Risk assessment

We are committed to complying with national and international laws and regulations that apply to our operations. Our legal and regulatory experts and our compliance managers monitor legal developments and advise our businesses and functions how their operations can remain compliant. We assess compliance risks through several processes, including Enterprise Risk Management (see Risk management), the Non-Financial Letter of Representation (NFLoR), the internal control self-assessment (see Internal controlsImplementation in 2016), internal audits and our SpeakUp! grievance mechanism.

In 2016, we introduced a system which helps us assess the compliance risks associated with engaging new business partners. We also studied data relating to existing suppliers to establish compliance risks, particularly those relating to respect for human rights. This information was used as input for our human rights program, see Note 16 of the Sustainability statements.

Annually, deficiencies, risks and weaknesses in the compliance framework in every business and function are discussed in the NFLoR review meetings between the business or functional leader and the responsible Executive Committee member, Director of Compliance and Legal Counsel. The outcomes of those meetings are reviewed by the CEO and the General Counsel and reported to the Board of Management, the Executive Committee, the Audit Committee and the external auditor.

During 2016, the main inherent compliance risks identified were related to competition law, export control, business partner compliance and data security. While controls are in place to mitigate these risks, further actions were defined and initiated.