Ferring Pharmaceuticals, a private Swiss-based specialty biopharmaceutical group, operates subsidiaries in nearly 60 countries and markets its products in 110 countries. The company has production facilities throughout Europe and in South America, Israel, and China, and is opening new sites in the United States and India.
The Swiss Code of Obligations requires companies incorporated in Switzerland, whether public or private, to have an internal control system (ICS). To comply with this requirement, the company was relying on a cumbersome spreadsheet-based process and time-consuming manual reporting. In terms of risk management, risk information was entered into a risk database by the end users, and the two-person risk management team would then download and manually rework the data into spreadsheet tables, a laborintensive and error-prone process.
Company management was aware that it needed to automate and optimize its ICS and risk management and its reporting processes to better meet the required regulations. After reviewing three vendor solutions for automating and accelerating internal controls and risk processes, Ferring selected the Protiviti Governance Portal. In December 2013, the company went live with its first risk monitoring program, and in 2014 it rolled out the new internal controls and risk management program using the Governance Portal in all its global locations.
The capabilities that proved key in the selection of the Governance Portal were its scalability, configurability, real-time reporting and the ability to integrate risk with other company activities such as research, production, sales and marketing. This, plus the on-site availability of the Protiviti governance, risk and compliance (GRC) team to assist with configurations and provide training during the implementation and launch, made the decision easy for Ferring.
“The Protiviti Governance Portal is very flexible,” said Guido Fileppo, associate director of global internal control and risk monitoring at Ferring Pharmaceuticals. “The interface can be as simple as you need it to be for end users, but it also supports sophisticated frameworks for internal controls and risk management. Using the tool, we designed a completely new risk methodology, which took our risk management efforts to the next level.”
Integrated Risk Management
The Governance Portal enables Ferring to align global risk management objectives with its affiliates. This effort is supported by real-time views of risks and the ability to extract up-to-date heat maps and risk dashboards for particular areas or countries.
“The Governance Portal enabled us to automatically create a new report of top risks, which we include in strategic planning presentations, budget reviews and local management meetings,” said Fileppo.
Structured Risk Identification and Integrated Reporting
Using the Governance Portal, the risk group created a risk hierarchy, consolidating 500 risks into 70 high-level, Ferring-specific risk descriptions. The hierarchy makes it easier for business users to report a risk accurately by correlating their selection with what other entities have reported. The custom hierarchy also enables meaningful executive risk reporting as well as identification of risk themes for which a coordinated action is needed.
The Governance Portal supports Excel-based risk reporting, reducing the time required for creating and analyzing reports from more than three weeks to two days, while providing a clear and consistent picture of risks across the entire organization.
Internal Control Action Plans
Through the Governance Portal, internal control action plans are assigned to finance directors or their teams to guide them with implementing improvements. The users automatically receive emails detailing what is required to implement or maintain an internal control; this ensures that responsible parties are always informed of what they need to do. Users can easily update the status of their action plans, and the internal control group is able to review the status of tasks. Excel-based reporting is also used for internal controls and for action plans and findings.
The Ferring team uses the Governance Portal’s Assessment Management Engine (AME) to create surveys for self-assessment and control testing for the internal control group, end users and controllers. These surveys allow key stakeholders to test controls in their areas easily, replacing the manual spreadsheet process used previously.
A Single Source of Truth
The Governance Portal enables Ferring to enforce a single standard for internal controls across all of its locations; if local controls are used, management must document that these controls conform to the uniform standard. Because the Governance Portal is a single, centralized source of truth, Ferring uses it to support external audits. External auditors easily access internal controls information, enabling controls-based auditing and tracking the status of improvements.
Protiviti’s expert consultants have worked with thousands of global clients to deliver targeted GRC software solutions that address immediate needs while facilitating convergence toward fully integrated, value-added GRC practices. We have helped our clients implement the Protiviti Governance Portal, a comprehensive software platform that integrates content and commonly accepted and proprietary frameworks with world-class consulting expertise in order to provide organizations with the visibility and insight needed to manage and mitigate current and future risk and compliance issues.
The integration of process, knowledge and technology in our Governance Portal helps clients to: