RISK CONTROL AND MANAGEMENT
Grifols’ risk control and management system applies to all companies that make up the group, including subsidiaries.
The company’s risk control and management policy aims to provide greater security to patients, donors, employees, shareholders, clients, suppliers and other stakeholders, through the prevention, control and management of the risks to which Grifols is exposed. The risk control and management policy is developed and complemented with specific policies.
Approval of the company’s risk control and management policy is among the responsibilities of Grifols’ Board of Directors.
For its part, the Audit Committee supervises the efficiency of the risk control and management system, including regular assessments. The Internal Audit Department supports the Audit Committee in these functions. At the same time, the senior management team oversees the risk management process by identifying and evaluating relevant risks and determining appropriate responses, taking into account the potential business impact, costs and benefits.
By establishing and enforcing these norms and control procedures, Grifols aspires to cultivate an atmosphere of strict and constructive control throughout the organization in which all employees fully understand their roles and obligations.
MAIN RISK FACTORS
- Regulatory risks: arising from regulatory changes or from changes in social, environmental or tax regulations
- Market risks: relating to the exposure of the results and Grifols’ equity to changes in market prices and variables, such as exchange rates, interest rates, prices of raw materials, prices of financial assets and others
- Credit risks: the possibility that counterparty fails to perform its contractual obligations and produces an economic or financial loss for the company
- Business risks: uncertainty regarding the performance of key variables inherent in the Grifols’ business: such as demand, supply of raw materials and new competitive products
- Operational risks, related to direct or indirect economic losses resulting from inadequate internal procedures, technical failures, human error or as a consequence of certain external events, including legal risks, fraud, and those related to information technologies and cybersecurity
- Reputational risks: including potential negative impact resulting from changes in the perception of Grifols by its various stakeholders
- Penal risks
GRIFOLS’ PRINCIPLES OF CONTROL AND RISK MANAGEMENT
- A risk tolerance framework, which reflects the levels of risk that the company deems acceptable and consistent with its corporate objectives.
- Leadership of senior management to allocate the necessary resources.
- Integration in management processes, especially strategic and planning processes.
- Separation of functions among business areas and supervision and quality assurance mechanisms
- Integrated approach and corporate alignment to ensure all risks adhere to the same identification, assessment and treatment process.
- Ongoing improvements through periodic reviews of the system’s strength and effectiveness, as well as riskrelated best practices and recommendations.