Share Price:

Managing the uncertainties

Risk governance

The Board is ultimately responsible for developing and maintaining the Group’s risk management and internal control systems. During the year, the Board continued to review the Group’s risk appetite in detail. Following this review, our principal risks are categorised into risks:

  • that are innate to the pharmaceutical business, the skilful management of which provides us with our economic returns
  • that are inherent in our strategy, which we believe are worth taking, but in a selective and controlled manner
  • for which we have little or no appetite and which we try to minimise or avoid altogether

This risk appetite, which also sets out expected mitigation approaches and risk limits, is reviewed and updated annually, forms the foundation of the Enterprise Risk Management (ERM) framework and shapes the detailed approaches to risk management within the businesses.

Our risk governance framework, as approved by the Board, is summarised in the table to the right. On behalf of the Board, the Audit Committee oversees Hikma’s risk management framework in the context of its responsibilities for internal control, bi-annually reviews the material risks facing the Group and is updated in response to changes in both the internal and external environment. The risk framework provides further detail on the monitoring, mitigation and control processes for each of the identified principal risks and includes a designated senior executive with Group level responsibilities in each area. The designated senior executive takes into account the Group’s risk appetite as part of their consideration of risk events and report to the Executive Committee. The Audit Committee also reviews business and operational risks with the internal and external auditors which are identified through the audit work that they perform, including risk interviews with all executive management.



Board of Directors
  • Define the Group’s risk appetite annually
  • Review Hikma’s principal risks and uncertainties annually
Audit Committee
  • Assesses the effectiveness of the risk governance framework together with the internal control procedures and reports to the Board
  • Reviews management’s bi-annual risk management report
  • Reviews the external communications and disclosures bi-annually
Executive Management/Group Risk Committee
  • Develops the consolidated risk management report
  • Reviews significant emerging risks

Chief Risk Officer
(Chief Strategy and Corporate Development Officer)


  • Co-ordinates communication between the global risk owners, the Executive Committee and the Audit Committee
  • Prepares the consolidated risk management report and submits it to the Audit Committee and Executive Management Committee bi-annually
  • Validates and challenges the identified risks as received bythe designated senior executive
  • Works with relevant parties on the risk management external communications and disclosures for the Annual Report
  • Updates the risk management framework annually
Designated Senior Executive
  • Co-ordinates risk management activities across the regions
  • Submits a risk management status update report to the Chief Risk Officer bi-annually
  • Implements the risk management processes and identifies, assesses and manages risks within the business
Designated Regional Officer
  • Submits a risk management status update report to the designated senior executive bi-annually
  • Implements the detailed risk management processes in operations and mitigates and manages risks within their respective regions, as part of their daily operations
Internal Audit
  • Provides objective assurance and opinion of the effectiveness of Hikma’s risk management and internal control systems

Principal risks

During the year the Board also conducted a detailed review of all the principal risks in the businesses, looking in detail at the nature and scale of the risks being taken and the mitigation approaches. The Board considers that it is possible that more than one principal risk could escalate at any one point in time. It was satisfied that these risks are being managed appropriately and consistently with the target risk appetite.

The Group faces risks and uncertainties that could have a material impact on its earnings and ability to trade in the future. These principal risks are set out below, although the contents of this table are not deemed as an exhaustive list of all the risks and uncertainties the Group faces.

