Operational Risk Management Managing operational risks in an

Operational Risk Management Managing operational risks in an Industrial Environment Jo Willaert- Corporate Risk Manager PRMIA - BELRIM 18 September 2014

Organisation Agfa-Gevaert Group Parent Company Corporate Centre Agfa Graphics 2 Agfa Health. Care Agfa Specialty Products

Agfa in the world • Sales organisations in 40 countries • Representations in 100 countries • Manufacturing sites in 10 countries Health. Care No 1 -2 Prepress No 1 -2 Other 3

Agfa Graphics: product portfolio Software Computer-to -Film setter Film Analog Plates Offset Press Computer-to -Plate setter Digital Plates Thermal, Polymer & Silver Proofing PC Flexo Printing Flexo Plates Flexo Press Flexo CTP Screen Printing Screen exposure frame Screen Press Digital Inkjet Print Scanner Industrial Inkjet Printing 4 Ink

Agfa Health. Care: product portfolio radiology Processor X-ray Table Conventional Radiography Conventional X-ray Film Softcopy CR Reusable Phosphor plate CR Digitizer PACS NX workstation DR-Gen. Rad Dry Imager DR Dry Film CT MRI US NM PET Scanners 5 Hardcopy

Agfa Health. Care: digital workflow in radiology CR & DR on Musica 6

Agfa Health. Care: IT solution portfolio The Health. Care Community Referring Physicians Assisted Living Home Care Pharmacists Administration Payors Billing Planning Emergency Room Intensive Care Nursing Surgery Electronic Patient Record Intensive Care Reporting Laboratory Cardiology Treating Examining Radiology Resource Management Diagnosing Catering Logistics 7 Accounting

Agfa Specialty Products: product portfolio • Classic Film • Functional Foils • Advanced Coatings and Chemicals 8

Enterprise Risk Management Design of an ERM-Program in an Industrial Environment Jo Willaert- Corporate Risk Manager PRMIA - BELRIM 18 September 2014

Design of an ERM-Program in an Industrial Environment • Why? ØTo reduce the volatility of the performance of the group ØTo safeguard business continuity • When? ØStarted in 2003 ØNot regulated, so flexibility in set up the ERM-program ØAgfa’s ERM-Program design is not unique, is based on what was available in the literature at that time but is adapted to the culture and goals of the group. ØIt’s how Agfa did it, there are many other ways to organize ERM. 10

Design of an ERM-Program in an Industrial Environment • Mission Statement of the ERM-Process ERM (Enterprise Risk Management) is the process whereby the risks related to the group’s activities are methodically assessed in order to avoid the negative consequences of the events that might push the company’s performance below expectations 11

Design of an ERM-Program in an Industrial Environment • Responsibilities ØGroup’s Management ØRisk Owner ØRisk Manager ØInternal Auditor versus Risk Manager within the ERM-process 12

Design of an ERM-Program in an Industrial Environment • Responsibilities ØGroup’s Management defines and monitors risk policies in accordance with the company’s global strategy üDefining the company’s policy regarding Enterprise Risk Management üDefining internal audit planning by allocating audit resources in accordance with the risk management process üDefining the goals end objectives within Enterprise Risk Management üMonitoring the various ERM-programs üSetting of priorities in rolling out the risk management initiative 13

Design of an ERM-Program in an Industrial Environment • Responsibilities ØRisk Owner üPerson with the authority to manage the risk, to make the necessary decisions to keep the risk within the agreed boundaries. 14

Design of an ERM-Program in an Industrial Environment • Responsibilities ØRisk Manager overviews the ERM-process üOverview of risk management activities in all risks üSupport, guidance and best practice to the risk owners üEvaluation of adequacy of risk management methods used by the risk owners üPreparing/endorsing periodical risk management reporting üEnsuring adequate follow-up of the audit recommendations üLink between risk owners, Internal Audit and Management 15

Design of an ERM-Program in an Industrial Environment • Responsibilities ØInternal Auditor versus Risk Manager within the ERM-process üInternal Auditor reviews that the internal contracts are operational and that they have the expected result üRisk Manager provides support and makes sure that all significant risks are identified and evaluated 16

Design of an ERM-Program in an Industrial Environment • What needs to be done? ØObjective setting (objectives, indicators, opportunities, frame) ØInventory (Identification of every significant risk and its respective owner) ØDetermine the risk tolerance of the group ØDetermine the risk appetite of the board ØMeasure and prioritize each risk ØAction plan ØSystematic and Formal Control and Follow Up 17

Risk Evaluation (gross risk score) Factor Probability Score Description 1 2 3 4 5 Extremely rare: only in extreme circumstances Rare: every 10 – 25 years Periodic: every couple of years Recurrent: yearly Occurs frequently: can occur more than once Potential Severity 1 2 3 4 5 Less than € 10, 000 € 10, 001 -€ 100, 000 € 100, 001 -€ 1, 000, 001 -€ 10, 000 Over € 10, 000 Time-to-Impact 1 2 3 18 Occurs over a long period of time providing opportunity to adjust or react Occurs quickly, limited advance warning (days / weeks) Occurs suddenly - no advanced warning - no time to react

RISK MINIMIZING MEASURES times gross risk score = NET RISK SCORE Adequacy Factor Insurance Score Description 1 0, 75 0, 50 Preventive Measures (before event) 1 0, 75 0, 50 Reductive Measures (after event) 1 0, 75 0, 50 Audit Procedures 1 0, 75 0, 50 19 No insurance available Partial insurance available Fully insured No preventive measures available Partially effective preventive measures available Fully effective preventive measures available No reducing measures available Partially effective reducing measures available Fully effective reducing measures available No audit procedures available Partially effective audit procedures available Fully effective audit procedures available

Design of an ERM-Program in an Industrial Environment FINANCIAL RISKS Financial market risks Currency. / foreign exchange fluctuations Asset values Credit default Liquidity cash flow issues HAZARD RISKS General / Public Liability Property damage Employee injury (WC, EB, EPL) Natural disasters Business interruption 20 7 -8 STRATEGIC RISKS Market demand Customer / industry changes Intellectual capital Research & development Image and reputation M&A / Joint Ventures Channels and networks OPERATIONAL RISKS Information systems Accounting / control system Key managers Regulatory environment Supply chain

Design of an ERM-Program in an Industrial Environment Core roles: Internal Audit 21 Core Role: Risk Management Core Roles: Line Management

Design of an ERM-Program in an Industrial Environment • Threats & Pitfalls ØToo much, too fast, too much details ØAccumulation of non-significant risks ØRisk Owner’s limited knowledge of consequences of risks in other processes ØRisk Ownership (= decision making) often confused with execution responsibility and/or hierarchical position. ØLack of communication / co-operation between different departments ØLack of support / commitment of senior management ØNot equal part of yearly objectives/personal targets 22

Design of an ERM-Program in an Industrial Environment • Conclusion ØNo entrepreneurship without risks ØRisks are opportunities, challenges versus threats, obstacles. ØERM is a methodology, Risk Management is an attitude, a mind-set ØERM should focus on: üEconomical reality üBudget reality üCulture of the group üCredibility 23

Design of an ERM-Program in an Industrial Environment • Advice based on own experience ØBefore starting ERM-project: Øbe sure you have the full support of the board übe sure you know company’s culture üstart with the very high risks only ücommunication is listening in the first place üpatience is a virtue 24