Principal Risk Mitigation
Operational risk  

Value Generation from Acquisitions

Acquisitive growth remains a core element of the Group’s strategy. A failure to execute and properly integrate acquisitions may impact the Group’s projected revenue growth, and its ability to capitalise on the
synergies they bring and/or to maintain and develop the associated talent pools.

All potential acquisitions are assessed and evaluated to ensure the Group’s defined strategic and financial criteria are met. A discrete integration process and post integration review is developed for each acquisition. This process is supported by experienced management with a view to achieving identified benefits, cultivating talent and minimising general and specific integration risks.


Progress: No Change

This risk remains unchanged. Acquisitions remain a significant part of the Group’s growth strategy and as such integration will always be a risk. Integrations to date have been successful, resulting in no material negative business impact and no unexpected loss of key personnel. 

Client Diversification

As the Group’s activities consolidate and further acquisitions are completed, the Group’s client base may become more concentrated making the Group more susceptible to competitive, client merger or procurement led threats.

In individual business units where there is a high dependence on a small number of key clients, the threats and opportunities are reviewed by divisional management at each business review. The impact that any potential acquisition may have on client concentration is considered as part of the acquisition assessment process.


Progress: No Change
This risk remains unchanged. Future mitigation plans include the introduction of significantly improved capabilities, e.g., the ability to analyse client name, client concentration etc. through the Oracle Fusion finance system.


The Group has many legal and regulatory obligations, including in respect of: (a) protection of patient information (such as HIPAA and GDPR); and (b) patient and employee health and safety. In addition, many of the Group’s activities are subject to stringent licensing regulations, especially FDA, EMEA and national agency manufacturing and packaging licences. A failure to meet any of these could result in an inability to operate, or products and services being defective, harming patients and potentially giving rise to significant liability.

Maintenance of legal, regulatory and quality standards is a core value of the Group. The Sharp Division and Ashfield Pharmacovigilance are subjected to routine FDA, EMEA and national agency inspections and so are required to be ‘audit ready’ at all times. The significant change in this period is the requirement to comply with the General Data Protection Regulation (GDPR) by May 2018. A readiness plan has been prepared and circulated, training has been carried out and a full-time Data Protection Officer hired.


Progress: Increased Risk

Risk has become higher due to increases in regulation e.g. GDPR. However, mitigation plans have been expanded and strengthened.

Patient Risk

Throughout the Group, medicines and medical devices can be packaged, supplied or administered directly to patients. The risk of inappropriate packaging, supply or administration could lead to a negative patient experience.

Packaging and supply activity is carried out under licence by local health regulators and a contract with the marketing authorisation holder (MAH). Serialisation is being introduced as a global solution to falsified
medicines and to improve MAH product traceability. Administration of medicines to patients is covered by a detailed client contract with the MAH and a divisional clinical governance framework. All of these processes are subject to risk assessment, training, management review and internal quality audits.


Progress: Increased Risk

As clinical services is a strategic growth area, the risk will increase as the number of clinical services increases. Future mitigation will include an increase in automation such as a Groupwide Customer Relationship Management (CRM) System for clinical services.


The success of the Group is built upon effective management teams that consistently deliver superior performance. If the Group cannot attract, retain or develop suitably qualified, experienced and motivated
employees, this could have an impact on business performance.

Talent requirements of the Group are monitored to ensure businesses meet prevailing and future requirements in terms of skills, competencies and performance. There is a strong focus on key talent management practices, including leadership and management development, succession planning and performance management. There has been significant investment in a Group Human Resource information system, which provides an important platform to support our talent management practices.


Progress: Decreased Risk

Senior management transitions have been managed effectively. Development programmes have been extended with high levels of participation from leaders and managers. Increasingly sophisticated talent review processes have been implemented and action plans put in place. All of these combine to reduce the risk.

IT Systems

The ability of the Group to provide its services effectively and competitively is dependent on technology and information systems that are appropriately integrated and that meet current and anticipated future business, regulatory and security requirements.

The Group’s technology and information systems and infrastructure are the subject of an ongoing programme to ensure that they are capable of meeting the Group’s strategic intent and future requirements. Collectively this initiative is referred to as Future Fit IT.


