Risk management & internal control

The aim of our risk management system is to enable the company to identify risks in a proactive and dynamic way; and manage or mitigate risks to an acceptable level wherever possible.

Business units
  • Carry out a risk scan to identify all significant risks (financial and non-financial)
  • Detail each risk on an “uncertainty sheet” outlining potential impact, likelihood, status of management action or mitigation, and ownership
  • Report bottom up to the Executive Committee member responsible for that business unit
Executive committee member
  • Identify, evaluate and mitigate risks
Executive committee
  • Successfully exploit business opportunities
  • Assess market conditions, competitor positioning, technology developments or regulatory changes against the business strategy execution
  • Manage and mitigate possible business risks
Board of directors
  • Assesses the risk profile of the company within the context of the Company strategy and external factors
  • Ensure adequate risk management and internal control processes are in place

Each business unit operates in an environment which carries specific growth expectations and differing degrees of market and technological uncertainty that could impact strategic objectives. As such, the primary source of risk and opportunity identification lies within the business units.

Similarly, each business unit is responsible for mitigation of its own risks. Mitigating actions are systematically reported corresponding to the respective strategic objectives and identified risks.

Specific corporate departments are also tasked with managing and mitigating certain risks under the auspices of the Executive Committee. These risks cover Group-wide elements that extend beyond the purview of individual business units. These include environmental risks, financial risks etc.

Our internal control system

Internal control mechanisms exist throughout Umicore to provide management with reasonable assurance of our ability to achieve our objectives.
They cover:

  • Effectiveness and efficiency of operations
  • Reliability of financial processes and reporting
  • Compliance with laws and regulations; and
  • Mitigation of errors and fraud risks

Umicore adopted the COSO framework for its Enterprise Risk Management and has adapted its various controls constituents within its organization and processes. “The Umicore Way” and the “Code of Conduct” are the cornerstones of the Internal Control environment; together with the concept of management by objectives and through the setting of clear roles and responsibilities they establish the operating framework for the company.

Specific internal control mechanisms have been developed by business units at their level of operations, while shared operational functions and corporate services provide guidance and set controls for cross-organisational activities.
These give rise to specific policies, procedures and charters covering areas such as supply chain management, human resources, information systems, environment, health and safety, legal, corporate security and research and development.

Umicore operates a system of Minimum Internal Control Requirements (MICR) to specifically address the mitigation of financial risks and to enhance the reliability of financial reporting. Umicore’s MICR framework requires all Group entities to comply with a uniform set of internal controls in 12 processes.

Within the Internal Control framework, specific attention is paid to the segregation of duties and the definition of clear roles and responsibilities. MICR compliance is monitored by means of selfassessments to be signed off by senior management.
The outcome is reported to the Executive Committee and the Audit Committee.

Out of the 12 control cycles, 2 cycles (financial closing and reporting, human resources) were assessed during 2018 by the 100 control entities currently in scope. Risk assessments and actions taken by local management to mitigate potential internal control weaknesses identified through prior assessments are monitored continuously. The Internal Audit department reviews the compliance assessments during its missions.

Discover the stories behind our success!

Read now

      Umicore uses certain monitoring and tracking technologies such as cookies. These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our web visitors with a better experience.

      By clicking on the button accept you agree to the use of these cookies while using the website. For further information regarding how we use cookies and other tracking technologies, please see section 10 of our website privacy notice

          Necessary cookies are essential and help you navigate our website. This helps to support security and basic functionality and are necessary for the proper operation of our website, so if you block these cookies we can't guarantee your use or the security during your visit.

          Cookies that help us to understand the behaviour of users of our website. This allows us to continuously improve our website to provide the best information in support of our project aims. These cookies are also used to help us understand how effective our website is. For instance these cookies tell us which pages visitors go to most often and if they get error messages from web pages.

          Cookies that deliver content to you based on your interests, which are assumed from your browsing history. Most Targeting Cookies track users via their IP address and, thus, may collect some Personal Data. Personal Data collected by Targeting Cookies may be shared with third-parties, such as advertisers.