Risk Management

Sanofi’s risk management framework ensures accountability and competence in managing risks across the organization.  It supports decision-making processes aligned with risk exposure and ensures effective information exchange with stakeholders. Key governance bodies include the Sanofi Risk Committee, the Risk Management team, and the Risk Management network.

Sanofi employs a comprehensive approach to monitor and manage potential threats and opportunities through its risk profile and emerging risk radar. This system captures and evaluates all categories of risks based on their potential impact on the company.

Sanofi categorizes risks into two main types: active risks and emerging risks.

• Active risks are those that may affect the company within a 3-year timeframe. These risks require immediate attention and management to mitigate their potential impact. 
• Emerging risks, on the other hand, encompass trends that could present threats or opportunities over a 7-year horizon and beyond. These risks are monitored and addressed proactively to prepare for potential future impacts. 

Sanofi’s approach relies on a comprehensive risk assessment process.  This process includes risks and emerging risks identification, evaluation and prioritization, risks treatment and for a selection of emerging risks, development of scenarios to understand their potential impact on the company. This methodology allows us to capture all categories of opportunities and threats closely tied to our strategy and inherent to our business.

Sanofi uses outside-in, top-down and bottom-up approaches to identify both active and emerging risks. The Sanofi Risk Management team conducts biannual prospective surveys based on insights from reliable sources to identify trends, threats, and opportunities in the pharma and biotech industry. The team consolidates risks from the risk management network across business units and functions and conducts interviews with senior managers from key functions.

Risks and emerging risks are assessed based on severity and likelihood. For active risks this evaluation is complemented by assessing the control level for risks and the velocity for emerging risks.

Active risks are then classified into four categories: vigilance, surveillance, watch list, and control adapted. Emerging risks are prioritized by the Executive Committee based on Risk Committee recommendations.

Risk leaders design and monitor mitigation plans. The Risk Committee defines the global risk response strategy, which is endorsed by the Executive Committee and communicated to the Audit Committee of the Board of Directors. Progress of mitigation for risks under vigilance is overseen by the Risk Committee and Executive Committee.

Scenarios are developed for prioritized emerging risks, identifying signals that they might become active and proposing early response actions.