Risk Management

In addition to common business-related risk factors, we pay close attention to other significant risks we may be exposed to such as sustainability, political, reputational, regulatory and compliance risks. We have developed instruments and know-how that helps the Group to identify and assess such risks

We have implemented a risk management process led by the Group General Counsel and approved by the Board of Directors, which sets out a structured process to systematically manage risks. In this process, various risks are identified, analysed and evaluated and risk-control measurements are determined. The objectives of the risk management process are to continuously ensure and improve compliance with laws and regulations as well as corporate governance guidelines and best practices. The risk management process is also designed to protect the Group from a loss of confidence and/or public reputational damage resulting from, for example, inadequate or failed internal processes or systems. Furthermore, the risk management process facilitates disclosures to key stakeholders of potential risks. At the same time, the process creates an awareness of all key executives of the magnitude of risks and provides them with information for effective decision-making. As part of this process, risk management workshops with regional and functional leadership teams were held in 2019 to identify and evaluate risks. Mitigating actions have also been discussed during these risk management workshops with subsequent sign-off by the Board of Directors. In addition, a separate risk workshop was held with the Group Executive Board in 2019 to discuss and validate the overall risk portfolio.

The monitoring and control of risks are supported by our internal control system for financial reporting, which defines measures that reduce potential risks. Management is responsible for implementing, tracking and reporting of risk mitigation measures, including periodic reporting to the Audit and Risk Committee and the Board of Directors. Each identified material risk has a risk owner at management level that is responsible for the implementation of risk-management measures in his or her area of responsibility. Furthermore, each material risk has a mitigation action owner, mostly in global functions with regional counterparts to ensure local implementation.

Risks that could materially impact our business and financial position and the development of internal controls to mitigate such risks are regularly discussed within the Audit and Risk Committee. In addition, the members of the Audit and Risk Committee periodically review the internal policies and procedures designed to secure compliance with laws, regulations and internal rules regarding insider information, confidentiality, bribery and corruption, sanctions, and adherence to ethical standards, and assess the effectiveness thereof. The Audit and Risk Committee discusses with the CFO and the Group General Counsel any legal matters that may have a material impact on the Group’s business or financial position and any material reports or inquiries from regulatory or governmental agencies that could materially impact the Group’s business or financial position. The Board of Directors is at least annually informed by the Audit and Risk Committee, with the support of management, about any major changes in risk assessment, risk management and any mitigation actions taken. In 2019, the risk portfolio signed off by management was discussed with the Audit and Risk Committee as well as with the entire Board of Directors in their December meetings.

We carry out an annual risk assessment in conformity with the Swiss Code of Best Practice for Corporate Governance. The Group’s risk management systems cover both financial and operational risks.