Our six ESG focus areas
ESG is embedded in our strategy and supports our sustainable performance and long-term growth. It helps us build trust with and deliver returns to our stakeholders, reduce risk to our operations and deliver positive social impact.
We have six ESG focus areas addressing what is most material to our business and the issues that matter the most to our stakeholders.
ESG investor education events
Our ESG Performance Rating
Our ESG Performance Rating helps us integrate ESG into the delivery of our strategy and allows us to measure and verify the progress we are making. The rating is one of our corporate KPIs and measures progress against key metrics aligned to each of our six focus areas. In 2023, this included 22 metrics, which are summarised in our ESG Performance Report.
The GSK Leadership Team (GLT) is accountable for delivering progress against the metrics and regularly reviews performance along with the Board’s Corporate Responsibility Committee (CRC). Each individual metric is assessed as either: on track (metric met or exceeded); on track with work to do (at least 80% of metric has been achieved); or off track (metric missed by more than 20%).
In addition, in order to calculate the overall ESG Performance Rating, performance across all metrics is aggregated to a single score to illustrate whether we are on track, on track with work to do, or off track.
Our 2023 ESG Performance Rating is on track, based on 95% of all performance metrics being met or exceeded.
External ESG ratings
We have maintained our acknowledged leadership in ESG, and this continues to be a key driver in our goal to deliver health impact and shareholder returns. Detailed below is how we perform in key ESG ratings that we are frequently asked about by investors.
| External benchmarking | Current rating |
Previous rating |
Comments |
|---|---|---|---|
| S&P Global's Corporate Sustainability Assessment | 78 | 80 | Current score updated September 2024 |
| Access to Medicines Index | 4.06 | 4.23 | Led the bi-annual index since its inception in 2008; Updated bi-annually, current results from Nov 2022 |
| Antimicrobial Resistance Benchmark | 84% | 86% | Led the bi-annual benchmark since its inception in 2018; Current ranking updated Nov 2021 |
| CDP Climate change | A- | A- | Updated annually, current score updated Feb 2024 |
| CDP Water security | A- | B | Updated annually, current score updated Feb 2024 |
| CDP Forests (palm oil) | B | A- | Updated annually, current score updated Feb 2024 |
| CDP Forests (timber) | B | B | Updated annually, current score updated Feb 2024 |
| CDP Supplier engagement rating | Leader | Leader | Updated annually, current score updated March 2023 |
| Sustainalytics | 15.4 | 16.7 | 2nd percentile in pharma subindustry group; lower score represents lower risk. Current ranking updated May 2024 |
| MSCI | AA | AA | Last rating action date: September 2023 |
| Moody's ESG solutions | 62 | 61 | Current score updated August 2023 |
| ISS Corporate Rating | B+ | B+ | Current score updated October 2024 |
| FTSE4Good | Member | Member | Member since 2004, latest review in June 2024 |
| ShareAction’s Workforce Disclosure Initiative | 79% | 77% | Current score updated Jan 2024 |
Updated October 2024
Governance
We are committed to operating at the highest standards of corporate governance. We believe our governance structure underpins our ability to deliver the Group's strategy to create long-term value and benefit for our shareholders and stakeholders.
Further information on how GSK is governed, including details on our Board and Management Committees, global compliance function and our codes and standards can be found in our company governance section.
Risk management
Our risk management and internal control framework
Our risk management and internal control framework is well embedded and provides the ability for the Board to evaluate and oversee how the company manages principal and emerging risks in line with our strategy and long-term priorities. This framework is aligned to industry standards and legal and regulatory requirements. Our company-wide policy sets out the requirements, roles and responsibilities for the management and governance of risks, controls and supporting guidance on the essential elements of our internal control framework. Our Code sets out the overarching expectations for our employees and complementary workers. We aim to do the right thing with integrity and care as part of our culture. Our risk management and internal control framework incorporates our culture and our Speak Up processes, enabling us to identify and mitigate risks effectively. We monitor our most important risks and take action to address issues. We embed business continuity planning into our framework so we can continue operations in the event of a crisis. We routinely evaluate our framework for improvements.
Our Risk Management and Internal Control Policy can be found in Codes and standards.
Board oversight
The Board oversees our system of risk management and internal control and establishes our risk appetite, supported by the Audit & Risk Committee (ARC). The Corporate Responsibility Committee (CRC) and Science Committee further assess the effectiveness of risk management strategies pertinent to their defined remits. Further information on the Board, its committees’ and their responsibilities can be found in our company governance section.
Our Risk Oversight & Compliance Council (ROCC) supports the ARC and CRC to oversee the risks, and the strategies used to address them. Risk management and compliance boards across the Group promote the ‘tone from the top’, establish our risk culture and oversee the effectiveness of risk management activities, while also communicating information about internal controls.
Management is accountable for delivering on its objectives in line with its established risk appetite. The Disclosure Committee has the responsibility for considering the materiality of information and determining the disclosure of this information in a timely way. An Enterprise Risk Owner is responsible for each principal risk, with oversight by a GLT member. Risk owners report risk and mitigation to ROCC and the appropriate Board committee each quarter. Legal and Compliance support these efforts by advising on our business strategies, activities, risks and controls. Audit & Assurance provides assessments of the adequacy and effectiveness of our framework.
