Principal Risk Mitigation
Strategic Risks  

Value Generation from Acquisitions 

Acquisitive growth remains a core element of the Group’s strategy. A failure to execute and properly integrate acquisitions may impact the Group’s projected revenue growth and its ability to capitalise on the synergies they bring and/or to maintain and develop the associated talent pool.

All potential acquisitions are assessed and evaluated to ensure the Group’s defined strategic and financial criteria are met. A discrete integration process and post integration review is developed for each acquisition. This process is supported by experienced management with a view to achieving identified benefits, cultivating talent and minimising general and specific integration risks.


Progress: No change


Lack of Client Diversification

As the Group’s activities consolidate and further acquisitions are completed, the Group’s client base may become more concentrated, making the Group more susceptible to competitive, client merger or procurement led threats.

In individual business units where there is a high dependence on a small number of key clients, the threats and opportunities are reviewed by divisional management at each business review. The impact that any potential acquisition may have on client concentration is considered as part of the acquisition assessment process.


Progress: Decreased Risk


The dependence of each business unit on a single client has reduced.

Client Outsourcing Strategy

Changes to pharma company outsourcing strategy such as a reduced roster of preferred vendors, or a wholesale move to outsource to holding companies that meets all of their service requirements.

In order to maintain or develop into a preferred vendor for our target clients, acquisitions can be used to fill any key gaps in service offering. The key is to maintain client relationships and to keep abreast of potential changes in their business strategy. We have developed an agile business development strategy to maximise our value to clients.


Progress: New Risk

Talent Management


The success of the Group is built upon effective management teams that consistently deliver superior performance. If the Group cannot attract, retain or develop suitably qualified, experienced and motivated employees, this could have an impact on business performance.

Talent requirements of the Group are monitored to ensure businesses meet prevailing and future requirements in terms of skills, competencies and performance. There is a strong focus on key talent management practices, including leadership and management development, succession planning and performance management.


Progress: No change


The trading uncertainty associated with Brexit may result in some UDG Healthcare clients reducing the size of their UK operations or have a negative impact on our ability to conduct business profitably in the UK.


The impact of Brexit on movement of people and distribution of goods is not yet clear and this is generating increased uncertainty, affecting exchange rates and client willingness to develop business in the UK. The overall Group exposure to the UK as a proportion of our total profitability is expected to decline as we acquire businesses with greater exposure to markets other than the UK.


Progress: Increased Risk


There is significant uncertainty around reaching an agreement on Brexit.

Economic and Political Risk


The global macroeconomic and geopolitical environment may have a detrimental impact on our client base. Price controls and price reductions are prevalent in the pharmaceutical industry therefore we may have certain exposures to any weakening market segments.

The Group continues to review its portfolio of investments through the annual strategic review process and through constant challenge at a senior executive and Board level. Acquisitions and new service offerings are sought which improve the balance of our investments and give greater exposure to innovative and growing market segments. The overall strategy is to increase market share in the US.


Progress: No change

Innovation and Insight


The continued success of the Group has been dependent upon the delivery of innovative solutions to our clients. Examples include serialised packaging, and multichannel CSO. An inability to predict and deliver such innovation would be a risk to the maintenance of our market leading positions in the various sectors in which we operate.

Innovation and insight is at the fore of all business strategies set down by the senior executive team (SET). At a divisional level each management team has a responsibility to identify current and projected client demand for new service offerings and market changes and have designated roles within their business units tasked to deliver on this.


Progress: New Risk

Operational risk  

Patient Risk


Throughout the Group medicines and medical devices can be packaged, supplied or administered directly to patients. The risk of inappropriate advice, packaging, supply or administration could lead to a negative patient experience.

Packaging and supply activity is carried out under licence from local health regulators and a contract with the marketing authorisation holder (MAH). Serialisation is being introduced as a global solution to falsified medicines and to improve MAH product traceability. Administration of medicines to patients or providing patient support is covered by a detailed client contract with the MAH, fully approved scripts, and a divisional clinical governance framework. The introduction this year of Health Cloud has brought additional assurance to the patient support programmes.


