Identifying and controlling potential events and risks that may affect the Group’s strategy, continuity or controlling is something that we focus on continuously.
It is our conviction that risk management needs to be part of all our employees’ day-to-day thinking and working, not because the law requires it to be, but because it feels natural and is the right thing to do.
The Executive Board has ultimate responsibility for being in control of the Group, and therefore also for risk management. In this respect, the Executive Board is supported by the International Board, the Corporate Control department, the Legal department, the Compliance and Security Officers, and the Internal Audit function.
Corporate Control facilitates risk awareness and operationalisation of associated control measures within our organisation, which they also monitor. The Legal department and the Compliance Officer support and monitor timely and complete implementation of new legislation and regulations. The Security Officer supports the Executive Board in defining and monitoring the (information) security policy. Internal audit is an independent and objective function that supports the Executive Board and the Supervisory Board in gaining insight into the level of control of risks that threaten the Group’s objectives.
In een groeiende, internationale organisatie als de onze, erkennen we de noodzaak tot verdere formalisering om in control te blijven. Het is daarbij van belang dat we formalisering in balans houden met de (informele) hands-on ondernemersgeest binnen ons bedrijf.
Wij richten risicomanagement steeds meer vanuit strategisch niveau in, van waaruit we de doorvertaling naar processen, mensen en systemen op operationeel niveau maken.
In the autumn of 2019, we reviewed the main risks with a potential impact on the achievement of our strategic goals, identifying and assessing approximately 30 possible risks, and subsequently classifying them in one of four categories: strategic, operational, financial and compliance. Bearing in mind the developments in the market and internal changes, we ultimately identified ten risks that we consider the most consequential. The risk appetite with respect to these risks has been assessed, as has the likelihood of them materialising and the potential impact. Aside from that, an assessment has been made of the extent to which we, as a Group, can influence these risks.
We have described these extensively in our 2019 annual report.