Considering the likelihood, impact and timescale of risks
Our enterprise risk assessment methodology is the mechanism by which we assess all risk. Our risk assessment methodology considers the likelihood and impact of risks, and the timescale over which a risk could occur based on the most probable scenario and considering our existing internal controls. Our impact assessments include financial and nonfinancial considerations. We consider both current and emerging risks that could affect our ability to achieve our long-term priorities over the three-year horizon, in line with our viability statement. We also define risks in this way if we need to know more about how likely they are to materialise, or what impact they’d have if they did. We evaluate if additional investigation is required before classifying them as principal risks.
Risk management and compliance boards at all levels of the organisation identify emerging risks on an ongoing basis, and ROCC discusses emerging risks at each meeting. We also scan the risk horizon throughout the year to identify external trends that may be opportunities and/or emerging risks and monitor our business activities and internal environment for new, emerging and changing risks.
ROCC conducts an annual risk review to assess principal and emerging risks for the company. This review is supported by extensive analysis of external trends and insights, senior level interviews and recommendations from risk management and compliance boards and risk owners. ROCC shares this annual review with the ARC and Board for assessment and this forms the basis for the following year’s risk management focus.
2023 principal risks summary
We outline below the principal risks and uncertainties relevant to GSK’s business, financial condition and operations that may affect our performance and ability to achieve our objectives. These are the risks that we believe could cause our actual results to differ materially from expected and historical results. These are not listed in order of significance. Operating in the pharmaceutical sector carries various inherent risks and uncertainties that may affect our business.
The risk that GSK, including our third parties, fails to appropriately collect, assess, follow up, or report human safety information, including adverse events, from all potential sources or that GSK potentially fails to appropriately act on any relevant findings that may affect the benefit-risk profile of a medicine or vaccine in a timely manner.
- Product governance
- Our approach to clinical trials
- Cloning and stem cell technologies
- Public disclosure of clinical research
- The care, welfare and treatment of animals
- Pharmacovigilance
- Falsified and substandard healthcare products
- Third party oversight programme - working with third parties
- Anti-bribery and corruption policy
- The Code and Code Hub
The risk that GSK or our third parties potentially fail to ensure appropriate controls and governance of quality for development and commercial products are in place; compliance with industry practices and regulations in manufacturing and distribution activities; and terms of GSK product licenses and supporting regulatory activities are met.
The risk that GSK fails to comply with current tax laws; fails to report accurate financial information in compliance with accounting standards and applicable legislation; or incurs significant losses due to treasury activities.
The risk that GSK or our third parties potentially fail to comply with certain legal requirements for the development, supply and commercialisation of our products and operation of business, and specifically in relation to requirements for competition law, anti-bribery and corruption, and sanctions. Any failure to meet compliance and legal standards for these particular areas could lead to increasing scrutiny and enforcement from government agencies.
The risk that GSK or our third parties potentially engage in commercial activities that fail to comply with laws, regulations, industry codes, and internal controls and requirements.
The risk that GSK or our third parties potentially fail to engage externally to gain insights, educate and communicate on the science of our medicines and associated disease areas, and provide grants and donations in a legitimate and transparent manner compliant with laws, regulations, industry codes and internal controls and requirements.
The risk that GSK or our third parties potentially fail to ethically collect; use; re-use through artificial intelligence, data analytics or automation; secure; share and destroy personal information in accordance with laws, regulations, and internal controls and requirements.
The risk that GSK or our third parties potentially fail to adequately conduct ethical and credible pre-clinical and clinical research, collaborate in research activities compliant with laws, regulations, and internal controls and requirements.
- Our approach to clinical trials
- Cloning and stem cell technologies
- Public disclosure of clinical research
- The care, welfare and treatment of animals
- Use of animals
- Pharmacovigilance
- Third party oversight programme - working with third parties
- Anti-bribery and corruption policy
- Engaging with HCPs
- The Code and Code Hub
The risk that GSK or our third parties potentially fail to ensure appropriate controls and governance of the organization's assets, facilities, infrastructure, and business activities, including execution of hazardous activities, handling of hazardous materials, or release of substances harmful to the environment that disrupts supply or harms employees, third parties or the environment.
- Third party oversight programme - working with third parties
- Hazardous chemicals management
- Genetically modified micro-organisms and EHS
- Nanotechnology
- Pharmaceuticals in the environment
- Environmental sustainability
- Environment, Health and Safety
- The Code and Code Hub
- Environment
The risk that GSK or our third parties potentially fail to ensure appropriate controls and governance to identify, protect, detect, respond, and recover from cyber incidents through unauthorised access, disclosure, theft, unavailability or corruption of GSK's information, key systems, or technology infrastructure in accordance with applicable laws, regulations, industry standards, internal controls and requirements.
The risk that GSK or our third parties potentially fail to deliver a continuous supply of compliant finished product or respond effectively to a crisis incident in a timely manner to recover and sustain critical supply operations.
Find more information in the sections on Risk management (page 56) and Principal risks and uncertainties (page 284) in our Annual Report. You can also explore our Code and all our policies:
