Integrated Annual Report 2014

Key instruments

Risk management principles at the LOTOS Group
I. Risks are identified in reference to the strategic and operational objectives pursued by the organization and assessed from the annual and long-term perspectives. Risks are evaluated in terms of their potential consequences for the organization’s financial standing and reputation, as well as for the environment and people’s health. 
In 2014, we introduced an additional criterion for operational risks, which are now assessed also in terms of their impact on processes within Grupa LOTOS. We also began identifying operational risks affecting specific processes, with the detailed identification and assessment of process risks to be continued in 2015.
II. A course of action, controls and protection measures are defined for each of the risks. If a risk is deemed material, detailed risk management charts are prepared. The charts specify how a given risk should be mitigated and what actions to take should it materialise. Key risk indicators (KRI) are defined, by means of which the risk can be monitored in accordance with established guidelines. Risks are managed by the respective risk owners. 
III. Twice a year, all the defined risks are reviewed and updated.
IV. We have implemented appropriate standards for communicating and reporting the results at each stage of the process.
Participants in the Enterprise Risk Management system

Enterprise risk management initiatives at the LOTOS Group are supported by the ERM Portal, an IT tool. The Portal is used to record risks, assess them and prepare risks maps, to monitor current risk indicators and the progress of planned actions, as well as for reporting purposes. Audit results are also recorded in the Portal if the relevant audits involve the review of individual risk management processes and specific incidents.