Grupa LOTOS S.A. - Integrated Annual Report 2012
Approach to management
At the LOTOS Group we have implemented an enterprise risk management (ERM) system based on the COSO II integrated framework published in 2004, which is compliant with ISO 31 000 guidelines and requirements. As part of our ERM system, we developed and implemented a set of internal standards, which consists of:
- Enterprise risk management policy, which defines the general scope of responsibility within the system and key risk management policies operated by the organization,
- Enterprise risk management procedure, which specifies detailed rules for risk identification and assessment, as well as monitoring and reporting methods designed to check whether any mitigating actions taken have brought the expected results.
Additionally, an Enterprise Risk Management Committee operates at Grupa LOTOS, primarily as an advisory body. The Committee provides recommendations for enterprise risk management actions in accordance with internal regulations, resolves controversies in this respect, and monitors and evaluates the progress and effects of implemented risk mitigation measures. The Committee also checks whether proposed projects are in line with the LOTOS Group's policies and whether their implementation is likely to cause a dangerous increase in risk levels in any other areas of the LOTOS Group's activities.
Once a year, a review of our ERM system is undertaken as part of the organizational maturity assessment, and the findings are used to further refine the system's mechanisms. Information on the operation of the Enterprise Risk Management System is regularly provided to the Board and the Audit Committee of the Company's Supervisory Board.
Altogether, the systematic risk management framework helps the LOTOS Group attain its pre-set objectives. Regular identification of risks that may compromise the delivery of objectives provides extensive knowledge on threats and opportunities related to the LOTOS Group's business and improves its ability to respond to emerging risks. Active enterprise risk management also serves to secure stability in our day-to-day operations and promotes sustainable development.
Grupa LOTOS identifies risks which may affect the achievement of its strategic, process and operational objectives. Risks are assessed using a risk matrix approved by the Company’s Board. Based on the rating criteria of this matrix, we classify risks as high, moderate or low. The strategy for dealing with a particular risk is devised depending on the results of a detailed risk analysis and the extent of its possible impact on the Company and its environment.
Risk assessment is undertaken from two different perspectives – for the coming year, and until the end of the current LOTOS Group strategy period (currently the end of 2015). For each risk, the probability of its occurrence is estimated, followed by an assessment of its possible impact on the company’s financial standing and reputation. The assessment takes into account the expected impact on the safety of people, the environmental impact and the reception of the impact by key stakeholders.
A risk map is constructed based on the identified and assessed risks, which is subject to approval by the Company’s Board. Relevant controls and security measures are then indicated for these risks. Each risk is assigned an owner, who is responsible for overseeing the risk, monitoring it and implementing agreed mitigation plans.
Risks rated as high and selected risks classified as moderate have their own risk management charts prepared. These contain detailed risk descriptions, mitigation plans and relevant response procedures, as well as key risk indicators (KRIs), which are subject to periodic monitoring and reporting.
The LOTOS Group also manages risks for its individual projects, wherein the risk assessment procedures used are adjusted to the requirements of the project's management. Risk management procedures remain consistent for the entire LOTOS Group, enabling the effective execution of planned projects. With the adopted criteria applied, risks affecting our major projects are also entered in the ERM system to ensure their secure implementation through increased supervision.
The Company has also launched the ERM Portal, which is an IT tool designed to ensure automated support for enterprise risk management processes. In addition to functionality that records risks, incidents and indicators, work flow scenarios are created and implemented to systematise risk management processes. These scenarios cover the tasks performed by their users. The tool also enables linking of risks to various attributes, such as objectives pursued, processes implemented, persons involved or documents used, and generates risk maps in line with required criteria. Work flow procedures facilitate precise definition of risk management tasks and monitoring of their status. Key risk indicators can be calculated based on transactional and analytical data, which enables close monitoring and rational decision-making as regards risk management and possible allocation of financial resources.
At the LOTOS Group we have identified and implemented measures aimed at mititgating key corporate risks. Part of these measures are of a long-term character, maximum three-year, which is consistent with our business strategy until 2015. Also of paramount importance to us is constant monitoring of risks and immediate reacting to prevent their negative impacts.
We make a consistent effort to improve our ERM Portal, whose functionality develops as the enterprise risk management system matures. In 2013, we aim to focus on optimising the KRI base and integrating it with other systems, so that collected data can be sourced and used for the purpose of ongoing monitoring of various risks. We also plan to expand our incident database, to ensure that it is fully exploited in assessment and management of underlying risks.
Implementation costs of hedging strategies
Risk mitigation strategies applied by Grupa LOTOS to individual risks are subject to cost analyses. In the process, the ALARP (As Low As Reasonably Practicable) principle is employed, whereby risks are reduced to a level as low as reasonably practicable. Risks are considered acceptable if it is impossible to reduce them any further or if the costs of their reduction outweigh the benefits of doing so. This approach enables Grupa LOTOS to deploy the financial resources required for risk management in the most efficient manner possible.