Share Price:

Managing risks

Risk governance

During the year the Board reviewed its risk appetite in detail. It classified the principal risks in the business into risks that:

  • are innate to the pharmaceutical business, the skilful management of which provides us with our economic return
  • are inherent in our strategy, which we believe are worth taking, but in a selective and controlled manner 
  • for which we have little or no appetite and which we try to minimise or avoid altogether 

This risk appetite, which also sets out expected mitigation approaches and risk limits, will be reviewed and updated annually, is the foundation of the ERM and shapes the detailed approaches to risk management within the businesses.

The risk governance framework which was approved by the Board during the year is summarised in the chart to the right. On behalf of the Board, the Audit Committee oversees Hikma’s risk management framework in the context of its responsibilities for internal control and bi-annually reviews the strategic risks facing the Group. The risk framework provides further detail on the monitoring, mitigation and control processes for each of the principal risks and includes a risk owner, who is a designated senior executive with Group level responsibilities in each area. The risk owners take into account the Group risk appetite as part of their consideration of risk events and report to the Executive Committee. The Audit Committee also reviews business and operational risks with the internal and external Auditorss which arise through the audit work that they perform, including risk interviews with all executive management.



Board of Directors
  • Define Group’s risk appetite annually
  • Review Hikma’s key principle risks annually
  • Establish risk governance framework and ensure Audit Committee is capable of fulfilling its role
Audit Committee
  • Report to the Board on the effectiveness of risk management framework and internal control policies annually
  • Review of the risk management consolidated report bi-annually
  • Review the external communications and disclosures bi-annually
Executive Management/Group Risk Committee
  • Review the consolidated risk management report bi-annually and update the Audit Committee
  • Review significant emerging risks

ERM Lead (Chief Strategy and Corporate

Development Officer)

  • Co-ordinate communications between global risk owners, Executive Committee and Audit Committee
  • Prepare consolidated risk management report and submit it to Audit Committee and Executive Management Committee bi-annually
  • Validate and challenge identified risks as received by the global risk owners
  • Work with related parties on the risk management external communications and disclosures for the Annual Report
  • Update risk management framework annually
Global Risk Owners
  • Co-ordinate risk management activities across the regions
  • Submit a risk management status update report to the enterprise risk management lead bi-annually
  • Implement the risk management process and identify, assess and manage risks within the business
Regional Risk Owners
  • Submit a risk management status update report to the global risk owner bi-annually
  • Implement the detailed risk management processes in the operations and mitigate and manage risks within their respective regions as part of their day to day operations
Internal Audit
  • Provide objective assurance and opinion of the effectiveness of Hikma’s risk management and internal control systems

Principal risks

During the year the Board also conducted a detailed review of all the principal risks in the businesses, looking in detail at the nature and scale of the risks being taken and the mitigation approaches. The Board considers that it is possible that more than one principal risk could escalate at any one point in time. It was satisfied that these risks are being managed appropriately and consistently with the target risk appetite.

The Group faces risks and uncertainties that could have a material impact on its earnings and ability to trade in the future. These principal risks are set out below.

Risk and description

Mitigation and control

Product quality

Executive responsibility: Senior Vice President for Technical Affairs

  • Situations resulting in poor manufacturing and processes quality of products have the potential to lead to:

- Harm to end users, manufacturing personnel and the environment resulting in liability and reputational issues

- Regulatory action that could result in the closure of facilities and consequential loss of opportunity and potential failure to supply obligations

- Delayed or denied approvals for new products

- Product recalls

  • Global quality programme which leads the manufacturing processes in all sites
  • The 11 FDA approved facilities are regularly assessed by the regulator
  • Documented procedures are continuously improved and staff receive training on those procedures on a regular basis
  • Global quality issues team with extensive experience of implementing corrective action when issues arise
  • Global product liability insurance and crisis management team
  • Adopt a “quality by design” approach for all of our manufacturing facilities
  • Continued environment and health certifications

API sourcing

Executive responsibility: Director of Corporate API & Strategic Sourcing

  • API and raw materials represent one of the Group’s largest cost components. As is typical in the pharmaceuticals industry, a significant proportion of the Group’s API requirements is provided by a small number of API suppliers
  • There is a risk that it will not be possible to secure or maintain adequate levels of API supplies in the future
  • Regulatory approval of a new supplier can be lengthy and supplies may be disrupted if the Group is forced to replace a supplier which failed to meet applicable regulatory standards or terminated its arrangements with the Group
  • Maintaining alternative API suppliers for each of the Group’s products, where possible
  • API suppliers are carefully selected and the Group endeavours to build long-term partnerships with exclusive supply
  • The Group has a dedicated plant in Jordan that can synthesise strategic and difficult to procure injectable APIs where appropriate
  • Utilising supply chain models to maintain adequate API levels

