.
Global Compliance work closely with Group Internal Audit (GIA) and both functions separately provide assurance reporting to the Audit Committee.
Our SHE performance is regularly monitored and managed through a range of assurance programmes, including the Integrated SHE & Security audit programme, the SHE reporting system; an annual management review; through which sites and functions conduct a self-assessment of performance; and AstraZeneca’s global continuous assurance system that is used by senior management to identify, manage and resolve breaches of AstraZeneca Policy.
AstraZeneca operates a global SHE reporting system through which business areas and facilities communicate accidents, incidents and progress against our global performance metrics. We also benchmark our performance with other companies.
Internal facility audits
During 2012, we continued our rolling risk-based programme of internal audits that focus on the performance of local facilities, regions and functions against our policies, standards and programmes relating to safety, health & environment (SHE) and security aspects of our CR agenda. Specific protocols help to guide auditors in this work, which is a critical component of our performance assessment. Co-ordinated by our global SHE team, trained accredited auditors are drawn from across the organisation to perform the audits on a risk-based programme established annually. This schedule reflects the individual risk profile of particular facilities and functions, management changes, timing and other considerations.
19 such audits were conducted in 2012 (26 in 2011) in our small molecule pharmaceuticals business and 9 at biologics facilities. Audit results confirm that our local operations are effectively managing SHE and security risks and maintaining compliance with internal and external requirements. They also highlighted areas for attention and continued improvement, including driver safety and understanding of security management requirements.
Audit findings are reported to the function or facility senior management and specific action plans are established to resolve any findings in a timely manner. Progress against action plans is continually tracked and reviewed. The audit programme is designed to both evaluate performance against internal and external requirements and to share learning in a way that fosters continuous improvement across the organisation.
Group Internal Audit
Our Group Internal Audit (GIA) function is an independent assurance and advisory function that reports to and is accountable to the Audit Committee. GIA's budget, resources and programme of audits are approved by the Audit Committee on an annual basis and the findings from its audit work are reported to and are discussed at each meeting of the Audit Committee. A core part of the audit work carried out by GIA includes assessing the effectiveness of selected aspects of AstraZeneca’s risk control framework, including the effectiveness of other assurance and compliance functions within the business.
The Audit Committee, a committee of the AstraZeneca Board, currently comprises five Non-Executive Directors. In addition to the reports it receives from GIA, the Audit Committee also regularly receives reports from the Global Compliance function, the Financial Controls and Compliance Group, the external auditor and from management on a range of financial reporting, risk, governance, compliance and business areas. Among other things, the Audit Committee reviews and reports to the Board on the overall framework of internal controls and is responsible for promptly bringing to the Board’s attention any significant concerns about the conduct, results or outcome of internal audits. The Audit Committee also regularly receives reports relating to calls made by employees to our ethics helplines.
External SHE compliance
In 2012, our facilities were associated with 8 warnings from regulatory authorities relating to environmental permits. One fixed penalty fine relating to SHE compliance was imposed during 2012.
(Successful legal action taken in a civil court against AstraZeneca)
(Any formal enforcement proceedings by a regulator that requires the Company to do, or not do, something)
|Regulatory warnings and alerts
(Written communication from a regulator, stating that the Company may be out of compliance with an applicable requirement)
We occasionally receive complaints from members of the public in relation to our operations. Each one is investigated and, where possible, issues are resolved. In 2012 one complaint was received relating to excessive noise.
AstraZeneca did not have any spills in 2012 that met the GRI's definition of "Significant Spills". GRI defines significant spills as all spills that are included in the reporting organisation's financial statement (e.g. due to resulting liabilities) or recorded as a spill by the reporting organisation.
Go back to...
Governance & management
Read about how we identify, prioritise & manage the issues relating to our business that affect our stakeholders.Read more
Code, policies & standards
Everyone at AstraZeneca is required to be aware of, and conduct their activities in accordance with our Code of Conduct.Read more