BE ER
Enterprise Risk Management
Dick Oude Alink
Corporate Risk Manager
October 18, 2005
Risk Management
Akzo Nobel in the World
Geographic breakdown net sales (by origin)
46% Euro region
17% USA/
Canada
22% Other European countries
9% Asia
6% Other regions
Risk Management
Organization
Board of Management
Corporate Staff
Pharma BUs
Coatings BUs
Chemicals BUs
Risk Management
Business Units
Pharma
• Intervet, Organon, Nobilon
Coatings
• Car Refinishes, Decorative Coatings Europe,
Decorative Coatings International, Industrial Finishes,
Marine & Protective Coatings, Nobilas, Powder Coatings
Chemicals
• Base Chemicals, Functional Chemicals, Polymer
Chemicals, Pulp & Paper Chemicals
(Eka Chemicals), Surfactants
Risk Management
Akzo Nobel
Our Ambition
Be the first choice of customers, shareholders
and employees and a respected member of society
Our Commitments
•Focus on our customers
•Competitive returns for our shareholders
•Create an attractive working environment
•Socially responsible
Risk Management
Akzo Nobel
Our Strategy
• Obtain leadership positions
• Seek market segments with an attractive structural
profitability
• Develop critical mass
This strategy calls for a constant upgrading of the portfolio
Our Values
• Entrepreneurial spirit
• Personal integrity
• Social responsibility
Risk Management
Akzo Nobel
Our Principles
•
•
•
•
•
Recognize our responsibilities
Endorse free enterprise
Insist on business integrity
Encourage community activities
Stimulate communication
Health, Safety and the Environment
• HSE is an integral part of the business policy
• Go beyond compliance
• Actively support HSE care programs
Risk Management
Akzo Nobel
Policy Health, Safety and the Environment
• Prevent harm to and promote the health of employees
and other stakeholders
• Strive to prevent injuries at work
• Prevent or minimize the environmental impact
• Expand our concern for HSE (Product Stewardship)
In Society
• Be a respected member of society
• Support educational, sports, arts, cultural and scientific
programs
• Encourage young talent
Risk Management
Have a Look
Go to website
Risk Management
Facts and Figures
Key Figures 2004
EUR mln
Net income*
Net sales
Operating income*
Number of employees (year-end)
770
12,688
1,210
61,450
* excluding nonrecurring items
Risk Management
People
4%
2%
15%
19%
32%
7%
60%
14%
47%
Pharma
Coatings
Chemicals
Other units
Europe
North America
Latin America
Asia
Other regions
Risk Management
Breakdown Net Sales 2004
25%
34%
Pharma
Coatings
Chemicals
41%
Risk Management
Research and Development
• 2004 R&D expenditures (EUR 823 million),
were down 7,0% from 2003.
• R&D expenses as percentage of sales: 6.5%
20%
16%
15%
10%
5%
3%
3%
Coatings
Chemicals
0%
Pharma
Risk Management
Be aware that risks can have many faces……
Risk Management
Why Risk Management and why now?
• Dynamic and complex business environment
Risk Management
Dynamic & Complex Business Environment
• Global Customers
• Fluctuating Exchange rates
• Increasing raw material/transport prices
• Changing regulations
• Reduced raw material availability
• Complex logistics
• etc.
Risk Management
Why Risk Management and why now?
• Dynamic and complex business environment
•
Changing risk arena
Risk Management
Changing Risk Arena
The Risk List ‘Greatest Risk Top 5’
1
2
3
4
5
from 2000 onwards
Loss of Reputation
Failure to Change
Business Interruption
Product Liability
Computer Crime
late 1990’s
Fire
Business Interruption
Employee Risks
Environmental
Computer Crime
Clear tendency towards intangible & noninsurable risks
Risk Management
Why Risk Management and why now?
• Dynamic and complex business environment
•
Changing risk arena
•
Shareholder & stakeholder expectations
Risk Management
Shareholder & Stakeholder Expectations
• People
• Planet
• Profit
Risk Management
Why Risk Management and why now?