MENA & emerging markets

Executive responsibility: Head of MENA

  • Hikma operates in MENA and emerging markets which have high levels of political and social instability as well as economic and regulatory fluctuations that can result in a wide variety of business disruptions in those markets for a substantial period of time
  • Geographic diversity reduces the impact of issues arising in one jurisdiction with extensive experience of operating in these environments and developing opportunities from change
  • Strong regulatory team that proactively monitors possible regulatory changes
  • Building and nurturing local business relationships whilst upholding the highest ethical standards
  • Monitoring and reviewing economic developments

New Product Pipeline

Executive responsibility: VP of Corporate Development and VP of Active Pharmaceutical Ingredients

  • A significant proportion of Group profits derive from a relatively small number of higher margin products
  • Internal marketing and business development departments monitor and assess the market for arising opportunities
  • Expansive global product portfolio with increased focus on high value products
  • Experienced internal regulatory teams developing products and overseeing joint venture activities
  • Product related acquisitions (e.g. acquisition of Roxane)
  • Third party pharmaceutical product specialists are assisting in the development of manufacturing processes for new generic products where the patent has recently expired
  • Strong R&D teams that are assisted centrally in the implementation and management of projects

Industry earnings

Executive responsibility: Divisional Business Heads

  • The dynamics of the generic pharmaceutical industry includes numerous volatile elements such as regulatory interventions, drug approval patterns, competitor strategies and pricing that are difficult to anticipate and may affect profitability
  • Operating in wide range of countries, products and therapeutic areas
  • Diversification of manufacturing capability and capacity
  • Active product life cycle and pricing management in the MENA region
  • Identify market opportunities and develop appropriate pricing strategies whilst responsibly applying price charges in the US


Executive responsibility: Chief Strategy and Corporate Development Officer

  • The Group strategy is to pursue value adding acquisitions to expand the product portfolio, acquire manufacturing capabilities and expand in existing and emerging markets. There is risk of misjudging key elements of an acquisition or failing to integrate the assets, particularly where they are distressed
  • An acquisition of a large-scale target may entail financing-related risks and operating expenses and significantly increase the Group’s leverage if financed with debt
  • The mergers and acquisitions team undertake extensive due diligence of each acquisition, including legal, financial, compliance and commercial, and utilise multiple valuation approaches in assessing target acquisition value 
  • Executive Committee reviews major acquisitions before they are considered by the Board
  • The Board is willing and has demonstrated its ability to refuse acquisitions where it considers the price is too high
  • Dedicated integration project teams are assigned for the acquisition, which are led by the business head responsible for proposing the opportunity. Following the acquisition of a target, the finance team, the management team and the Audit Committee closely monitor its financial and non-financial performance
  • A variety of funding options are available to the Group to finance acquisitions


Executive responsibility: Chief Compliance Officer

  • The pharmaceutical industry and certain MENA markets are considered to be higher risk in relation to sales practices. Improper conduct by employees could seriously damage the reputation and licence to do business
  • Board level – Compliance, Responsibility and Ethics Committee 
  • Code of Conduct approved by the Board, translated into seven languages and signed by all employees
  • ABC compliance programme monitored by the CREC
  • 2,200 employees received ABC compliance training in 2014 and in 2015
  • Sales and marketing and other ABC compliance policies and procedures are created, updated and rolled out
  • Active participation in international anti-corruption initiatives (e.g. PACI, UN Global Compact)


Executive responsibility: Chief Financial Officer

  • The Group is exposed to a variety of financial risks similar to most major international manufacturers such as liquidity, exchange rates, tax uncertainty and debtor default
  • Extensive financial control procedures have been implemented and are assessed annually as part of the internal audit programme
  • A network of banking partners is maintained for lending and deposits
  • Management monitors debtor payments and takes action where necessary
  • Where it is economic and possible to do so, the Group hedges its exchange rate and interest rate exposure
  • Management obtains external advice to help manage tax exposures and has upgraded internal tax control systems

