Risks, risk management and opportunities

Nobia is exposed to a number of strategic, operational, compliance and financial risks that could undermine our ability to achieve business objectives into the future. Nobia’s Enterprise Risk Management framework and internal control environment are designed to manage these risks.

Risk management is by its nature a dynamic and ongoing process. Our well-defined approach is flexible to ensure that it remains relevant at all levels of the business, and dynamic to ensure we can be responsive to changing business conditions. This is particularly important given the diversity of the Group’s locations, markets and production processes. 

During the year, Nobia revised and standardised the risk management process in the Group, which is under implementation. Group management has conducted sev- eral workshops with the aim of identifying and analyzing the most important risks to which Nobia is exposed. Group management reports risk issues on an ongoing basis to the Board. The details of the review and the risk management framework and processes on which the Group’s risk review is based are set out in this section. This report addresses the Group’s principal risks.

With the World Health Organisation declaring the corona- virus outbreak a public health emergency of international con- cern, citing worries about its spread, we are identifying potential risks across our business, taking appropriate mitigation action
as necessary and ensuring we keep up to date with the rapidly
developing situation. 

Nobia Risk Management Framework 

Nobia has an established process for Enterprise Risk Manage- ment (ERM) that provides a framework for the Group’s risk activ- ities.

The purpose of the ERM process is to provide a Group-wide overview of Nobia’s risks by identifying them, evaluating them and providing a basis for decision-making regarding the management of risks, and to facilitate monitoring of the risks and how they are managed. The Corporate Governance Report, on pages 100– 109, presents further descriptions of the internal controls used to manage the risks associated with financial reporting.

Sustainability and climate-related risks are integrated in our overall business risk assessment process. Furthermore, we have sustainability risk assessments as integrated parts of our supplier assessment and product management process.

Nobia’s risk management process consists of five stages and is described in more detail below. 


Nobia's Risks Management Process

  1. Strategy & Appetite. The Board has overall responsibility for setting the Group’s strategy and is responsible for monitoring and maintaining the effectiveness of the Group’s risk management activities and internal control processes. The Board has determined the Group’s risk appetite, using a risk rating matrix that considers both the likelihood and the magni- tude of the impact if the risk event occurs. The risk rating matrix is based on the residual risk that the Group faces after considering the internal con- trol environment and other mitigating factors.

  2. Risk identification. Nobia utilises a structured risk and control iden- tification process to identify risk. The basis for this identification pro- cess is an annual workshop with both a bottom-up and a top-down method. All Business Units and functions are required to regularly conduct a detailed review to identify material risks inherent and compile a risk reg- ister which is reviewed and approved by the Regional Management Team. The Group reviews the most material risks on a regular basis and identi- fies the risks they are managing at Group level, which is then reported to the Board.

  3. Risk assessment. Risk assessment is a natural part of the day-to-day business and risk assessments form part of all investment decisions and how we conduct our business. Nobia utilises a structured risk assessment process that is carried out by the Business Units and functions in accordance with the minimum standards established by the InternalControl function. Each of the Group’s principal risks is reviewed in detail by the Audit Committee through the course of the year, considering the detailed risk description, the controls and mitigating actions in place and the resultant residual risk exposure.

  4. Risk treatment. The risk management process ensures that the vari- ous Business Unit management teams review the principal risks in their respective businesses and identify the actions and controls in place to mitigate risk. Management assurance is provided on both a formal and informal basis, and risk management is embedded in all decision- making processes, with ongoing review by the Board. Action plans are developed for identified risks and lines of business and Group companies are held accountable for tracking and resolving issues in a timely manner.

  5. Risk Monitoring. Nobia strives for continual improvement through efforts to enhance controls, ongoing employee training and devel- opment, talent retention, and other measures. Risk reports are pro- duced on a Group-wide basis as well as by line of business and Group func- tions. Reporting includes the evaluation of key risk indicators against the established stated risk appetite. The Audit Committee performs an annual review of the risk management policy and plan, including consideration of acceptable risk tolerance levels for the Group. In 2020, the Committee will continue to focus on the principal risks to the Group and the actions taken to mitigate these risks.