Annual report 2012

Risk identification and management

Every business plan and all major business decisions and projects include the identification and analysis of risks, and a plan for the continued management of potential risks. This process includes systematic communication and consultation. It also includes defining, analysing, assessing, amending, controlling, monitoring and reviewing risks. Risk assessment is carried out according to the adopted methodology. In managing risks, the Group decides between strategies that include assuming risk, avoiding risk, transferring risk to a third party and mitigating risk.

The following measures are used to mitigate risks:

  • the establishment of internal controls;
  • the implementation of scenarios to reduce risks to an acceptable level;
  • through money-market transactions; and
  • by using derivatives, in particular interest-rate swaps (IRS) and interest-rate caps.

During the project to establish a risk management system, the Group identified those individuals responsible for risks: members of the Management Board, the managing directors of Group companies, the directors of sectors, department heads and other organisational units, project managers and authorised experts. The aforementioned parties are responsible for the initial identification of risks in their own areas, for the monitoring of risks and for the implementation of necessary measures. The list of identified risks, both current and potential, is regularly updated. The implementation of measures is monitored quarterly, and the Management Board and Supervisory Board informed accordingly. An enclosure regarding perceived risks is an integral part of the material submitted to the Management Board in decision-making processes.