Risk Management Policy and Procedure
The "Risk Management Measures" was duly approved at the Board meeting of PharmaEngine dated August 13, 2014. We also published the "New Drug Research and Development Risk Management Strategy" on our official website as the highest guiding principle of our risk management. We shall conduct risk factor identification periodically to identify relevant risks that potentially affect sustainable business development, identify the scope of risk management, and monitor potential risks and implement precaution measures in accordance with the development and guidance requirement of the latest internal audit, to strengthen risk management.
Each department shall conduct risk assessment and implement relevant risk management based on all kinds of actual and potential risk situations. The management team shall report on the implementation of our business strategy and risk control at least once a year in board meetings. The Board of Directors will examine, discuss and supervise the implementation of business strategy and the implementation of risk control of the managing department during the quarterly meetings.
The Board of Directors shall periodically review the overall external economic environment at least once a year, identify the risks to assess their impact on medium and long-term operations and strategies, implement risk management procedures and other mechanisms, and control each risk arising from business activities within an acceptable range.
Each department shall conduct risk assessment and implement relevant risk management based on all kinds of actual and potential risk situations. The management team shall report on the implementation of our business strategy and risk control at least once a year in board meetings. The Board of Directors will examine, discuss and supervise the implementation of business strategy and the implementation of risk control of the managing department during the quarterly meetings.
The Board of Directors shall periodically review the overall external economic environment at least once a year, identify the risks to assess their impact on medium and long-term operations and strategies, implement risk management procedures and other mechanisms, and control each risk arising from business activities within an acceptable range.
Risk Management Scope
We promise to integrate and manage all strategies, operations, finances, hazards and other potential risks that may affect operations and profits in a proactive and cost-effective way through risk management and to take corresponding risk management strategy based on risk levels. Our risk management includes management of "new drug research and development risk", "climate change, accident, disaster, political and social risk", "regulation compliance risk", "operation risk", "cyber security risk", "corporate governance risk", "financial/taxation risk", "human resources risk", "business management risk", and "other risk".
Risk Management Framework
PharmanEngine's risk management framework and risk management responsibilities by department as follow:
Department | Risk Management Responsibility |
Audit Committee | Review risk management policies and their implementation. |
President & CEO Office | Risk management of business decision-making, intellectual property rights, and product quality. |
Audit Office | Risk management of internal control and internal audit related. |
Clinical & Regulatory Affairs | Risk management of research and development of clinical trials, pharmaceutical compliance, and product registration. |
Corporate Development | Risk evaluation of new drugs research from competitors and new project introduction, and risk management of sales market after product launch |
Finance & Administration | Risk evaluation management of financial matters, response strategy implementation, operations, and information security evaluation |
Research & Development | Risk management of pre-clinical animal pharmacology, toxicology, pharmacokinetics and clinical trials related research, external research and development management and project planning, implementing, controlling related matters, new drugs research and development, manufacturing, and analysis. |
Marketing & Sales | Risk evaluation management of products related supply, marketing or sales and account related matters. |
Risk Evaluation
Major Themes | Risk Evaluation Items | Risk Management Policy and Strategy |
Environment |
|
|
Social |
|
|
Governance |
|
|
Implementation
1. Implementation of risk management policy and risk assessment standard
(1) New drug research and development risk management
The management for research and development risks in PharmaEngine includes the evaluation and introduction for new projects, project management execution, quality management, process development control, pharmacology and toxicology research management, clinical research management, regulatory inspection and registration management, project outcome management, promotion of new product outcomes, and document maintenance and preservation operation.
(2) Climate change, accident, disaster, political and social risk management
Systemic risks normally significantly affect company operations and require a special taskforce. For example, in response to the global spread of the new coronavirus (COVID-19), the President & CEO of the Company called each department head to set up an epidemic prevention group to discuss the risk environment, risk management priorities, risk assessment, response measures and operational conditions we faced, and to formulate guidance on emergency response operations and related control measures for the COVID-19 Pandemic.
(3) Regulation compliance risk management
1. Protect subjects in clinical trials to ensure their rights, safety, and wellbeing
The Company conducts clinical trials in accordance with the "Guidelines for Good Clinical Practice (GCP)" of ICH and upholds the ethical principles of medical research in the Declaration of Helsinki to ensure the rights, safety and well-being of subjects. Each participant in the human clinical trials will be fully informed and protected. In addition, the Company provides relevant insurance for the clinical trials. If there is any physical harm due to participation in the trial, there will be clinical trial insurance to compensate the subject for damage.
