- monitors the effectiveness of the enterprise risk management
-
102-15
Mechanisms of the risk management model are embedded in the existing business processes. The model comprises three defence lines which are adjusted to the nature of particular activities and the possible impact of risks on the Group’s performance.
- operational risk management
- development of operational procedures
- risk identification and assessment at the decision-making stage and periodic risk eviews in processes and projects
- definition of risk management policies at the LOTOS Group
- linking risk management to the LOTOS Group’s strategy
- forecasting and shaping the LOTOS Group’s risk profile
- building the culture of risk management process
- independent assessment of the effectiveness and adequacy of the LOTOS Group’s isk management process
Structure of the enterprise risk management (ERM)
The ERM system focuses on key risks and forecasts their impact on the company’s operations and performance, thus facilitating the development of pre-emptive measures that may help mitigate risks or exploit opportunities. This key functionality of the system is currently being strengthened at the LOTOS Group. One of the key objectives of the Compliance and Risk Office is to provide the most useful management information in order to efficiently manage any identified risks.
ERM system
Risk management process
Management of threats at the corporate level is carried out as part of a process involving:
- analysis of the external environment (e.g. regulatory framework, macroeconomic factors, global trends) and the internal environment (including business objectives) – a context analysis;
- risk identification − risks are identified in reference to the strategic and operational (annual) objectives, as well as the organisation’s long-term growth;
- analysis and assessment of individual risks – the assessment is carried out in two time horizons: annual and strategy implementation period. Criteria taken into account in the risk assessment include the financial impact, the impact on human and environmental safety, as well as reputational issues;
- establishing a risk treatment plan – for each material risk type, an operational management procedure as well as controls and protection measures are defined. For TOP RISKS, relevant risk mitigation and opportunity exploitation measures are prepared, as well as response plans to be followed in case of materialisation of such risks;
- implementation of risk mitigation and opportunities enhancement measures – performing tasks defined in risk treatment plans and monitoring their progress on an ongoing basis;
- monitoring of risk indicators – for top risk categories, key risk indicators (KRIs) are defined, which allow risk exposure levels and risk materialisation probability to be monitored in accordance with relevant rules;
- risk reviews – periodically (every six months), all identified risk types are reviewed and re-evaluated;
- communication and reporting – standards for communicating and reporting the results of risk management are in place at every stage of the process. The Management and Supervisory Boards receive regular, quarterly reports on existing risks to the organisation and on the effectiveness of risk mitigation or exploitation measures;
- the effectiveness and adequacy of the ERM system are assessed and its future development directions are defined on an annual basis.
Risk management process
Risk oversight - ERM participants
- determines risk appetite in the context of the adopted strategy
- makes key decisions, concerning TOP RISKs, including resources and the ERM
- provides opinions on and recommends measures applicable to TOP RISKs and the ERM, including risk appetite
- monitors the performance of planned tasks
- the Committee consists of representatives of key corporate functions
- coordinates and supports measures taken by the process participants
- supports risk coordinators and Compliance Officers at LOTOS Group companies
- collates information on risks to the organisation
- assesses the Group’s risk exposure
- provides tools and methodological support, and is responsible for developing enterprise risk management
- builds a risk and compliance management culture through training and education activities
- manage individual risks, which includes defining risk treatment plans, monitoring risk levels and overseeing risk mitigation and opportunities enhancement measues
- identify new risks
- implement risk mitigation or opportunities enhancement measures
- identifies and evaluates risks to the LOTOS Group’s operrations
- verifies relevant controls and examines their effectiveness
- assesses the effectiveness of the risk management system