During 2007, our Global Compliance Officer (a new position, reporting directly to the Chief Executive Officer, appointed in late 2006) formed a new Global Compliance function whose work is focused on four priority areas: driving the implementation of a Global Compliance programme that addresses the highest compliance risks facing the business; streamlining our governance processes to ensure clear accountabilities within the business as well as among our governance functions; reviewing all our codes and policies to ensure they are fit for purpose in providing clear guidance at every level, and providing training for employees in key compliance risk areas. Global Compliance led the review of our Code of Conduct in 2007 and is managing the planned training programme for the new Code, due to start in 2008.
Global Compliance works closely with the new Group Public Affairs function in setting the CR agenda and with the Global Compliance Committee, whose role is to oversee and co-ordinate implementation of an effective global compliance programme and evaluate its effectiveness. A network of regional, local and functional compliance officers across the Company also helps to implement the Global Compliance programme within their geography or functional area. These compliance personnel work within the business to promote compliance with our policies and standards through effective training, monitoring, auditing and enforcement processes.
Auditing is critical to our understanding of the areas in which we are doing well, and those where further improvement is needed. Audits are also a useful opportunity for managers to discuss any practical difficulties they face in interpreting our global commitment at a local level, which can help to inform the ongoing development of our management frameworks.
Our Group Internal Audit function (GIA) is an independent assurance and advisory function, reporting to the Board, that reviews, among other things, the effectiveness of AstraZeneca’s risk, governance and compliance framework, including the work and independence of other audit and compliance functions in the Company. GIA also conducts reviews looking at compliance with laws, regulations and Group policies. In 2007, GIA focused on a combination of core assurance areas (including compliance) as well as the effectiveness of risk management processes and activities in several key areas including Information Security, Outsourcing and selected third parties with which the Company works.
Number of internal facility audits
During 2007, we continued our rolling programme of Internal Facility Audits, which are co-ordinated by our global Safety Health and Environment (SHE) group and which focus on the performance of local facilities and regions against our policies, standards and programmes relating to the safety, health, wellbeing, environment, security, diversity, and local community aspects of our CR agenda. Specific protocols help to guide auditors in this work, which is a critical component of our performance assessment, and 26 such audits were conducted in 2007 (18 in 2006). We also implemented a number of improvements to the audit process following a review in 2006. These included an improved action tracking procedure and the introduction of regular quarterly reviews to monitor progress and identify any trends. Whilst it is difficult to draw general conclusions from such a broad-ranging programme, our audit results during the year confirm that our local operations are effectively managing SHE and security risks and maintaining compliance with internal and external requirements. There continue to be areas where further improvement is required, including driver safety and change management.
The AstraZeneca Audit Committee, a committee of the AstraZeneca Board, which consists of three Non-Executive Directors, reviews GIA audit findings and other key items reported through management. Among other things, the Audit Committee reviews and reports on the overall framework of internal controls, and has a responsibility to bring promptly to the Board’s attention any significant concerns about the conduct, results or outcome of internal audits. The Audit Committee also oversees the Global Code of Conduct helpline.
The content of this page was externally assured by Bureau Veritas, February 2008
|