2. Quality policy
The Company upholds the spirit of innovation, manages new drug research and development projects, adheres to quality and focuses on total quality management. The Company also complies with GMP, GDP, GLP, GCP and international regulations, and achieves new drug development research that meets the goals of safety, effectiveness, and consistent quality to enhance the development level of new drugs, promote the development of medicine and continuously improve the quality of medicines.
3. Notification for adverse drug reaction in clinical trials
For the Company's clinical trials, if there is any serious adverse reactions caused to the subjects due to the drugs, regardless of the location in Taiwan or other regions, the Company will notify Ministry of Health and Welfare or Taiwan National Adverse Drug Reaction Reporting System of Taiwan Drug Relief Foundation in accordance with the regulations.
4. Drug safety monitoring management
The Company's post-market risk management of drugs is targeted at drug safety, and a drug safety reporting system is established to ensure the monitoring and tracking of adverse reactions after new drugs are launched to avoid serious adverse drug reactions. The risk management methods are conducted to reduce or avoid medication risks. The Company pays attention to and monitors possible adverse reactions caused by drugs, provides relevant drug information, and informs possible risks and possible adverse reactions in great detail during the medication process.
(4) Operation (Drug Inventory Risk Management)
Our product is a pancreatic cancer drug. The focus of inventory risk management is to control the inventory cost, expiration date and avoid short supply. To control related inventory risks, we formulate a reasonable mechanism for safety stock, early warning, and inventory information circulation among different departments, and to ensure drug supply, inventory stability, and notification, the management methods for notification of drug supply shortages. By implementing drug inventory risk management and control to ensure the effective operation and management of drug procurement, drug safety stock and drug supply shortage notification. In addition, in response to the impact of COVID-19, we coordinated with suppliers to increase the flexibility of the supply schedule. We also appropriately and timely increase the safety stock level, and uses the inventory buffer, adjust and balance the inventory to ensure supply of medicines to domestic medical institutions normally during the product supply fluctuation.
(5) Cyber Security
To implement the Company’s cyber security policy and build a continuously improving secure cyber environment to ensure the cyber security management system is effective, the Company adopted the ISO27001 Information Security measures in 2022 and obtained the certificate in January 2023. Moreover, we completed the annual audit based on the updated version of IS027001:2022 (Information security, cybersecurity and privacy protection — Information security management systems).
(6) Corporate Governance
The Company established important internal policies and mechanisms such as “Corporate Governance Best Practice Principles”, “Codes of Ethical Conduct”, and “Insider Trading Prevention and Management Measures” with methodical implementation.
(7) Finance and Taxation
1. Finance: The finance personnel communicates closely with the bank to regularly monitor the Company's capital, interest rates, and foreign exchange rate trends.
2. Taxation: The accounting personnel communicates closely with the accountant to regularly monitor the international taxation trends to reduce tax-related risks.
(8) Human Resources
The Company deeply values humanized method of management and provides full respect and care to employees including group insurance, regular health check up , on-the-job training and other benefits. The Company implements these benefits and strengthens dynamic employee care to provide a quality work environment.
(9) Business Management
The Company entrusts professional stock affairs agencies for all stock-related matters and established the spokesperson system, investor relations personnel, and company website to build and strengthen communication channels with external stakeholders and the Company public image.
(10) Others
Each department evaluates their specific risk management duties and measures.
The management for research and development risks in PharmaEngine includes the evaluation and introduction for new projects, project management execution, quality management, process development control, pharmacology and toxicology research management, clinical research management, regulatory inspection and registration management, project outcome management, promotion of new product outcomes, and document maintenance and preservation operation.
(2) Climate change, accident, disaster, political and social risk management
Systemic risks normally significantly affect company operations and require a special taskforce. For example, in response to the global spread of the new coronavirus (COVID-19), the President & CEO of the Company called each department head to set up an epidemic prevention group to discuss the risk environment, risk management priorities, risk assessment, response measures and operational conditions we faced, and to formulate guidance on emergency response operations and related control measures for the COVID-19 Pandemic.
(3) Regulation compliance risk management
1. Protect subjects in clinical trials to ensure their rights, safety, and wellbeing
The Company conducts clinical trials in accordance with the "Guidelines for Good Clinical Practice (GCP)" of ICH and upholds the ethical principles of medical research in the Declaration of Helsinki to ensure the rights, safety and well-being of subjects. Each participant in the human clinical trials will be fully informed and protected. In addition, the Company provides relevant insurance for the clinical trials. If there is any physical harm due to participation in the trial, there will be clinical trial insurance to compensate the subject for damage.
