We continuously strive to foster a high awareness of business risks and internal control, geared towards preserving our risk appetite and providing transparency in our operations. The Executive Committee is responsible for managing the risks associated with our activities and, in turn, for the establishment and adequate functioning of appropriate risk management and control systems.
Our risk management frameworkThrough our risk management framework, we seek to provide reasonable assurance that our business objectives can be achieved and our obligations to customers, shareholders, employees and society can be met. The framework is in line with the Enterprise Risk Management – Integrated Framework of COSO and the Dutch Corporate Governance Code. The Executive Committee reviews our risk management process, control systems and our major business risks, which are subsequently reviewed by the Supervisory Board.
Our risk management framework includes a bottom-up process which aims to provide full coverage of the organization and key strategic projects, thus ensuring that we focus on the areas of major risk exposure.
Risk appetiteClarity on risk appetite, along with the boundaries that determine the freedom of action or choice in terms of risk taking and risk acceptance, is provided to all managers. Risk boundaries are set by our strategy, Code of Conduct, core principles and values, authority schedules, policies and corporate directives. Our risk appetite differs per objective area and type of risk:
- Strategic: In pursuing our strategic ambitions, we are prepared to take considerable risk related to achieving our performance, innovation and sustainability objectives. Return on investment in the development of innovative products and sustainable solutions are never certain. However, considerable funds and effort are spent on research, development and innovation, even in less certain economic circumstances
- Operational: With respect to operational risks, we seek to minimize the downside risk from the impact of unforeseen operational failures within our businesses
- Financial: With respect to financial risks, we have a prudent financing strategy and a strict cash management policy and are committed to maintaining a strong investment grade credit rating. Our financial risk management and risk appetite are explained in more detail in Consolidated financial statements of the Annual Report
- Compliance: We do not permit our employees to take any compliance risk and we take appropriate measures in the event of any breach of our Code of Conduct. See the Governance and compliance section for more details