Risk identification and prioritization
We identify risks through monitoring legal developments, SpeakUp! grievance investigations, classroom training, internal control self-assessments, supplier self-assessments, internal audits, business partner audits and due diligence in our value chain. Identified risks are assessed through several processes, including Enterprise Risk Management (see Risk management) and Compliance Risk Review. The latter is part of the annual Non-Financial Letter of Representation (NFLoR) process, which results in a review meeting between the business or functional leader, the Compliance Director, Legal Director and the responsible Executive Committee member, where potential compliance deficiencies, risks and improvement opportunities are reviewed.
In 2017, we enhanced the use of the Ecovadis self-assessment to identify compliance risks at key suppliers and performed due diligence into several supply chains to assess human rights risks (see Note 10 of the Sustainability statements).
Due to its large product portfolio, international commerce with numerous trade partners and contact with authorities, the company’s top three inherent compliance risks are in the fields of competition law, export control and anti-bribery. Important inherent compliance risks also exist in the fields of fraud, human rights and protection of data. Programs are in place to mitigate each of these risks.