The significance of risk management cannot be overstated, as it directly influences the success of our business operations. This becomes even more crucial considering the politically and economically turbulent environment in which we operate. The risks faced by pharmaceutical companies, particularly in clinical trial design and execution, drug approval, product quality, and global commercial practices, are increasingly frequent and impactful.

Therefore, at Lupin, we have recognized risk management as one of our top priorities. We have developed a robust and structured risk management process firmly grounded on sound governance principles and driven by a pervasive organizational risk management culture.

Our approach to risk management encompasses various interconnected elements, diligently addressing potential risks at each stage. This enables us to identify, assess, and mitigate risks, safeguarding our operations and protecting our stakeholders’ interests. We also integrate risk management into our decision-making processes, helping to prepare ourselves better to navigate the complex and ever-evolving landscape of the pharmaceutical industry.

To ensure strong governance and oversight, our Board of Directors play a pivotal role in the risk management process. They provide strategic direction and guidance while overseeing adherence to the framework and associated policies. Our Board comprises of four members with extensive experience in risk management, enhancing our ability to make informed decisions in this domain.

The RMC and the Management Committee support the Board to ensure decentralization of risk management and its independence from other business functions. The committee comprises of independent directors with expertise and experience in risk management, finance, accounting, and related fields.

To ensure continuous improvement and knowledge enhancement, the Board of Directors, Risk Management Committee and Management Committee undergo regular education and training on risk management matters. This equips them with a deeper understanding of the Company’s risk profile and empowers them to make well-informed decisions that mitigate potential risks.

Mr. Ramesh Swaminathan is the Chief Risk Officer of the Company.

Risk Governance

At Lupin, our approach to risk management is guided by a comprehensive Risk Management Framework that provides a clear and effective strategy for addressing risks. This framework applies across all our companies, subsidiaries, partners, and extended value chains, ensuring a consistent and coordinated approach to risk management throughout the Group.

Central to our Risk Management Framework are two key components: the Risk Enabled Performance Management (REPM) process and the Risk Management Structure.

The REPM process focuses on establishing the objectives the Company aims to achieve and protect. It also helps identifying and prioritizing risks, and effectively managing them.

Overall, the value driver tree approach used in the REPM process at Lupin is a robust and effective method of assessing and managing risks that is consistent with the guidance provided by the COSO framework. The Risk Management Structure supports the risk management process by defining the Company’s risk appetite, underlying principles for managing risks and undertaking transactions, policies, and roles & responsibilities.

Risk Governance Structure

Risk Management

Objectives of Risk Management at Lupin

To profile and characterize the risks faced by the business of the Company.
To ensure compliance with all laws & regulations governing the country.
Ensure that the Senior Management is in a position to make informed business decisions based on risk assessment.
Identify and pursue good business opportunities without exposing the business to unacceptable risk.
Prevent value erosion as a result of noncompliance with applicable laws.

Risk Identification

Lupin employs a structured and robust risk management approach, ensuring the seamless interaction of interconnected elements for optimal effectiveness. Our Risk Management process is conducted annually, converging with our strategic business planning timelines. This includes an annual risk identification and assessment phase, where risks are prioritized through a comprehensive scan of risk competencies. This includes an annual identification and assessment phase, where risks are prioritized against our determined risk appetite, ability to mitigate the risk, and cost of mitigation. We then create a formal risk management plan for the identified “Risks That Matter” and present it to the RMC for review.

However, our risk management process is not limited to an annual cycle alone. It can be triggered at any time in response to significant changes in our internal business practices or the external business environment. Additionally, the risk management process is integrated into the evaluation for non-routine transactions, ensuring a comprehensive review of associated risks.

Our operation managers play a crucial role as the first line of defense, taking prompt actions within the risk management framework. The next step involves assessing the specific risks under consideration. While some risks may be adequately addressed through an annual review, others require continuous assessment, considering the prevailing circumstances and business conditions.