Legal, intellectual property and regulatory

Executive responsibility: General Counsel

  • The Group is exposed to a variety of legal, IP and regulatory risks similar to most relevant major international industries such as litigation, investigations, sanctions and potential business disruptions
  • Expert internal departments that enhance policies, processes, embed compliance culture, raise awareness and train staff
  • First class expert external advice is procured to provide independent services and ensure highest standards
  • Board of Directors and management provide leadership and take action as necessary

Information technology

Executive responsibility: Chief Information Officer

  • If information and data are not adequately secured and protected (data security, access controls), this could result in:

- Increased internal/ external security threats

- Compliance and reputational damages

- Regulatory and legal litigation in case of failure to manage personal data

- Reduced information accountability due to limited sensitive data access controls

  • Utilise appropriate levels of industry-standard information security solutions for critical systems
  • Continue to stay abreast of cyber-risk activity and, where necessary, implement changes to combat this
  • Improved alignment between IT and business strategy

Organisational growth

Executive responsibility: Corporate VP of HR and MENA Operations

  • The fast growing pace of the organisation carries the inherent risk to maintaining adequate talent acquisition strategies, organisational structure and or/management processes that serve the changing needs of the organisation. In turn, this may affectother risks within the Company 
  • Keeping our organisation structures and accountabilities under review, and maintaining the flexibility to make changes smoothly as requirements change
  • Employ HR programmes that attract, manage and develop talent within the organisation
  • Continuously upgrade management processes that meet so that they become and remain the standard of a global company of our size


Executive responsibility: VP of Corporate Strategy and Investor Relations and VP of Communications

  • Reputational risk inescapably arises as a by-product of other risk and from taking intricate business decisions. However, we view our reputation as one of our most valuable assets, as risks facing our reputation may affect our ability to conduct core business operations
  • Monitor the internal and external sources that might signal reputational issues
  • Sustain corporate responsibility and ethics through transparent reporting and compliance with global best practices (e.g. GHG emissions, UN Global Compact)
  • Respond quickly and conscientiously to any issue that threatens our reputation, and maintain access to world class expertise that can help us in this respect

Case study – Roxane acquisition due diligence

The Roxane acquisition was almost ten times larger than any previous acquisition undertaken. The Board focused significant effort on reviewing the due diligence for the acquisition and the management team divided the process into seven functional work streams with significant internal and external resource.



- Review of seller financial information

- Testing of Roxane financial procedures

- Review of auditor records


- Hikma Finance & Strategy

- Deloitte

- EY

- PwC



- Creation of Hikma individual product forecasts

- Scenario testing for all products including pipeline delays and price variation

- Operational costs and synergy assessment


- Hikma Executives, Finance, Sales, Strategy and Regulatory

- Hyman, Phelps and McNamara Parexel

- Winston and Strawn



- Review of all material commercial agreements

- Reflected in acquisition sale and purchase agreement

- Consideration of potential anti-trust issues


- Hikma Legal

- Arnold and Porter

- Slaughter and May

- White and Case



- Review of organisational structure and potential liabilities


- Hikma Tax and Legal



- Review of FDA correspondence logs

- Testing of launch date estimates

- Review of filing strategy and notices


- Hikma Sales, Quality and Regulatory

- Hyman, Phelps and McNamara Parexel

- Winston and Strawn



- Site visit including testing of quality control

- Review of US FDA site records


- Hikma Executives, Quality and Regulatory



- Receipt of full presentation from Roxane management

- Detailed transitional services arrangements

- Hikma and Roxane key person assessment

- Review of HR and IT systems


- Hikma Executives, HR and IT

Risk management

During 2015, the Group began consolidating several different strands of its risk management activity into an integrated approach. This ‘Enterprise Risk Management’ (ERM) framework summarised on page 53 is a pragmatic and consistent approach to identifying, calibrating and reporting on risks throughout the organisation; gauging changes in the Group’s risk profile; and balancing risk-taking with mitigation and control.

In addition to providing consistent approaches to measurement, the ERM framework specifies a risk owner, responsible for detailed oversight and management of each of the principal risks in the business, and guides these risk owners on the approach they should take to monitoring, mitigation and control for each type of risk. The Board delegated responsibility for implementing this framework to Bassam Kanaan, the Chief Strategy and Corporate Development Officer (CSCDO). The CSCDO is assisted by the Group Risk Committee and guided by the risk appetite set by the Board. We envisage that the framework will be fully operational during the course of 2016.

The risk management practices operated by the executive are designed to meet this requirement. The risk owners are all senior executives who have significant daily interaction with and reporting lines to members of the Executive Committee, which is responsible for controlling situations that arise, irrespective of the risk category.