Risk and description

Mitigation and control

Product quality
  • Situations resulting in poor manufacturing and processes have the potential to lead to:
    • Product efficacy and safety issues affecting patients and manufacturing personnel resulting in liability and reputational issues
    • Regulatory action that could result in the closure of facilities and consequential loss of opportunity and potential failure to supply obligations
    • Delayed or denied approvals for new products
    • Product recalls
  • Global implementation of quality systems that guarantee valid consistent manufacturing processes leading to the production of quality products
  • The 11 FDA approved facilities are regularly assessed by the regulator
  • Documented procedures are continuously improved and staff receive training on those procedures on a regular basis
  • Continued environment and health certifications
API sourcing
  • API and raw materials represent one of the Group’s largest cost components. As is typical in the pharmaceuticals industry, a significant proportion of the Group’s API requirements is provided by a small number of API suppliers
  • There is a risk that it will not be possible to secure or maintain adequate levels of API supplies in the future
  • Regulatory approval of a new supplier can be lengthy and supplies may be disrupted if the Group is forced to replace a supplier which failed to meet applicable regulatory standards or terminated its arrangements with the Group
  • Maintaining alternative API suppliers for the Group’s top strategic products, where possible
  • API suppliers are carefully selected and the Group endeavours to build long-term supply contracts
  • The Group has a dedicated plant in Jordan that can synthesise strategic injectable APIs where appropriate
  • Utilising supply chain models to maintain adequate API levels
MENA & emerging markets
  • Hikma operates in MENA and emerging markets which have high levels of political and social instability as well as economic and regulatory fluctuations that can result in a wide variety of business disruptions in those markets for a substantial period of time
  • Geographic diversity reduces the impact of issues arising in one jurisdiction with extensive experience of operating in these environments and developing opportunities
  • Strong regulatory team that proactively monitors possible regulatory changes
  • Building and nurturing local business relationships whilst upholding the highest ethical standards
  • Monitoring, analysing and reacting to economic developments, on short, medium and long-term bases
New Product Pipeline
  • A sizeable proportion of Group revenues and profits derive from a number of strategic products. Failure to maintain a healthy product pipeline will affect the ability of the Group to generate business and limits the ability to provide differentiated products to patients and customers
  • Internal marketing and business development departments monitor
    and assess the market for arising opportunities
  • Expansive global product portfolio with increased focus on high value and differentiated products
  • Experienced internal R&D teams developing products and overseeing joint venture activities 
  • Product related acquisitions (e.g. acquisition of West-Ward Columbus)
  • Third party pharmaceutical product specialists in addition to strong R&D teams are assisting in the development of manufacturing processes for new generic products. Both are assisted centrally in the implementation and management of projects
Industry earnings
  • The dynamics of the generic pharmaceutical industry include numerous volatile elements such as political action, societal changes, regulatory interventions, drug approval patterns, competitor strategies and pricing that are difficult to anticipate and may affect profitability, goodwill and impairment
  • Operating in wide range of countries, products and therapeutic areas
  • Diversification of manufacturing capability and capacity
  • Active product life cycle and pricing management in the MENA region
  • Compliantly identify market opportunities and develop appropriate pricing strategies whilst responsibly applying price changes in the US
  • The Group strategy is to pursue value adding acquisitions to expand the product portfolio, acquire manufacturing capabilities and expand in existing and emerging markets. There is risk of misjudging key elements of an acquisition or failing to integrate the assets, particularly where they are distressed
  • An acquisition of a large-scale target may entail financing-related risks and operating expenses and significantly increase the Group’s leverage
    if financed with debt
  • The mergers and acquisitions team undertake extensive due diligence of each acquisition, including legal, financial, compliance and commercial, and utilise multiple valuation approaches in assessing target acquisition value
  • Executive Committee reviews major acquisitions before they are considered by the Board
  • The Board is willing and has demonstrated its ability to refuse acquisitions where it considers the price or risk is too high
  • Dedicated integration project teams are assigned for the acquisition, which are led by the business head responsible for proposing the opportunity. Following the acquisition of a target, the finance team, the management team and the Audit Committee closely monitor its financial and non-financial performance
ABC compliance
  • The pharmaceutical industry and certain MENA and emerging markets are considered to be higher risk in relation to sales practices. Improper conduct by employees could seriously damage the reputation and licence to do business
  • Board level – Compliance, Responsibility and Ethics Committee (“CREC”)
  • Code of Conduct approved by the Board, translated into seven languages and signed by all employees
  • ABC compliance programme monitored by the CREC
  • Over 5,000 employees have received ABC compliance training
  • Sales and marketing and other ABC compliance policies and procedures are created, updated and rolled out and are subject to regular audits
  • Active participation in international anti-corruption initiatives (e.g. PACI, UN Global Compact)
  • Strengthening US compliance operations in line with business expansion
  • Conducting legally privileged internal compliance audits
  • The Group is exposed to a variety of financial risks similar to most major international manufacturers such as liquidity, exchange rates, tax uncertainty and debtor default. In addition, most of the other risks could have a financial impact on the Group
  • Extensive financial control procedures have been implemented and are assessed annually as part of the internal audit programme
  • A network of banking partners is maintained for lending and deposits
  • Management monitors debtor payments and takes precautionary measures and action where necessary
  • Where it is economic and possible to do so, the Group hedges its exchange rate and interest rate exposure
  • Management obtains external advice to help manage tax exposures and has upgraded internal tax control systems
Legal, intellectual property and regulatory
  • The Group is exposed to a variety of legal, IP and regulatory risks similar to most relevant major international industries such as changes in laws, regulations and their application, litigation, governmental investigations, sanctions, contractual terms and conditions and potential business disruptions
  • Expert internal departments that enhance policies, processes, embed compliance culture, raise awareness
  • Train staff and provide terms to mitigate or lower contractual risks where possible
  • First class expert external advice is procured to provide independent services and ensure highest standards
  • Board of Directors and executive management provide leadership and take action
Information technology
  • If information and data are not adequately secured and protected (data security, access controls), this could result in:
    • Increased internal/external security threats
    • Compliance and reputational damages
    • Regulatory and legal litigation
  • Utilise industry-standard information security solutions and best practice process for local and Group requirements
  • Continue to stay abreast of cyber-risk activity and, where necessary, implement changes to combat this
  • Alignment of IT and business strategy
  • Working with strategic third parties to implement and maintain a robust Group wide information security programme
Human resources and organisational growth
  • Changes in employment laws pose constant risks. The fast growth of the organisation poses risks to management processes, structures and talent that serve the changing needs of the organisation. In turn, this may affect other risks 
  • Employ HR programmes that attract, manage and develop talent within the organisation
  • Keeping our organisation structures and accountabilities under review, and maintaining the flexibility to make changes smoothly as requirements change
  • Continuously upgrade management processes so that they become and remain at the standards of a global company
  • Reputational risk inescapably arises as a by-product of other risks and from taking complex business decisions. However, we view our reputation as one of our most valuable assets, as risks facing our reputation may affect our ability to conduct core business operations 
  • Monitor the internal and external sources that might signal reputational issues
  • Sustain corporate responsibility and ethics through transparent reporting
    and compliance with global best practices (e.g. GHG emissions, UN Global Compact)
  • Maintain strong communication and corporate affairs capabilities
  • Establishing partnerships and programmes to limit misuse of Hikma products

