Risk management model

Mechanisms of the risk management model are embedded in the existing business processes. The model comprises three defence lines which are adjusted to the nature of particular activities and the possible impact of risks on the Group’s performance.

The ERM system focuses on key risks and forecasts their impact on the company’s operations and performance, thus facilitating the development of pre-emptive measures that may help mitigate risks or exploit opportunities. This key functionality of the system is currently being strengthened at the LOTOS Group. One of the key objectives of the Compliance and Risk Office is to provide the most useful management information in order to efficiently manage any identified risks.

Management of threats at the corporate level is carried out as part of a process involving:

• analysis of the external environment (e.g. regulatory framework, macroeconomic factors, global trends) and the internal environment (including business objectives) – a context analysis;
• risk identification − risks are identified in reference to the strategic and operational (annual) objectives, as well as the organisation’s long-term growth;
• analysis and assessment of individual risks – the assessment is carried out in two time horizons: annual and strategy implementation period. Criteria taken into account in the risk assessment include the financial impact, the impact on human and environmental safety, as well as reputational issues;
• establishing a risk treatment plan – for each material risk type, an operational management procedure as well as controls and protection measures are defined. For TOP RISKS, relevant risk mitigation and opportunity exploitation measures are prepared, as well as response plans to be followed in case of materialisation of such risks;
• implementation of risk mitigation and opportunities enhancement measures – performing tasks defined in risk treatment plans and monitoring their progress on an ongoing basis;
• monitoring of risk indicators – for top risk categories, key risk indicators (KRIs) are defined, which allow risk exposure levels and risk materialisation probability to be monitored in accordance with relevant rules;
• risk reviews – periodically (every six months), all identified risk types are reviewed and re-evaluated;
• communication and reporting – standards for communicating and reporting the results of risk management are in place at every stage of the process. The Management and Supervisory Boards receive regular, quarterly reports on existing risks to the organisation and on the effectiveness of risk mitigation or exploitation measures;
• the effectiveness and adequacy of the ERM system are assessed and its future development directions are defined on an annual basis.