• Dynamic and complex business environment
•
Changing risk arena
•
Shareholder & stakeholder expectations
•
Corporate Governance requirements
Risk Management
Corporate Governance Requirements
• Transparency in operations (opportunities and risks)
• Risk based thinking (internal and external auditors)
• Law on behalf of Shareholders and Stakeholders
- Sarbanes Oxley
- Tabaksblat
- European Corporate Governance Forum
Risk Management
Corporate Governance Requirements
COSO Internal Control
framework
COSO ERM framework
Internal Environment
Control Environment
Objective Setting
Risk Assessment
Event Identification
Risk Assessment
Control Activities
Risk Response
Information &
Communication
Control Activities
Information & Communication
Monitoring
Monitoring
Risk Management
Enterprise Risk Management within
Akzo Nobel
Risks are inherent to our
business operations
&
by taking measured risks
we want to make money
Risk Management
Managing risks is a pre-requisite for
generating sustainable value
&
must therefore be an integral
part of our business activities
Risk Management
Enterprise Risk Management
Principles
• Have opportunities and risks visible and understandable
• Show transparency on balance of risks, internal and
external
• Avoid surprises
–
–
–
–
Financial
Reputation
Compliance
Business principles
Risk Management
Enterprise Risk Management
Program
Business
planning
Risk Management
process
objectives/
strategy
risk profiles
Business
planning levels
Risk awareness
Integrated RM
• Akzo Nobel
• Group
• BU, sub BU, process,
site, plant
• Corporate
departments
Risk
Management
standards
and best
practices
Process
owner: ARM
Internal
risk reporting
External
risk reporting
risk
paragraph
TOP, SOP,
RF LOR
Corporate
Governance
• Tabaksblat
• SOX
Transparency
Transparency
Framework:
COSO Risk
Management
Framework
and
Process
Risk Management
Enterprise Risk Management
Implementation Approach
Akzo Nobel
Business
Management
Risk
Risk
Risk
Objectives
Self-Assessment
Responses
Consolidation
Transparency
Risk Profile
Per Risk profile
BoM
Groups
Top 10 Risks
Actions
Strategic
Risk Profiles
Per Risk profile
BUs
Corp. Depts.
Top 10 Risks +
Risk Responses
Operational
Actions
Risk Profiles
Per Risk profile
Sub-BUs
Top 10 Risks +
Processes
Risk Responses
Actions
Compliance
Risk Profiles
Per Risk profile
Sites
Plants
Top 10 Risks +
Risk Responses
Actions
Risk Management
Enterprise Risk Management
Workshop Process
2001 Initial Pilot
2002 Project Roll-out
Understand the
Business
1
2003 Operational
Clarify
Objectives
2
Respond
to Risks
5
4
Assess
Risks
3
Identify
Risks
2004 Fully Applied
2005 Continuous
Improvements
Key Success Factors
•
Top-Down process
•
Fully aligned with Business Planning
and Reporting
•
Bottom-Up reporting
•
Execution at all (management) levels
•
Maximum use of employees
knowledge and experience
•
Enforced Decision-making process
•
Use of robust interactive tools
Risk Management
Akzo Nobel Enterprise Risk Management Program
Akzo Nobel
Policy
Risk Policy
Letter of
Understand
1
LOR
Assurance
2
Process
5
Respond
4
Tools
Representation
Clarify
3
Assess
Identify
Documentation
Support
E
Catastrophic Loss
Website
N V
P
OPERATIONS RISK
Business Plan
I
R
O
N
M
E
N
T
R
I
S
K
Competitor
Technological Innovation
Shareholder Relations
Sovereign/Political
Globalization
Patent
Regulatory
Industry
Customer Satisfaction
Human Resources
Product Development
Efficiency
Capacity
Cycle Time
Compliance
Product/Service Failure
Environmental
Health and Safety
Trademark/Brand
Name Erosion
Product Acceptance
Resource Availability
Channel Effectiveness
R
O
C
E
S S
R
I
S
EMPOWERMENT RISK
Leadership
Authority/Limit
Outsourcing
Communications
INFORMATION PROCESSING/
TECHNOLOGY RISK
K
FINANCIAL RISK
Commodity
Currency
Price
Cash Flow
Liquidity
Infrastructure
Integrity
Language
Reporting
Default
Concentration
Credit
INTEGRITY RISK
Unauthorized Use
Employee Fraud
Reputation
I N FORMATI ON FO R DEC IS IO N MAK IN G R ISK
OPERATIONAL
Product Pricing
Contract Commitment
Regulatory Reporting
Product Costing
Q.Reviews
FINANCIAL
Budget and Planning
Investment Evaluation
Financial Reporting Evaluation
STRATEGIC
Environmental Scan
Business Portfolio
Valuation
Product Life Cycle
Resource Allocation
Planning
© 2001 Arthur Andersen. All rights reserved.