Risk Categorization and Prioritization

At Lupin, we classify risks into four categories: Strategic Risks, which impact the company’s strategic focus and future; Financial Risks, which pertain to the management and protection of the company’s finances; Operations Risks, which encompass risks related to resources and processes in executing our business model; and Compliance Risks, which arise from our adherence to applicable laws, regulations, and contractual terms.

To prioritize risk management, we consider the ‘likelihood’ of occurrence and its overall ‘impact’.

We utilize a framework that defines likelihood as “the possibility of a given event occurring,” and a likelihood table can be employed to assess the probability of specific events. While, the combination of ‘likelihood’ and ‘impact’ determines the overall severity of a risk, allowing us to prioritize and manage risks across the organization effectively. Lupin utilizes impact/severity criteria to assign risk ratings, ranging from low to catastrophic. These factors can be determined using historical data, expert judgment, or other Lupin-specific considerations.

Based on this prioritization, we establish a comprehensive mitigation plan to address identified risks and minimize their potential impact on our operations.

Sensitivity Analysis and Stress-Testing

In addition to our risk management practices, Lupin conducts sensitivity analysis and stress testing to evaluate financial and operational risks. Sensitivity analysis involves examining how changes in assumptions or inputs can affect our risk exposure. Conversely, stress testing involves subjecting the company to extreme scenarios to assess its resilience and ability to withstand adverse conditions.

For strategic risks, we employ scenario planning exercises to discuss and analyze potential scenarios that may impact our strategic focus and future. This approach helps us anticipate and prepare for various contingencies.

Given the binary nature of compliance risks, we focus on managing them through evidence-based tracking mechanisms. We utilize legal compliance software to monitor and ensure compliance with applicable laws, regulations, and contractual obligations.

The insights gained from sensitivity analysis, stress testing, and scenario analysis exercises help understand the potential impact of different risk events. They aid in identifying areas for improvement in our risk management process. The results of this analysis are reviewed by the RMC and the Management Committee to help develop risk mitigation strategies.

Risk Mitigation

The primary objective of risk mitigation is to identify and develop management response plans that address the “Risks That Matter,” limiting their impact to a optimal level. This process entails conducting a root cause analysis to understand the underlying factors contributing to the risks. Subsequently, mitigation plans are developed, specifying responsibilities and timelines for implementation.

As part of the mitigation process, we assess existing processes, identifying any gaps in controls that may leave us vulnerable to risks. We then design additional strategies and measures to fill those gaps, ensuring a comprehensive approach to risk mitigation. Through this process, we document the mitigation plan, providing a clear framework for implementation and monitoring.

Mitigation plans are prepared annually, aligned with our risk management cycle. These plans undergo a rigorous review by the management and Risk Management Committee to ensure their effectiveness and alignment with our strategic objectives remains unaltered.

Emerging Risks

Our Risk Management Committee proactively identifies and mitigates emerging risks affecting our operations. We comprehensively evaluate emerging risks at least once every three years to implement effective risk avoidance measures. Our risk management framework guides this process, ensuring a proactive approach to risk mitigation.

We use various sources of information, including internal and external data, industry trends, regulatory changes, market analysis, and expert insights, to systematically and thoroughly identify emerging risks. The committee then assesses the impact of these risks on Lupin by evaluating their likelihood of occurrence, the scale of impact, and our current preparedness to address them. We also consider Lupin’s overall business trajectory in this analysis.

Once risks are identified and assessed, the Risk Committee collaborates with relevant stakeholders, both internal and external, to develop appropriate mitigation measures. These measures are designed to proactively manage the identified risks and enable Lupin to adapt and respond to emerging challenges effectively.

