Content

Give feedback via the email-form below.

G16 Risk management

Taking calculated risks is an integral part of the development of any company. Umicore’s Board of Directors is ultimately responsible for assessing the risk profile of the Company within the context of the Company strategy and external factors such as market conditions, competitor positioning, technology developments etc and ensuring that adequate processes are in place to manage these risks. Umicore’s management is tasked with successfully exploiting business opportunities whilst at the same time limiting possible business losses. In order to achieve this, Umicore operates a comprehensive risk management system. The aim of this system is to enable the Company to identify risks in a proactive and dynamic way and to manage or mitigate these identified risks to an acceptable level wherever this is possible. Internal control mechanisms exist throughout Umicore to provide management with reasonable assurance of the Company’s ability to achieve its objectives. These controls cover the effectiveness and efficiency of operations, the reliability of financial processes and reporting, the compliance with laws and regulations, and provide for the mitigation of errors and fraud risks.

16.1    Risk management process

Each of Umicore’s business units operates in an environment which carries specific growth expectations and differing degrees of market and technological uncertainty. Therefore, the primary source of risk identification lies with the business units themselves.

The first step in the risk management process is to enable and channel the identification of the various material risks. Umicore has established a business risk assessment process to be undertaken by each business unit and corporate department. The process requires that all units carry out a risk scan in order to identify all significant risks (financial and non-financial) that might affect the ability of the business unit to meet its objectives as set out in its strategic plans. The process then requires that each of these risks be described in detail in a risk card. Besides the assessment of potential impact and likelihood, the risk card also contains information on the status of any management action or mitigation plan and the ownership thereof.

These risk cards are then fed back to the member of the Executive Committee responsible for that peculiar business area. A consolidated review takes place at the level of the Executive Committee, the outcome of which is presented to the Audit Committee and to the Board of Directors. The Audit Committee, on behalf of the Board of Directors, carries out an annual review of the Company’s internal control and risk management systems and looks into specific aspects of internal control and risk management on an on-going basis.

Each business unit and corporate department is responsible for the mitigation of its own risks. The Executive Committee intervenes in cases where managing a certain risk is beyond the capacities of a particular business unit. The Executive Committee and the Chief Executive Officer are also responsible in a broader context for identifying and dealing with those risks that affect the broader group such as strategic positioning, funding or macroeconomic risks. A specific monitoring role is given to Umicore’s Internal Audit department in order to provide oversight for the risk management process.

16.2    Internal control system

Umicore adopted the COSO framework for its Enterprise Risk Management and has adapted its various controls constituents within its organization and processes. “The Umicore Way” (http://www.umicore.com/en/vision/values/) and the “Code of Conduct” are the cornerstones of the Internal Control environment; together with the concept of management by objectives and through the setting of clear roles and responsibilities they establish the operating framework for the Company.

Specific internal control mechanisms have been developed by business units at their level of operations, while shared operational functions and corporate services provide guidance and set controls for cross-organizational activities. These give rise to specific policies, procedures and charters covering areas such as supply chain management, human resources, information systems, environment, health and safety, legal, corporate security and research and development.

Umicore operates a system of Minimum Internal Control Requirements (MICR) to specifically address the mitigation of financial risks and to enhance the reliability of financial reporting.

Umicore’s MICR framework requires all Group entities to comply with a uniform set of internal controls in 12 processes. Within the Internal Control framework, specific attention is paid to the segregation of duties and the definition of clear roles and responsibilities. MICR compliance is monitored by means of annual self-assessments to be signed off by the senior management. The outcome is reported to the Executive Committee and to the Audit Committee of the Board of Directors. Up till 2014 the control entities (in average 130 entities) aimed at reaching the established compliance threshold for each control activity. The Internal Audit department reviews the compliance assessments during its missions.

During 2015, the self-assessment process has been redesigned with the purpose to move from a judgemental to an objective methodology by using questionnaires. The first tests of the new self-assessment occurred successfully towards the end of 2015. In parallel the requirements are being reedited in order to simplify and to bring even more focus on segregation of incompatible tasks.