Board
Accountabilities
Business Units
Risk Management
Enterprise risk management Policy
Akzo Nobel is committed to creating long-term value for its customers, shareholders,
employees and society, recognising that sustainable profit is essential for the continuity
of its business. Risks are an integral part of our business and can feature both in terms
of opportunities and gains, as well as threats and losses.
Our policy is to ensure that risks are timely identified, adequately understood, properly
assessed and effectively responded to by responsible employees at all levels within the
company. Through our enterprise risk management framework, we want to provide
reasonable assurance that our business objectives can be achieved and our obligations
to employees and society can be met.
A clear policy statement
Approved by the Board of Management, December 2001
Risk Management
Akzo Nobel Risk Management Process
Workshop preparation
Understand the
Business
1
Workshop
Follow-up
Clarify
Objectives
2
Workshop
Introduction
Respond
to Risks
5
4
Assess
Risks
3
Identify
Risks
Workshop execution
Risk Management
The Risk Management Process in 5 basic steps
Understand the
Business
1
Clarify
Objectives
2
Respond
to Risks
5
4
Assess
Risks
3
Identify
Risks
Risk Management
1.
Understand the Business
What is the nature of the business?
What is the culture and operating style within and
around the business?
What are the internal constraints which limit freedom of
action or choice?
What are the external constraints like laws, regulations
and mandatory standards?
The design of the enterprise risk management
framework will vary according to the characteristics
of the business
Risk Management
2.
Clarify Objectives
What expectations have been set?
What promises have been made?
What must be delivered?
Who is responsible for achieving the objectives?
Do the objectives cover all elements of sustainable
development (economic, social & environmental)?
Clarification of the objectives enables the
identification of the related risks
Risk Management
3.
Identify risks
IT systems
Customers
Health, Safety
& Environment
Asset Integrity
Financial
Natural
events
Reputation
People
Laws &
Regulations
Research &
developmen
t
Partnering
Integrity
Risk Management
4.
Assess the Risks
The Impact versus Likelihood map
High
Business
Interruption
Interconnected
Technology
obsolescence
Impact
Capital
Availability
Performance
Measurement
Competitor
Medium
Pricing
IT System
Integrity
Financial
Reporting
Evaluation
Regulatory
Human
Resources
Billing and
revenue
Assurance
Product
Development
Customer
satisfaction
Credit
Fraud
Efficiency
Reputatio
n
Low
Low
High
Likelihood
Risk Management
4.
Assess the Risks
The Risk level versus Control effort map
High
Risk Level
Risks may be
Undercontrolled
Risks may be
overcontrolled
Low
Low
Moderate
CONTROL EFFORT
High
Risk Management
Risk Sourcing and Response Development
What do we need to do to deal with the identified risk?
high
Risk Level
What needs to be
done?
• Increase effort level
• Maintain current effort
level
• Reduce effort
level
low
low
Moderate
Control Effort
high
Risk Management
5.
Respond to Risks (the four T’s)
In relation to a particular risk there are
certain basic strategies to choose from:
• Terminate the activity
• Transfer the risk to another party
• Treat the risk by instituting appropriate business
controls
• Take the risk (where no further cost effective controls
are possible)
Risk Management
5.
