Risk management is integrated into our system of governance for effective and proactive management at both operational and strategic level.

Today’s business environment is highly dynamic, volatile, and uncertain. In this context, agility and rigor in risk management are critical to fulfill our strategy. To achieve our purpose and strategy during such times, our on-going commitment to building a strong integrated assurance capability enabled us to make steady progress in managing our overall risk exposure.

Integrated assurance means a comprehensive and consistent taxonomy and accountability across the four dimensions of Governance, Risk Management, Compliance and Internal Controls, based on joint standards for all global functions and on the connection to our company strategy. These standards define the processes, systems and tools for identifying, assessing and managing our enterprise risks in a consistent and coordinated manner, with clear oversight and tracking on agreed remediation activities toward our target risk exposure.

Business man and woman disccusing during a meeting

Enterprise Risk Management

At Novartis, our continued success depends on our ability to proactively detect and manage risk. Therefore, risk management is an integral element of our Ethics, Risk and Compliance program. As part of our journey towards integrated assurance, we have established a solid process by connecting Enterprise Risk Management with Novartis’ strategy and integrating it with our internal control framework. team reimagined the way we approach risk management at Novartis, to connect it with our strategy of becoming a focused innovative-medicine company.
Close up of hands during a meeting

External Partner Risk Management (EPRM)

External Partner Risk Management (EPRM) program ensures that Novartis only engages with external partners who are capable and willing to comply with Novartis values and standards.