In addition to common business-related risk factors, we pay close attention to other significant risks we may be exposed to, such as sustainability, political, reputational, regulatory and compliance risks. We have developed instruments and know-how that help the Group identify and assess such risks.
We have implemented a risk management process led by the Group General Counsel and approved by the Board of Directors, which sets out a structured process to systematically manage risks. In this process, various risks are identified, analysed and evaluated, and risk-control measurements are determined. The objectives of the risk management process are to continuously ensure and improve compliance with laws and regulations as well as corporate governance guidelines and best practices. The risk management process is also designed to protect the Group from loss of confidence and/or public reputational damage resulting from, for example, inadequate or failed internal processes or systems. Furthermore, the risk management process facilitates the disclosure of potential risks to key stakeholders. At the same time, the process makes all key executives aware of the magnitude of risks and provides them with information for effective decision-making. As part of this process, risk management workshops with regional and functional leadership teams were held in 2020 to identify and evaluate risks. Mitigating actions were also discussed during these risk management workshops and subsequently signed off by the Board of Directors. In addition, a separate risk workshop was held with the Group Executive Board in 2020 to discuss and validate the overall risk portfolio.
The monitoring and control of risks are supported by our internal control system for financial reporting, which defines measures that reduce potential risks. Management is responsible for implementing, tracking and reporting risk mitigation measures, including periodic reporting to the Audit and Risk Committee and the Board of Directors. Each material risk identified has a risk owner at management level who is responsible for the implementation of risk-management measures in his or her area of responsibility. Furthermore, each material risk has a mitigation action owner, mostly in global functions with regional counterparts to ensure local implementation.
The Audit and Risk Committee regularly discusses risks that could materially impact our business and financial position, as well as the development of internal controls to mitigate such risks. In addition, the members of the Audit and Risk Committee periodically review the internal policies and procedures designed to secure compliance with laws, regulations and internal rules regarding insider information, confidentiality, bribery and corruption, sanctions and adherence to ethical standards, and assess the effectiveness thereof. The Audit and Risk Committee discusses with the CFO and the Group General Counsel any legal matters that may have a material impact on the Group’s business or financial position and any material reports or inquiries by regulatory or governmental agencies that could materially impact the Group’s business or financial position. The Audit and Risk Committee, with the support of management, informs the Board of Directors at least annually about any major changes in risk assessment, risk management and any mitigation actions taken. In 2020, the risk portfolio signed off by management was discussed with the Audit and Risk Committee as well as with the entire Board of Directors in their December meetings.
We carry out an annual risk assessment in conformity with the Swiss Code of Best Practice for Corporate Governance. The Group’s risk management systems cover both financial and operational risks.