2. Quality policy
The Company upholds the spirit of innovation, manages new drug research and development projects, adheres to quality and focuses on total quality management. The Company also complies with GMP, GDP, GLP, GCP and international regulations, and achieves new drug development research that meets the goals of safety, effectiveness, and consistent quality to enhance the development level of new drugs, promote the development of medicine and continuously improve the quality of medicines.
3. Notification for adverse drug reaction in clinical trials
For the Company's clinical trials, if there is any serious adverse reactions caused to the subjects due to the drugs, regardless of the location in Taiwan or other regions, the Company will notify Ministry of Health and Welfare or Taiwan National Adverse Drug Reaction Reporting System of Taiwan Drug Relief Foundation in accordance with the regulations.
4. Drug safety monitoring management
The Company's post-market risk management of drugs is targeted at drug safety, and a drug safety reporting system is established to ensure the monitoring and tracking of adverse reactions after new drugs are launched to avoid serious adverse drug reactions. The risk management methods are conducted to reduce or avoid medication risks. The Company pays attention to and monitors possible adverse reactions caused by drugs, provides relevant drug information, and informs possible risks and possible adverse reactions in great detail during the medication process.
(4) Operation (Drug Inventory Risk Management)
Our product is a pancreatic cancer drug. The focus of inventory risk management is to control the inventory cost, expiration date and avoid short supply. To control related inventory risks, we formulate a reasonable mechanism for safety stock, early warning, and inventory information circulation among different departments, and to ensure drug supply, inventory stability, and notification, the management methods for notification of drug supply shortages. By implementing drug inventory risk management and control to ensure the effective operation and management of drug procurement, drug safety stock and drug supply shortage notification. In addition, in response to the impact of COVID-19, we coordinated with suppliers to increase the flexibility of the supply schedule. We also appropriately and timely increase the safety stock level, and uses the inventory buffer, adjust and balance the inventory to ensure supply of medicines to domestic medical institutions normally during the product supply fluctuation.
(5) Cyber Security
To implement the Company’s cyber security policy and build a continuously improving secure cyber environment to ensure the cyber security management system is effective, the Company adopted the ISO27001 Information Security measures in 2022 and obtained the certificate in January 2023. Moreover, we completed the annual audit based on the updated version of IS027001:2022 (Information security, cybersecurity and privacy protection — Information security management systems).
(6) Corporate Governance
The Company established important internal policies and mechanisms such as “Corporate Governance Best Practice Principles”, “Codes of Ethical Conduct”, and “Insider Trading Prevention and Management Measures” with methodical implementation.
(7) Finance and Taxation
1. Finance: The finance personnel communicates closely with the bank to regularly monitor the Company's capital, interest rates, and foreign exchange rate trends.
2. Taxation: The accounting personnel communicates closely with the accountant to regularly monitor the international taxation trends to reduce tax-related risks.
(8) Human Resources
The Company deeply values humanized method of management and provides full respect and care to employees including group insurance, regular health check up , on-the-job training and other benefits. The Company implements these benefits and strengthens dynamic employee care to provide a quality work environment.
(9) Business Management
The Company entrusts professional stock affairs agencies for all stock-related matters and established the spokesperson system, investor relations personnel, and company website to build and strengthen communication channels with external stakeholders and the Company public image.
(10) Others
Each department evaluates their specific risk management duties and measures.
4. Implementation Results
(1) The result of risk management policy and procedure, scope, organization structure, and implementation for 2024 (including cyber security risk management) were reported to the board of directors on October 31, 2024.
(2) In 2023, in addition to the regular risk management implementations, we have continued to conduct flu prevention vaccination, cyber security, regulation compliance, and other risk management projects. We completed the annual audit for our ISO27001 certificate based on the updated version of ISO27001:2022 Information security, cybersecurity and privacy protection — Information security management systems, updates including threat intelligence, information security for use of cloud services, ECT readiness for business continuity, configuration management, information deletion, data masking, data leakage prevention, monitoring activities, and web filtering.
(3) In 2024, the Company did not encounter any incident with major risks.
(2) In 2023, in addition to the regular risk management implementations, we have continued to conduct flu prevention vaccination, cyber security, regulation compliance, and other risk management projects. We completed the annual audit for our ISO27001 certificate based on the updated version of ISO27001:2022 Information security, cybersecurity and privacy protection — Information security management systems, updates including threat intelligence, information security for use of cloud services, ECT readiness for business continuity, configuration management, information deletion, data masking, data leakage prevention, monitoring activities, and web filtering.
(3) In 2024, the Company did not encounter any incident with major risks.
Risk Management Documents