Doing business inherently involves taking risks, and by taking measured risks we strive to be a sustainable company. Risk management is an essential element of our corporate governance and strategy development.
We foster a high awareness of business risks and internal control, geared to safeguarding our risk appetite and providing transparency in our operations. The Executive Committee is responsible for managing the risks associated with our activities and, hence, for the establishment and adequate functioning of appropriate risk management and control systems (see in the Our leadership section).
AkzoNobel risk management framework
Through our risk management framework, we seek to provide reasonable assurance that our business objectives can be achieved and our obligations to customers, shareholders, employees and society can be met. Our risk management framework is in line with the Enterprise Risk Management – Integrated Framework of COSO and the Dutch Corporate Governance Code. The Executive Committee reviews our risk management and control systems and our major business risks, which are subsequently reviewed by the Supervisory Board.
Clarity on risk appetite and boundaries that determine the freedom of action or choice in terms of risk taking and risk acceptance is provided to all managers. Risk boundaries are set by our strategy, our Company Statement, Code of Conduct, company values, authority schedules, policies and corporate directives. Our risk appetite differs by objective area and type of risk:
Risk management in 2012
Enterprise Risk Management is a bottom-up process which provides full coverage of the organization and ensures that we focus on what we consider to be the areas of major risk exposure. Therefore, scoping of our 2012 risk management activities was performed by the Executive Committee, business unit Managing Directors and Corporate Directors, in association with the risk management function. Besides the focus on coverage of our organization, emphasis is put on organizational changes, key strategic projects and high growth regions.
During 2012, we held more than 100 facilitated Enterprise Risk Management workshops. More than 4,000 risk scenarios were identified and prioritized by management teams and functional experts. In addition, in selected areas with low risk tolerance, dedicated risk assessments were performed to safeguard our risk appetite. All major risks were responded to by the unit that identified them. The outcome of all risk assessments was reported to the next higher management level as part of our Business Planning & Review cycle. Risk profiles and trends were shared by managers across the company. In the bottom-up consolidation process, the risks were taken to the next management level, where they were re-assessed, either because of the materiality of the risk exposure and/or because of the accumulated effect.
The major risk factors for our company, identified through risk consolidation and the subsequent risk assessment by the Executive Committee, are presented in the following pages. An unexpected event in 2012 was the absence of our CEO due to illness and the consequential delay of the strategic update. Furthermore, we were faced with continued deterioration of market conditions, especially in Europe.