Risk management

To establish a framework for the activities in this area, a management system procedure entitled ‘Enterprise Risk Management at Grupa Azoty’ has been developed. It identifies the responsibilities of individual entities taking part in the risk management process and the procedures they should follow. Directors involved in risk management are required to communicate the requirements to their subordinate staff, who are obliged to comply with the procedure. Direct supervision of the implementation and contents of the document is exercised by the Head of the Corporate Risk Management Office at Grupa Azoty S.A., while the President of the Grupa Azoty S.A. Management Board is responsible for monitoring the implementation.

Risk identification is a continuous process and involves a great number of people. Its objective is to identify sources of information on threats and opportunities and to define key variables in the internal and external environment. Risk assessment includes qualitative analysis, identification and establishment of the key controls, and quantitative analysis that yields specific quantitative parameters. Risk value is estimated based on a risk map, which specifies the effect and likelihood of the risk. Then, risks are prioritised against the Group’s strategic objectives. The risk map is updated on a quarterly basis and all residual risks are assessed annually. This is to help assess the effectiveness of the risk mitigation measures taken.

The Group uses a two-tier risk classification in the following six categories: strategy, organisation and management, financial and credit risks, core business risks, social and environmental risks, safety risks, and market and regulatory risks.