Risk Management Policy and Procedure
The "Risk Management Measures" was duly approved at the Board meeting of PharmaEngine dated August 13, 2014. We also published the "New Drug Research and Development Risk Management Strategy" on our official website as the highest guiding principle of our risk management. We shall conduct risk factor identification periodically to identify relevant risks that potentially affect sustainable business development, identify the scope of risk management, and monitor potential risks and implement precaution measures in accordance with the development and guidance requirement of the latest internal audit, to strengthen risk management.
Each department shall conduct risk assessment and implement relevant risk management based on all kinds of actual and potential risk situations. The management team shall report on the implementation of our business strategy and risk control at least once a year in board meetings. The Board of Directors will examine, discuss and supervise the implementation of business strategy and the implementation of risk control of the managing department during the quarterly meetings.
The Board of Directors shall periodically review the overall external economic environment at least once a year, identify the risks to assess their impact on medium and long-term operations and strategies, implement risk management procedures and other mechanisms, and control each risk arising from business activities within an acceptable range.
Each department shall conduct risk assessment and implement relevant risk management based on all kinds of actual and potential risk situations. The management team shall report on the implementation of our business strategy and risk control at least once a year in board meetings. The Board of Directors will examine, discuss and supervise the implementation of business strategy and the implementation of risk control of the managing department during the quarterly meetings.
The Board of Directors shall periodically review the overall external economic environment at least once a year, identify the risks to assess their impact on medium and long-term operations and strategies, implement risk management procedures and other mechanisms, and control each risk arising from business activities within an acceptable range.
Risk Management Scope
We promise to integrate and manage all strategies, operations, finances, hazards and other potential risks that may affect operations and profits in a proactive and cost-effective way through risk management and to take corresponding risk management strategy based on risk levels. Our risk management includes management of "new drug development risk", "climate change risk", "regulation compliance risk", "commercial risk", "cyber security risk", "corporate governance risk", "financial/tax risk", "human resources risk", "operational risk", and "political/societal risk".
Risk Management Framework
PharmanEngine's risk management framework and risk management responsibilities by department as follow:
| Department | Risk Management Responsibility |
| President & CEO Office | Responsible for leading PharmaEngine's operating and business directions, through internal control and budget system planning with business performance audit, while participate in R&D planning and consultation. Its risk management responsibilities are mainly business decision-making risk, IP risk and product quality risk. |
| Audit Office | In charge of the internal auditing process of PharmaEngine. Its risk management responsibilities are mainly internal control and internal audit related risk. |
| Research & Development | Responsible for the relevancy of preclinical trials, the evaluation of the new project and manufacturing, also the project's overall planning and execution controlling. Its risk management responsibilities are mainly for preclinical animal pharmacology, toxicology and pharmacokinetics test related research, external R&D resources management, project planning and execution related risk management, and risk management of new drug R&D, manufacturing, and analysis. |
| Clinical & Regulatory Affairs | Clinical Development: Responsible for planning and implementing of clinical trials, includes trial proposal preparation and submission, the selection of test center and the host, the selection of CRO, trials followed by ICH-GCP guidance, progress reports, test drug adverse reaction reports, statistical analysis reports and test reports, etc. Regulatory Affairs: Assist new project assessment and submission regarding regulation requirements, responsible for product inspection and registration, and establish a good relationship with pharmacological organizations. Its risk management responsibilities are mainly the clinical trials, medical and pharmaceutical regulation compliance, product inspection, and registration risk management of R&D projects. |
| Marketing & Sales | Responsible for product marketing strategy and rollout. Its risk management responsibilities are mainly product supply, inventory management, product-related marketing or sales and account-related risk assessment management. |
| Finance & Administration | Responsible for the financial, accounting, administrative, general procurement, and computer systems and cyber security related issues. Its risk management responsibilities are mainly related to the management of financial matters, response strategy implementation, operations, and cyber security evaluation. |
| Corporate Development | Responsible for the planning and recommendation of company operation and development, the evaluation and introduction of the project, the planning and implementation of the external and foreign investment cases and maintaining relationship with investors. Its risk management responsibilities mainly include the risk assessment of competitors in the development of new drugs, the risk assessment of newly introduced projects, and the risk assessment and management of sales markets after product launch. |
Risk Evaluation
| Major Themes | Risk Evaluation Items | Risk Management Policy and Strategy |
| Environment |
|
|
| Social |
|
|
| Governance |
|
|
Implementation
1. Implementation of risk management policy and risk assessment standard
(1) New drug research and development risk management
The management for research and development risks in PharmaEngine includes the evaluation and introduction for new projects, project management execution, quality management, process development control, pharmacology and toxicology research management, clinical research management, regulatory inspection and registration management, project outcome management, promotion of new product outcomes, and document maintenance and preservation operation.
