Risk assessment

We assess compliance risks through several processes, including Enterprise Risk Management, Internal Control Self-Assessment, Non-financial letter of representation (NFLoR) and Internal Audit.

Annually, compliance risks and possible weaknesses in the compliance and control framework in every business and function are identified and discussed in the NFLoR review meeting between the business or functional leader and the responsible Executive Committee member, Director of Compliance and Legal Counsel. The outcomes of those meetings is reviewed by the CEO and the General Counsel and reported to the Executive Committee, the Audit Committee of the Supervisory Board and the External Auditor.

The outcome of these risk assessments helps to identify additional risk mitigation actions, improvement actions and strategic compliance focus areas. Based on the risk assessments over 2015 and external trends, the strategic compliance focus areas are: competition law, export control, anti-bribery, fraud, data protection, human rights and our Life-Saving Rules. These focus areas feed into the Compliance Framework and the annual plan of the Compliance function reporting to the General Counsel, and helps to ensure that the compliance activities remain risk-based and meet the needs of our operations.