Effective Corporate Governance at Roche
Case study at-a-glance
- Background: Roche discovers, develops and provides innovative diagnostic and therapeutic products and services that deliver significant benefits to patients and healthcare professionals, from early detection and prevention of diseases to diagnosis, treatment and treatment monitoring.
- GRC Challenge: Roche needed to comply with Or728a, a Swiss-legislated regulation on internal control. Roche also wanted to improve its financial reporting on internal control.
- Solution: SAI360 was chosen due to its proven software, global presence, and company size and health. Roche implemented the SAI360 GRC platform in 26 countries, including the United States, France, Switzerland and Japan.
- Benefits: SAI360 enabled Roche to establish an environment in which each reporting entity can document information based on a standard approach and then easily adapt it to local processes.
For enhanced internal control over financial reporting
The company Roche, headquartered in Basel, Switzerland, is one of the world’s leading research-focused healthcare groups in the field of pharmaceuticals and diagnostics. Roche operates in seventy countries with 75,000 employees and 190 reporting entities. Roche is listed on the Swiss Stock Exchange.
To achieve its goal of creating superior value for all stakeholders, Roche is dedicated to excellence at all levels, with strong corporate governance and internal controls playing a critical factor.
An ICFR approach
Roche wished to develop and implement a purpose-fit approach to Internal Control over Financial Reporting (ICFR) to:
- Enhance the efficiency and effectiveness of its financial reporting and control processes across the global organization
- Comply with new Swiss legal requirements
“The key challenge was to design an ICFR approach for Roche with an optimal cost/benefit ratio,” said Philippe Muller, who was the Project Manager Internal Control over Financial Reporting at Roche (now retired). “We implemented ICFR for good business reasons, not merely to address compliance requirements.”
SAI360 as a central repository
Roche implemented a top-down risk-based ICFR approach with SAI360 as the central repository for its documentation, testing and issue management. Mr. Muller explained, “SAI360 enabled us to develop and implement a purpose-fit solution for Roche and proved to be flexible enough to cope with our requirements.”
“The intuitive system was up and running quickly. We have established an environment that enables each reporting entity to document information based on a standard approach and then easily adapt it to local processes.”
Reasons for selecting SAI360
- User friendly and intuitive
- Ease of implementation
- Comprehensive, integrated functionality including reporting, monitoring, risk management and secure data storage
- Proven and reliable ability to meet global corporate governance requirements
- A strong commitment to customer service and support
An intuitive system up and running quickly
Roche’s ICFR department was able to take advantage of a single SAI360 implementation at its headquarters-based server, providing easy access to as many as 700 end-users in roughly 30 countries, including the United States.
“The intuitive system was up and running quickly,” explained Mr. Muller. “We have established an environment that enables each reporting entity to document information based on a standard approach and then easily adapt it to local processes.”
As Mr. Muller explained, “SAI360 listened to and met our needs, enabling us to take a truly global risk-based approach to internal control.”
- Roche is able to easily define, monitor, and mitigate risks based on both the global and the individual requirements of each reporting unit.
- Roche can focus on what is truly important to the effectiveness of the company’s corporate governance.
- The structured, best practice approach encompassed risk management, processes, controls and documentation.
- Roche was able to meet its Swiss legal requirements ahead of schedule.
“Very often, with compliance projects, it is difficult to create value,” explained Mr. Muller. “However, if you are able to establish best practice controls across the entire organization, as we have done with SAI360, then you can create real value.”