Doing business inherently involves taking risks, and by taking measured risks we strive to be a sustainable company. Risk management is a key strategic process and an essential element of our corporate governance.
We foster a high awareness of business risks and internal control, geared to safeguarding our risk appetite and providing transparency in our operations. The Board of Management is responsible for managing the risks associated with our activities and, hence, for the establishment and adequate functioning of appropriate risk management and control systems ().
AkzoNobel risk management framework
Through our risk management framework, shown on the right, we want to provide reasonable assurance that our business objectives can be achieved and our obligations to customers, shareholders, employees and society can be met. Our risk management framework is in line with the Enterprise Risk Management – Integrated Framework of COSO and the Dutch Corporate Governance Code. The Board of Management reviews our risk management and control systems and our major business risks, which are also discussed by the Supervisory Board.
Risk management in 2009
Scoping of our 2009 risk management activities was performed by the Board of Management, business unit Managing Directors and Corporate Directors, in association with the risk management function. The emphasis has been on completing the integration of the former ICI into the AkzoNobel risk management framework. In addition, we improved guidance on risk appetite and enhanced the use of risk knowledge for trend reporting.
During 2009, we held more than 100 facilitated Enterprise Risk Management workshops, while a large number of self-assessments were carried out with business and corporate management and with project teams. The Enterprise Risk Management process provides top-down coverage of the organization and ensures that we focus on what we consider to be the areas of major risk exposure. More than 5,000 risk scenarios were identified and prioritized by the responsible managers, their management teams and functional experts. All major risks were responded to by the unit that identified them. The outcome of all risk assessments was reported to the next higher management level as part of our Business Planning and Review cycle. Risk profiles were shared by managers across the company. In the bottom-up consolidation process, approximately 20 percent of the risks were taken to the next management level, where they were re-assessed, either because of the materiality of the risk exposure and/or because of the accumulated effect. The major risk factors for our company, resulting from risk consolidation and the subsequent risk assessment by the Board of Management, are presented on the following pages.
The risks related to adaptation to economic conditions, operations in international environment and access to funding became more apparent during the course of 2009.