Case study – Roxane acquisition due diligence

The Roxane acquisition was almost ten times larger than any previous acquisition undertaken. The Board focused significant effort on reviewing the due diligence for the acquisition and the management team divided the process into seven functional work streams with significant internal and external resource.



- Review of seller financial information

- Testing of Roxane financial procedures

- Review of auditor records


- Hikma Finance & Strategy

- Deloitte

- EY

- PwC



- Creation of Hikma individual product forecasts

- Scenario testing for all products including pipeline delays and price variation

- Operational costs and synergy assessment


- Hikma Executives, Finance, Sales, Strategy and Regulatory

- Hyman, Phelps and McNamara Parexel

- Winston and Strawn



- Review of all material commercial agreements

- Reflected in acquisition sale and purchase agreement

- Consideration of potential anti-trust issues


- Hikma Legal

- Arnold and Porter

- Slaughter and May

- White and Case



- Review of organisational structure and potential liabilities


- Hikma Tax and Legal



- Review of FDA correspondence logs

- Testing of launch date estimates

- Review of filing strategy and notices


- Hikma Sales, Quality and Regulatory

- Hyman, Phelps and McNamara Parexel

- Winston and Strawn



- Site visit including testing of quality control

- Review of US FDA site records


- Hikma Executives, Quality and Regulatory



- Receipt of full presentation from Roxane management

- Detailed transitional services arrangements

- Hikma and Roxane key person assessment

- Review of HR and IT systems


- Hikma Executives, HR and IT

Risk management

During 2016, the Group focused on embedding the Enterprise Risk Management (“ERM”) framework. Hikma operates in diverse and dynamic markets which are subject to great levels of uncertainty and the ERM framework is an integral part of our business as it provides for a pragmatic and consistent approach to identifying, calibrating and reporting on risks throughout the organisation; gauging changes in the Group’s risk profile; and balancing risk-taking with mitigation and control.

In addition to providing consistent approaches to measurement, the ERM framework specifies the designated senior executive responsible for detailed oversight and management of each of the principal risks in the business and guides them on the approach they should take to monitor, mitigate and control each type of risk. All senior executives have the significant daily interaction with reporting lines to members of the Executive Committee, which is responsible for controlling situations that may arise, irrespective of the risk category.