(2) Climate change, accident, disaster, political and social risk management
Systemic risks normally significantly affect company operations and require a special taskforce. For example, in response to the global spread of the new coronavirus (COVID-19), the President & CEO of the Company called each department head to set up an epidemic prevention group to discuss the risk environment, risk management priorities, risk assessment, response measures and operational conditions we faced, and to formulate guidance on emergency response operations and related control measures for the COVID-19 Pandemic.
(3) Regulation compliance risk management
1. Protect subjects in clinical trials to ensure their rights, safety, and wellbeing
The Company conducts clinical trials in accordance with the "Guidelines for Good Clinical Practice (GCP)" of ICH and upholds the ethical principles of medical research in the Declaration of Helsinki to ensure the rights, safety and well-being of subjects. Each participant in the human clinical trials will be fully informed and protected. In addition, the Company provides relevant insurance for the clinical trials. If there is any physical harm due to participation in the trial, there will be clinical trial insurance to compensate the subject for damage.
2. Quality policy
The Company upholds the spirit of innovation, manages new drug research and development projects, adheres to quality and focuses on total quality management. The Company also complies with GMP, GDP, GLP, GCP and international regulations, and achieves new drug development research that meets the goals of safety, effectiveness, and consistent quality to enhance the development level of new drugs, promote the development of medicine and continuously improve the quality of medicines.
3. Notification for adverse drug reaction in clinical trials
For the Company's clinical trials, if there is any serious adverse reactions caused to the subjects due to the drugs, regardless of the location in Taiwan or other regions, the Company will notify Ministry of Health and Welfare or Taiwan National Adverse Drug Reaction Reporting System of Taiwan Drug Relief Foundation in accordance with the regulations.
4. Drug safety monitoring management
The Company's post-market risk management of drugs is targeted at drug safety, and a drug safety reporting system is established to ensure the monitoring and tracking of adverse reactions after new drugs are launched to avoid serious adverse drug reactions. The risk management methods are conducted to reduce or avoid medication risks. The Company pays attention to and monitors possible adverse reactions caused by drugs, provides relevant drug information, and informs possible risks and possible adverse reactions in great detail during the medication process.
(4) Operation (Drug Inventory Risk Management)
Our product is a pancreatic cancer drug. The focus of inventory risk management is to control the inventory cost, expiration date and avoid short supply. To control related inventory risks, we formulate a reasonable mechanism for safety stock, early warning, and inventory information circulation among different departments, and to ensure drug supply, inventory stability, and notification, the management methods for notification of drug supply shortages. By implementing drug inventory risk management and control to ensure the effective operation and management of drug procurement, drug safety stock and drug supply shortage notification. In addition, in response to the impact of COVID-19, we coordinated with suppliers to increase the flexibility of the supply schedule. We also appropriately increased the safety stock level, and uses the inventory buffer, adjust and balance the inventory to ensure supply of medicines to domestic medical institutions normally during the product supply fluctuation.
(5) Cyber Security
To implement the Company’s cyber security policy and build a continuously improving secure cyber environment to ensure the cyber security management system is effective, the Company adopted the ISO27001 Information Security measures in 2022 and obtained the certificate in January 2023.
(6) Corporate Governance
The Company established important internal policies and mechanisms such as “Corporate Governance Best Practice Principles”, “Codes of Ethical Conduct”, and “Insider Trading Prevention and Management Measures” with methodical implementation.
(7) Finance and Taxation
1. Finance: The finance personnel communicates closely with the bank to regularly monitor the Company's capital, interest rates, and foreign exchange rate trends.
2. Taxation: The accounting personnel communicates closely with the accountant to regularly monitor the international taxation trends to reduce tax-related risks.
(8) Human Resources
The Company deeply values humanized method of management and provides full respect and care to employees including group insurance, regular health check up , on-the-job training and other benefits. The Company implements these benefits and strengthens dynamic employee care to provide a quality work environment.
(9) Business Management
The Company entrusts professional stock affairs agencies for all stock-related matters and established the spokesperson system, investor relations personnel, and company website to build and strengthen communication channels with external stakeholders and the Company public image.
(10) Others
Each department evaluates their specific risk management duties and measures.
The management for research and development risks in PharmaEngine includes the evaluation and introduction for new projects, project management execution, quality management, process development control, pharmacology and toxicology research management, clinical research management, regulatory inspection and registration management, project outcome management, promotion of new product outcomes, and document maintenance and preservation operation.
