A business is subject to uncertainties that could cause actual results to differ materially from those reflected in the forward-looking statements. The risk management report discusses various dimensions of an enterprise risk management (ERM). ERM System adopts a systematic and disciplined approach to provide clear responsibility and accountability structures for risk
management, and consists of three major components comprising risk governance, risk infrastructure and oversight and assignment of risk ownership.
Enterprise risk management encompasses:
Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
Enhancing risk response decisions – Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.
Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation. These capabilities inherent in enterprise risk management help management achieve the entity’s performance and profitability targets and prevent loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity’s reputation and associated consequences. In sum, enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way.
An entity has to establish how and when it shall receive information about its risks and risk management. The periodic recurring risk reporting is designed to provide reliable, current, complete and timely information to the recipients, reflecting the nature of different risk types as well as market developments. The Board, the CEO and the Management Team, as well as other functions that require such information, receive regular reports, which among other things include a comprehensive and objective presentation of the major risks, risk appetite and the level of risk management in order to enable the Board to ensure that risk management and control is satisfactory. Any breach of the appetite
limits requiring immediate escalation according to the entity’s policy should be reported directly to the CEO, the board. All risk related decisions, and other discussions having implication for the management and control should be documented.