Identifying and controlling potential events and risks that may affect the Group’s strategy, continuity or controlling is something that we focus on continuously.
It is our conviction that risk management needs to be part of all our employees’ day-to-day thinking and working, not because the law requires it to be, but because it feels natural and is the right thing to do.
The Executive Board has ultimate responsibility for being in control of the Group, and therefore also for risk management. In this respect, the Executive Board is supported by the International Board, the Corporate Control department, the Legal department, the Compliance and Security Officers, and the Internal Audit function.
Corporate Control facilitates risk awareness and operationalisation of associated control measures within our organisation, which they also monitor. The Legal department and the Compliance Officer support and monitor timely and complete implementation of new legislation and regulations. The Security Officer supports the Executive Board in defining and monitoring the (information) security policy. Internal audit is an independent and objective function that supports the Executive Board and the Supervisory Board in gaining insight into the level of control of risks that threaten the Group’s objectives.
‘To measure is to know’ is a key principle of risk management. Using a central data warehouse where virtually all operational and financial data is stored, as well as state-of-the-art analytical tools, the Corporate Control department monitors special developments or (series of) numbers.
In the autumn of 2019, we reviewed the main risks with a potential impact on the achievement of our strategic goals, identifying and assessing approximately 30 possible risks, and subsequently classifying them in one of four categories: strategic, operational, financial and compliance. Bearing in mind the developments in the market and internal changes, we ultimately identified ten risks that we consider the most consequential. The risk appetite with respect to these risks has been assessed, as has the likelihood of them materialising and the potential impact. Aside from that, an assessment has been made of the extent to which we, as a Group, can influence these risks.
We have described these extensively in our 2019 annual report.