Progress: No change

Regulatory Compliance


The Group has many legal and regulatory obligations, including in respect of: (a) protection of patient information (such as HIPAA and GDPR); and (b) patient and employee health and safety. In addition, many of the Group’s activities are subject to stringent licensing regulations, for example, FDA, EMEA and national agency manufacturing, packaging and promotional regulations and more recently the serialisation requirements under the FMD. A failure to meet any of these could result in regulatory restrictions, financial penalties, the inability to operate, or products and services being defective, harming patients and potentially giving rise to very significant liability.

Maintenance of legal, regulatory and quality standards is a core value of the Group. The Sharp Division and Ashfield Pharmacovigilance are subjected to routine FDA, EMEA and national agency inspections and so are required to be ‘audit ready’ at all times. Patient education and information programmes are reviewed to ensure compliance with regulation and codes of practice and are subject to regular assessment by Quality and Compliance. Following the introduction of GDPR, regular data protection auditing has now commenced across EU locations in 2018 while data protection training and gap analyses have commenced outside the EU to focus on local data protection law compliance.


Progress: No change

IT Systems Risk


The ability of the Group to provide its services effectively and competitively is dependent on technology and information systems that are appropriately integrated and that meet current and anticipated future business, regulatory and security requirements.

The Group’s technology and information systems and infrastructure are the subject of an ongoing programme to ensure that they are capable of meeting the Group’s strategic intent and future requirements. Collectively this initiative is referred to as Future Fit IT.

Progress: No change


Contract Risk


The underlying terms of the Group’s commercial relationships drive the profitability of the Group. The nature of the Group’s business means that the Group could be exposed to undue cost or liability if it agrees inappropriate terms.

The Group has adopted processes for identifying and mitigating against undue risks in all prospective commercial relationships, supported by personnel with expertise and/or experience in key commercial risk areas.


Progress: Decreased Risk

The process of identifying and mitigating undue contractual risks has continued during FY2018.


Cyber Security

The global threat sophistication is increasing due to support from criminal organisations and nation states targeting valuable information including impersonation. These are advanced persistent threats targeted at both business-critical data and using ransomware for financial gain.

As part of Future Fit IT, the Group is implementing multi-layered information security defences to identify vulnerabilities and protect against attacks. To meet the increasing cyber threat procedures are being developed and resources are being hired to detect and respond effectively to any cyber security events that may occur. Specific training has been delivered throughout the global finance organisation to alert staff to the risks. A month long communication campaign ‘Think before you dive in’ was carried out. Cyber security insurance is now in place.


Progress: No Change

Business Continuity


The Group is exposed to risks that, should they arise, may give rise to the interruption of critical business processes that could adversely impact the Group or its clients.

The Group has developed a business continuity template based on risk and is currently re-working its operational business continuity plans in line with this. Mitigation strategies and continuity plans are part of a structured risk review process. There have been no significant business interruptions to date.


Progress: No change

Financial risks  

Financial Controls


The Group’s resources and finances must be managed in accordance with rigorous standards and stringent controls. A failure to meet those standards or implement appropriate controls may result in the Group’s resources being improperly utilised or its financial statements being inaccurate or misleading.

The financial controls of the Group, as well as their effectiveness, are monitored by the Board in the context of the standards to which the Group is subject and the expectations of its stakeholders. This monitoring is supported by a dedicated Internal Audit function. The Group’s financial function, systems and controls are also subject to periodic review to ensure that they remain robust and fit for purpose.


Progress: No Change



The Group is exposed to liquidity, interest rate, currency and credit risks.

The management of the financial risks facing the Group is governed by policies reviewed and approved by the Board. These policies primarily cover liquidity risk, interest rate risk, currency risk and credit risk. The primary objective of the Group’s policies is to minimise financial risk at a reasonable cost. The Group does not trade in financial instruments.


Progress: No Change

Foreign Exchange


UDG Healthcare plc’s reporting currency is the US dollar. Given the nature of the Group’s businesses, exposure arises in the normal course of business to other currencies, principally sterling and euro.

The majority of the Group’s activities are conducted in the local currency of the country of operation. As a consequence, the primary foreign exchange risk arises from the fluctuating value of the Group’s net investment in different currencies. Our strategy is to proportionally grow the US as a source of earnings at a faster rate than other markets which will lower the foreign exchange risk for the Group.


Progress: No change