Risk management and internal control
Risk management is embedded in our strategy and is considered important for achieving our operational targets.
To safeguard the proper implementation and execution of the group’s strategy, our management board has set up internal risk management and control systems within Galapagos. The supervisory board has delegated an active role to the audit committee members to monitor the design, implementation and effectiveness of these internal risk management and control systems. The purpose of these systems is to manage in an effective and efficient manner the significant risks to which Galapagos is exposed.
The internal risk management and control system is designed to ensure:
- the careful monitoring of the effectiveness of our strategy
- Galapagos’ continuity and sustainability, through consistent accounting, reliable financial reporting and compliance with laws and regulations
- our focus on the most efficient and effective way to conduct our business
We have defined our risk tolerance on a number of internal and external factors including:
- financial strength in the long run, represented by revenue growth and a solid balance sheet
- liquidity in the short run; cash
- business performance measures; operational and net profitability
- scientific risks and opportunities
- dependence on our alliance partners
- compliance with relevant rules and regulations
The identification and analysis of risks is an ongoing process that is naturally a critical component of internal control. On the basis of these factors and Galapagos’ risk tolerance, the key controls within Galapagos will be registered and the effectiveness will be monitored. If the assessment shows the necessity to modify the controls we will do so. This could be the situation if the external environment changes, or the laws or regulations or the strategy of Galapagos change.
The financial risks of Galapagos are managed centrally. The finance department of Galapagos coordinates the access to national and international financial markets and considers and manages continuously the financial risks concerning the activities of the group. These relate to the following financial markets risks: credit risk, liquidity risk, currency and interest rate risk. Our interest rate risk is limited because we have nearly no financial debt. In case of decreasing interest rates we will face a reinvestment risk on our strong cash position. The group does not buy or trade financial instruments for speculative purposes. For further reference on financial risk management, see note 32 of the notes to the consolidated financial statements. We also refer to the Risk factors section of the annual report for additional details on general risk factors.
The company’s internal controls over financial reporting are a subset of internal controls and include those policies and procedures that:
- pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company
- provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with IFRS as adopted by the EU, and that receipts and expenditures of the company are being made only by authorized persons
- provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material effect on the financial statements
Our internal control over financial reporting includes controls over relevant IT systems that have an impact on financial reporting including accuracy and completeness of our account balances. Management takes appropriate remediation and mitigation actions in case IT deficiencies would be identified. Our internal control over financial reporting includes also additional layers of business process controls to mitigate all remaining risks associated with IT deficiencies.
Since the company has securities registered with the U.S. Securities and Exchange Commission (SEC) and is a large accelerated filer within the meaning of Rule 12b-2 of the U.S Securities Exchange Act of 1934, the company needs to assess the effectiveness of internal control over financial reporting and provide a report on the results of this assessment.
In 2020 management has reviewed its internal controls over financial reporting based on criteria established in the Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and engaged an external advisor to help assess the effectiveness of those controls.
As described in Section 404 of the U.S. Sarbanes-Oxley Act of 2002 and the rules implementing such act, we will include the management and the statutory auditor’s assessment of the effectiveness of internal control over financial reporting in our annual report on Form 20-F, which is expected to be filed with the SEC on or around the publication date of the present annual report.
Management as well as the statutory auditor concluded that the group maintained, in all material respects, effective internal control over financial reporting as of 31 December 2020.