Respond to Risks
(possible risk response strategies)
Take
Intentionally pursue
Fully accept
Finance the consequences
Build in contingencies
TeERMinate
Cease activity
Pull out of market
Divest
Change objectives
Reduce scale
Transfer
Insure
Share (JV, alliance, partnership
Contract out (outsource, assign)
Diversify / spread
Hedge
Treat
Dealing with risk requires adaptation:
• Organization
• People & Relationships
• Direction
• Operational
• Monitoring
Risk Management
Risk sourcing
Finding the root cause of the risk
• The aim is:
– To create a clear picture of where and how business risks originate
– To focus attention on the specific areas that have the highest
influence on the respective risks
– To assist in developing effective risk responses (action plans)
Previous experience
political/legislation
public opinion
permit issues
Having chosen to have one supplier
No other suppliers known
HSE legislation
dependency
on single
source
No other suppliers available
product
inherent hazard
process
inaccessibility
plant reliability
terrorism
Business interruption
Natural catastrophe
maintenance risk
Review and update maintenance
programs
human error
Accident at neighbour
catastrophic
accidents
Lack of preventive maintenance
Site infrastructure and utility restriction
Logistics related accidents
sabotage
Lack of knowledge
No back-up capacity
Analysis opportunity cost vs worse
case scenario
Investment too high
no back-up plan
Create a Contingency plan
Risk Management
Response Development
What must be done to deal with the root cause?
Risk
Source/Root
cause
Action
Responsible
Due date
Previous experience
political/legislation
public opinion
permit issues
Having chosen to have one supplier
No other suppliers known
HSE legislation
dependency
on single
source
No other suppliers available
product
inherent hazard
process
inaccessibility
plant reliability
terrorism
Business interruption
Natural catastrophe
maintenance risk
Review and update maintenance
programs
human error
Accident at neighbour
catastrophic
accidents
Lack of preventive maintenance
Site infrastructure and utility restriction
Logistics related accidents
sabotage
Lack of knowledge
No back-up capacity
Analysis opportunity cost vs worse
case scenario
Investment too high
no back-up plan
Create a Contingency plan
Risk Management
Follow-up and Closing
Risk Management reporting format (I)
Risk Management Report for TOP/RF
(sub-)Business Unit:
Report date (dd-mm-yy):
Organisation
Updated
Organisation
Updated
Risk Maps
(s)BU risk profile
Top-10 risks
in terms of Risk level
(impact * likelihood)
Impact
9.0
5.0
1.0
1.0
5.0
9.0
Likelihood
Most significant risks in terms of risk level (descending order of risk level = Impact x Likelihood)
#
A
Description of risk
Impact
Likelihood
Control Effort
Risk Level
0.0
Risk Priority
0.0
B
0.0
0.0
C
0.0
0.0
D
0.0
0.0
E
0.0
0.0
F
0.0
0.0
G
0.0
0.0
H
0.0
0.0
I
0.0
0.0
J
0.0
0.0
81.0
Risk
Level
Risk Management
Enterprise Risk Management
Monitoring Risks
Continuous Management Review
• External developments
• Changes in the
Business Objectives
• Internal Developments
Last year’s
Risk profile
• Other Risk Profiles in
the Organization
This year’s
Risk profile
• Risk Mitigation Actions
Risk Management
Enterprise Risk Management
Standards
• Risk profiles throughout the organization
(BoM, BUs, sBUs, processes, main sites and corporate)
• Actual & up to date risk profiles and actions plans (Annually
reviewed)
• Risk Profiles for strategic changes
(major investments, acquisitions, divestments, etc.)
Risk Management
ERM on track for
Corporate Governance
• SEC Final rule SOX 404:
COSO
• Tabaksblat:
COSO
• PCAOB Audit Standard No. 2:
COSO
Risk Management
ERM on track for
Corporate Governance
SEC Final rule SOX 404:
•
The COSO Framework satisfies our criteria and may be used as an
evaluation framework for purposes of management's annual internal control
evaluation and disclosure requirements.
Tabaksblat:
•
“II.1.4. It would be logical for the management board to indicate in the
declaration on the internal risk management and control systems what
framework or system of standards (for example the COSO framework for
internal control) it has used in evaluating the internal risk management and
control system.
PCAOB Audit Standard No. 2:
•
The COSO report, provides a suitable and available framework for purposes
of management's assessment. For that reason, the performance and
reporting directions in this standard are based on the COSO framework.
Risk Management
Enterprise Risk Management
Process applied to:
• Projects (e.g. Investments, Outsourcing, Innovation, etc.)
• Acquisition/Divestments
Risk Management
Conclusion
• Enterprise Risk Management is proven to add value to
the company
• Enterprise Risk Management is mandatory for Akzo
Nobel, both internally as well as externally
Risk Management