(2) Climate change, accident, disaster, political and social risk management
Systemic risks normally significantly affect company operations and require a special taskforce. For example, in response to the global spread of the new coronavirus (COVID-19), the President & CEO of the Company called each department head to set up an epidemic prevention group to discuss the risk environment, risk management priorities, risk assessment, response measures and operational conditions we faced, and to formulate guidance on emergency response operations and related control measures for the COVID-19 Pandemic.
(3) Regulation compliance risk management
1. Protect subjects in clinical trials to ensure their rights, safety, and wellbeing
The Company conducts clinical trials in accordance with the "Guidelines for Good Clinical Practice (GCP)" of ICH and upholds the ethical principles of medical research in the Declaration of Helsinki to ensure the rights, safety and well-being of subjects. Each participant in the human clinical trials will be fully informed and protected. In addition, the Company provides relevant insurance for the clinical trials. If there is any physical harm due to participation in the trial, there will be clinical trial insurance to compensate the subject for damage.
2. Quality policy
The Company upholds the spirit of innovation, manages new drug research and development projects, adheres to quality and focuses on total quality management. The Company also complies with GMP, GDP, GLP, GCP and international regulations, and achieves new drug development research that meets the goals of safety, effectiveness, and consistent quality to enhance the development level of new drugs, promote the development of medicine and continuously improve the quality of medicines.
3. Notification for adverse drug reaction in clinical trials
For the Company's clinical trials, if there is any serious adverse reactions caused to the subjects due to the drugs, regardless of the location in Taiwan or other regions, the Company will notify Ministry of Health and Welfare or Taiwan National Adverse Drug Reaction Reporting System of Taiwan Drug Relief Foundation in accordance with the regulations.
4. Drug safety monitoring management
The Company's post-market risk management of drugs is targeted at drug safety, and a drug safety reporting system is established to ensure the monitoring and tracking of adverse reactions after new drugs are launched to avoid serious adverse drug reactions. The risk management methods are conducted to reduce or avoid medication risks. The Company pays attention to and monitors possible adverse reactions caused by drugs, provides relevant drug information, and informs possible risks and possible adverse reactions in great detail during the medication process.
(4) Operation (Drug Inventory Risk Management)
Our product is a pancreatic cancer drug. The focus of inventory risk management is to control the inventory cost, expiration date and avoid short supply. To control related inventory risks, we formulate a reasonable mechanism for safety stock, early warning, and inventory information circulation among different departments, and to ensure drug supply, inventory stability, and notification, the management methods for notification of drug supply shortages. By implementing drug inventory risk management and control to ensure the effective operation and management of drug procurement, drug safety stock and drug supply shortage notification. In addition, in response to the impact of COVID-19, we coordinated with suppliers to increase the flexibility of the supply schedule. We also appropriately increased the safety stock level, and uses the inventory buffer, adjust and balance the inventory to ensure supply of medicines to domestic medical institutions normally during the product supply fluctuation.
(5) Cyber Security
To implement the Company’s cyber security policy and build a continuously improving secure cyber environment to ensure the cyber security management system is effective, the Company adopted the ISO27001 Information Security measures in 2022 and obtained the certificate in January 2023.
(6) Corporate Governance
The Company established important internal policies and mechanisms such as “Corporate Governance Best Practice Principles”, “Codes of Ethical Conduct”, and “Insider Trading Prevention and Management Measures” with methodical implementation.
(7) Finance and Taxation
1. Finance: The finance personnel communicates closely with the bank to regularly monitor the Company's capital, interest rates, and foreign exchange rate trends.
2. Taxation: The accounting personnel communicates closely with the accountant to regularly monitor the international taxation trends to reduce tax-related risks.
(8) Human Resources
The Company deeply values humanized method of management and provides full respect and care to employees including group insurance, regular health check up , on-the-job training and other benefits. The Company implements these benefits and strengthens dynamic employee care to provide a quality work environment.
(9) Business Management
The Company entrusts professional stock affairs agencies for all stock-related matters and established the spokesperson system, investor relations personnel, and company website to build and strengthen communication channels with external stakeholders and the Company public image.
(10) Others
Each department evaluates their specific risk management duties and measures.
4. Implementation Results
(1) The result of risk management policy and procedure, scope, organization structure, and implementation for 2023 (including cyber security risk management) were reported to the board of directors on October 31, 2023.
(2) In 2023, in addition to the regular risk management implementations, we have continued to conduct flu prevention vaccination, cyber security, regulation compliance, and other risk management projects. We completed the annual audit for our ISO/IEC ISO27001:2013 Information Security certificate in December 2023.
(2) In 2023, in addition to the regular risk management implementations, we have continued to conduct flu prevention vaccination, cyber security, regulation compliance, and other risk management projects. We completed the annual audit for our ISO/IEC ISO27001:2013 Information Security certificate in December 2023.
Risk Management Documents