Risks are assessed regularly by individual business areas of ORLEN and the ORLEN Group as part of their self-assessment and risk controls testing. The key objective is to ensure that risk estimation is up to date, and that the risk controls are validated for adequacy and effectiveness. Process and risk owners and in charge of the assessment, based on their positions and remits.
In the risk assessment, the materiality of each risk is determined under three scenarios:
-
where there are no risk-specific controls in place (gross risk assessment);
-
where the existing risk-specific controls are in place (net risk assessment). The net risk assessment requires testing relevant risk mitigating controls, in line with the guidelines adopted by the Company as part of the Enterprise Risk Management Procedure, prepared in accordance with the Enterprise Risk Management Policy adopted by the Company’s Management Board;
-
where the risk is at a desired (acceptable) level – target risk assessment.
Once the risk assessment and risk controls testing processes are completed, the Company’s Management Board and Supervisory Board receive a report highlighting risks assessed as key by the business segments.
Risks at ORLEN and other ORLEN Group companies are defined based on a common model, and further detailed at the level of individual business processes or strategic objectives.