Risk management
At the Grupa Azoty Group, we have adopted an integrated approach to enterprise risk management based on ISO 31000:2018 ‘Risk Management – Guidelines’.
At the Grupa Azoty Group, we have adopted an integrated approach to enterprise risk management based on ISO 31000:2018 ‘Risk Management – Guidelines’. The process adopted by the Group is behind some of our corporate governance arrangements, and its effective implementation provides our management bodies, supervisory bodies and shareholders with up-to-date, reliable and well-structured information on risks related to the Group’s business. Risk management is part of a corporate management process geared towards reducing uncertainty and building lasting protections for the Group’s value.
We pursue operational excellence through the implementation of effective risk management solutions by:
- building good governance and ensuring compliance with the corporate governance rules for companies listed on the WSE Main Market, i.e. ‘Best Practice for WSE Listed Companies 2021’ effective from July 1st 2021, which were adopted by the WSE Supervisory Board by way of Resolution No. 13/1834/2021 of March 29th 2021,
- creating a coherent organisational culture rooted in a system of values and a code of ethics,
- enhancing employee engagement and innovativeness,
- managing supply chain responsibility,
- ensuring cybersecurity,
- participating in ESG (Environmental, Social and Governance) reviews and ESG initiatives,
- tracking of key indicators and integrated reporting in line with widely recognised standards and guidance.
To establish a framework for activities in this area, we have developed a procedure entitled Enterprise risk management at the Grupa Azoty Group, which sets out the scope of responsibilities and procedures for each entity participating in the enterprise risk management process. Senior managers involved in risk management are required to communicate the requirements to their subordinate staff, who are obliged to comply with the procedure. Direct supervision of the implementation and contents of the document is exercised by the head of the corporate risk management department at Grupa Azoty S.A., while the Vice President of the Grupa Azoty S.A. Management Board is responsible for monitoring its implementation.
The objective of the risk identification process is to identify sources of information on risks and opportunities and to define key variables in the internal and external environment. Risk assessment includes qualitative analysis, identification and establishment of the key controls, and quantitative analysis that yields specific quantitative parameters. The value of a risk is estimated based on the risk map, which specifies the impact and probability of the risk. After that, risks are prioritised against the Group’s strategic objectives. The risk map is updated when and as needed, at least once a year, and all residual risks are assessed annually. The purpose of these efforts is to allow the Group to assess the effectiveness of its risk mitigation measures.
The Group uses a two-tier risk classification into the following six categories: strategy, organisation and management, financial and credit risks, core business risks, social and environmental risks, safety risks, and market and regulatory risks.