Progress: Decreased Risk

A number of the key initiatives identified for Future Fit IT have been delivered and others are progressing. These include implementation of a Groupwide single sign-on solution for Workday and Oracle Fusion, delivery of a new Group-wide network (MPLS) and significantly enhanced security solutions.

Cyber Security

The global threat sophistication is increasing due to support from criminal organisations and nation states targeting valuable information. These are advanced persistent threats targeted at both business-critical data using ransomware for financial gain.

As part of Future Fit IT, the Group is implementing multi-layered information security defences to identify vulnerabilities and protect against attacks. Procedures are being developed to detect and respond effectively to any cyber security events that may occur.


New Risk

Business Continuity

The Group is exposed to risks that, should they arise, may give rise to the interruption of critical business processes that could adversely impact the Group or its clients.

The Group has developed a business continuity template based on risk and is currently re-working the operational business continuity plans in line with this. Mitigation strategies and continuity plans are part of a structured risk review process.


Progress: No Change


The underlying terms of the Group’s commercial relationships drive the profitability of the Group. The nature of the Group’s business means that the Group could be exposed to undue cost or liability if it agrees inappropriate terms.

The Group has adopted processes for identifying and mitigating against undue risks in all prospective commercial relationships, supported by personnel with expertise and/or experience in key commercial risk areas.


Progress: Decreased Risk

This is an ongoing process and progress has been made during the year in identifying and mitigating undue risks, with an increased focus on both legal and financial exposures deriving from contractual relationships.


The trading uncertainty associated with Brexit may result in some UDG Healthcare clients reducing the size of their UK operations or have a negative impact on our ability to conduct business profitably in the UK.

While there has been no indication that the UK market for our services is contracting as a result of the Brexit decision, we will continue to monitor the Brexit negotiations to ensure that specific legislation does
not have a negative impact on our ability to conduct business profitably in the UK. The overall Group exposure to the UK as a proportion of our total profitability is expected to decline as we acquire businesses with greater exposure to markets other than the UK.


Progress: Decreased Risk

A Brexit risk paper was prepared during the summer and concluded that while further monitoring was required there were no additional mitigants that could be put in place at this time. Our exposure to the UK market continues to decline as a proportion of the Group’s overall activities.

Economic and Political Risk

The global macroeconomic and geopolitical environment may have a detrimental impact on our client base and their propensity to purchase services from third party suppliers. As a result we may be overly exposed to a weakening segment of the market.

The Group continues to review its portfolio of investments through the annual strategic review process and through constant challenge at Senior Executive Team and Board level. Acquisitions are sought which improve the balance of our investments and give greater exposure to innovative and growing market segments.


New Risk

Financial risks  


The Group’s resources and finances must be managed in accordance with rigorous standards and stringent controls. A failure to meet those standards or implement appropriate controls may result in the Group’s resources being improperly utilised or its financial statements being inaccurate or misleading.

The financial controls of the Group, as well as their effectiveness, are monitored by the Board in the context of the standards to which the Group is subject and the expectations of its stakeholders. This monitoring is supported by a dedicated internal audit function. The Group’s financial function, systems and controls are also subject to periodic review to ensure that they remain robust and fit for purpose.


Progress: No Change


The Group is exposed to liquidity, interest rate, currency and credit risks.

The management of the financial risks facing the Group is governed by policies reviewed and approved by the Board. These policies primarily cover liquidity risk, interest rate risk, currency risk and credit risk. The primary objective of the Group’s policies is to minimise financial risk at a reasonable cost. The Group does not trade in financial instruments.


Progress: No Change

Foreign Exchange

UDG Healthcare plc’s reporting currency is US dollar. Given the nature of the Group’s businesses, exposure arises in the normal course of business to other currencies, principally sterling and the euro.

The majority of the Group’s activities are conducted in the local currency of the country of operation. As a consequence, the primary foreign exchange risk arises from the fluctuating value of the Group’s net investment in different currencies. The Group changed its reporting currency to US dollars in FY2017 as the US is now the largest source of profit for the Group. Our strategic intent is to proportionally grow the US as a source of earnings at a faster rate than other markets which will lower the foreign exchange risk for the Group.


Progress: Decreased Risk

The change to US dollar reporting and the increasing proportion of profit from the US reduces the potential volatility due to currency movement.