Doing business inherently involves taking risks. By taking balanced risks we strive to be a sustainable company. Risk management is an essential element of our corporate governance and strategy development.
We continuously strive to foster a high awareness of business risks and internal control, geared towards preserving our risk appetite and providing transparency in our operations. The Executive Committee is responsible for managing the risks associated with our activities and, in turn, for the establishment and adequate functioning of appropriate risk management and control systems (see Statement of the Board of Management in the Leadership section).
Our risk management framework
Through our risk management framework, we seek to provide reasonable assurance that our business objectives can be achieved and our obligations to customers, shareholders, employees and society can be met. Our risk management framework is in line with the Enterprise Risk Management – Integrated Framework of COSO and the Dutch Corporate Governance Code. The Executive Committee reviews our risk management process, control systems and our major business risks, which are subsequently reviewed by the Supervisory Board.
Clarity on risk appetite, along with the boundaries that determine the freedom of action or choice in terms of risk taking and risk acceptance, is provided to all managers. Risk boundaries are set by our strategy, Code of Conduct, core principles and values, authority schedules, policies and corporate directives. Our risk appetite differs by objective area and type of risk:
- Strategic: In pursuing our strategic ambitions, we are prepared to take considerable risk related to achieving our performance, innovation and sustainability objectives. Returns on investment in the development of innovative products and sustainable solutions are never certain. Yet considerable funds and effort is spent on research, development and innovation, even in less certain economic circumstances
- Operational: With respect to operational risks, we seek to minimize the downside risk from the impact of unforeseen operational failures within our businesses
- Financial: With respect to financial risks, we have a prudent financing strategy and a strict cash management policy and are committed to maintaining strong investment grade credit ratings. Our financial risk management and risk appetite are explained in more detail in Note 23 of the Consolidated financial statements
- Compliance: We do not permit our employees to take any compliance risk and have a zero tolerance policy in relation to breaches of our Code of Conduct. See the Governance and compliance section for more details