The LOTOS Group has implemented an Enterprise Risk Management (ERM) system to boost the effective implementation of its business strategies and processes. The above measures have been implemented as part of the Enterprise Risk Management Policy.
Mechanisms of the risk management model are embedded in the existing business processes. The model comprises three lines of defence, adjusted to the nature of particular activities and the possible impact of risks on the Group’s performance.
Structure of the enterprise risk management (ERM)
The ERM system focuses on key risks and forecasts their impact on the company’s operations and performance, thus facilitating the development of pre-emptive measures that may help mitigate or exploit risks or their consequences. This key functionality of the system is currently being strengthened at the LOTOS Group.
Management of opportunities and threats at the corporate level is carried out as part of a process involving:
- risk identification – risks are identified in the context of (annual) strategic and operational objectives pursued;
- risk analysis and assessment – the assessment is carried out in two time horizons: annual and long-term. The assessment criteria include both financial and reputational consequences, aggregated as the impact on non-financial parameters, such as the image, environment, and people;
- establishing a risk treatment plan – for each material risk, an operational management procedure as well as controls and protection measures are defined. For TOP RISKS, detailed risk management charts are prepared, which cover relevant risk mitigation and exploitation measures, as well as response plans to be followed in case of materialisation of such risks;
- implementation of risk mitigation and opportunities tapping measures – performing tasks defined in risk treatment plans and monitoring their progress on an ongoing basis;
- monitoring of risk indicators – for TOP RISKS, key risk indicators (KRIs) are defined, which allow risk exposure levels and risk materialisation probability to be monitored in accordance with relevant rules;
- risk reviews – periodically (every six months), all identified risks are reviewed and re-assessed;
- communication and reporting – standards for communicating and reporting the results of risk management are in place at every stage of the process; the Management and Supervisory Boards receive regular, quarterly reports on existing risks to the organisation and on the effectiveness of risk mitigation or exploitation measures;
- the effectiveness and adequacy of the ERM are assessed and its future development directions are defined on an annual basis.