7.2. The risk assessment process
It is an inherent aspect of the business and operations of the Group to deal with risks, while remaining in compliance with laws, regulations and the Code of Conduct, and pursuing its ambitious sustainable development targets.
The Enterprise Risk Management (ERM) policy of Solvay is explained in the Management Book: it states that the Group will identify, quantify, assess and manage all potentially significant business risks and opportunities by applying systematic risk management integrated with strategy, business decisions and operations. Enterprise Risk management is seen as an essential management tool and aid in making the decisions needed to achieve the Company’s short, medium, and long-term objectives.
The Comex approves the risk management policies and processes used throughout the Group. The Internal Audit & Risk Management Department (IA/RM) is in charge of setting up a global and consistent system of risk management across the Group.
The process of risk management takes into account the organization’s strategic objectives and is structured in following phases:
- risk analysis (identification and evaluation)
- decision on how to manage the critical risks
- implementation of risk management actions
- monitoring of those actions.
The enterprise risk management effort is structured around three main pillars:
- an annual top-down exercise initiated at Leadership Council level (Comex, GBU presidents, function general managers, zone presidents, Solvay Business Services general manager and selected senior managers). It is complemented by a bottom-up exercise using the risk assessments at GBU/functions level, and is finalized by a review and validation of a list of Group risks by the Group Risk Committee (Comex and General Managers of the HR, Industrial, Legal, and Sustainable Development functions). The Comex receives regularly a Group Risks Dashboard following up on those Group risks and the status of mitigating actions undertaken
- an exercise covering all GBUs and functions, with a methodology adapted to their size and embedded in the annual strategic review process. This exercise involves all the senior managers of the GBU or function to identify and assess the major risks for their unit. The management team and the president of the GBU (or the function general manager) are then in a position to assign the ownership of all critical risks to one of the GBU’s managers. A regular follow-up of the actions mitigating critical risks is required from all GBUs
- specific risk assessments for major projects (investments, acquisitions or major function projects).
Moreover, the approach to designing internal controls on major processes includes a step of risk assessment, defining which key control objectives are to be tackled.
This is the case in particular for processes at subsidiary, shared service, GBU or corporate level, leading to the production of the financial reporting.
More information on risks can be found in the “Management of risks” section of the annual report, in particular with regard to the Group’s main risks and the actions taken to avoid or reduce them.