Failure to Stabilize Price Trajectories

The inability to control the general price level of goods and services, including commodities, can significantly impact our business. This includes inflation and deflation, resulting in price fluctuations and higher food, energy, and housing costs. These factors can lead to lower real incomes and force individuals to make trade-offs in essential spending, impacting community health and well-being. In Lupin’s case, operating in prescription out-of-pocket markets like India, the Philippines, and South Africa, price escalations can increase the healthcare cost burden for individuals, reducing healthcare spending. To address the risk of failure in stabilizing price trajectories, inflation, and the cost of living, Lupin has implemented several strategies:

  • Supply Chain Innovation: Focus on forward and backward integration to reduce dependence on distributors and API suppliers for better cost and pricing control.
  • Cost Management: Close monitoring and management of costs across operations to mitigate the impact of a 5% escalation in input costs in FY23.
  • Product Optimization: Global sourcing and engineering teams identify and address inflation-affected products through adjustments in design, materials, packaging, or features while maintaining consumer prices.
  • Flexible Sourcing: Enhancing sourcing flexibility in response to specific cost increases, such as Pen-G costs in recent years.

Geopolitical Fragmentation

Geopolitical fragmentation poses a significant risk to our business, especially as we operate in countries like the U.S. and India. This fragmentation can lead to increased regulatory complexity, trade barriers, and political risks, disrupting our operations and impacting profitability. It can also affect the availability of medicines. Regulatory fragmentation further causes delays in approvals and distribution, leading to potential shortages of essential medicines.

To address the risk of geopolitical fragmentation, Lupin has implemented several mitigation measures:

  • Diversifying Imports and Securing Supply Chains: Focus on diversifying imports and securing supply chains to reduce dependence on a single supplier or country, minimizing disruptions caused by geopolitical risks.
  • Preserving Benefits of Global Integration: Actively staying updated on industry challenges, such as COVID-19, inflation, geopolitics, and new therapeutic modalities, to protect the benefits of global integration. Monitoring these factors allows adapting operations strategy to navigate risks and seize opportunities.
  • Investing in Local Production: Investment in local production to reduce vulnerability to geopolitical risks and enhance medicine availability. Participation in the Production Linked Incentive (PLI) scheme for formulations in India, promoting domestic manufacturing and contributing to the government’s efforts to boost local production and improve accessibility and affordability of medicines.

Risk Integration and Culture

At Lupin, we firmly believe that effective risk management and mitigation can only be achieved by integrating risk into the organization wide operations and establishing a strong risk culture.

We conduct multiple trainings throughout the year, to raise awareness of risk through interactive sessions with our team of risk experts. During these sessions of training, we actively encourage our employees at corporate offices and manufacturing sites to identify and report risks. We also ensure compliance with statutory regulations by educating our employees on the importance of improving environmental parameters, such as reducing water usage, waste generation, and GHG emissions, and implementing renewable energy programs.

In addition to this, our manufacturing facilities conduct risk management for all activities as per the laid down Standard Operating Procedures (SOPs), which contain comprehensive step-by-step instructions and measures to prevent any incidents. These SOPs reference Engineering Controls and Personal Protective Equipment (PPE) usage. They are meticulously prepared based on the risks present in each activity, using the Hazard Identification and Risk Assessment (HIRA) methodology and aspect impact to control the adverse effects on the environment.

Furthermore, our manufacturing sites are subject to rigorous assessments by regulatory auditors such as the U.S. FDA and UK MHRA. This necessitates our organization to be well-prepared to face audits and ensure that our people can interact with the auditors positively and confidently. To this end, we have developed unique training methods such as the Audit Readiness film, which simulates real-life audit situations and conveys the dos and don’ts our employees should follow for a successful outcome. More than 6,000 employees across our sites have viewed the film, which has helped us establish a risk management culture.

To maintain a risk management culture, and encourage people including contractors, we reward them under EHSAAS (Environment, Health & Safety Award and Accolades System) awards for effectively implementing and maintaining risk mitigation measures related to safety and the environment. These awards recognize and motivate our employees and contractors working with us to actively participate in maintaining a safe and secure work environment and for the Environmental Protection.

Download Reports

2022 - 2023