All organizations face a variety of risks at both strategic and operational levels. Some risks are beyond an organization’s immediate control. Each risk has a certain likelihood of occurrence and potential impact, including impact on people, equipment or property, the environment, reputation or business.
Novartis aims to systematically identify and assess these risks. We manage risks proactively by implementing preventive and contingency measures to reduce the likelihood of an event occurring and the severity of its consequences.
The two most important tools for Health, Safety and Environment (HSE) and business continuity risk management are risk portfolios and audits. In addition, a business continuity management process is an integral part of the Novartis risk management framework for business-related risks.
The HSE and business continuity management risk portfolios are based on a bottom-up approach. Novartis Group company sites have local risk portfolios, which are consolidated by each division, then combined at Novartis Group level into corporate HSE and business continuity management risk portfolios. Action plans to reduce risks have been established and implemented; and progress is monitored on site, division and Group levels.
Novartis HSE and business continuity management audits help increase HSE and business continuity awareness, improve understanding of the Novartis HSE and business continuity management systems, and achieve continual improvement at audited sites and divisions.
Business strategies are based on the assumption that business will continue within certain boundaries. Any risk that could significantly disturb this may affect our organization's ability to meet the needs of our customers and patients, and to fulfill our business objectives.
We have developed a business continuity management framework to anticipate incidents that could affect mission-critical functions and processes, ensuring responses are structured and rehearsed. This program significantly strengthens our ability to avoid disruptions and interruptions to our business. The framework is as follows:
We identify the potential triggers leading to an interruption of key activities and analyze how long their consequences last.
Preventive and risk-minimization measures are applied accordingly.
We develop continuity plans for the remaining risks in order to ensure business resumes in a timely fashion.