Risk management process
Organization of BASF Group’s risk management
Risk management process
- Integrated process for identification, assessment and reporting
- Decentralized management of specific opportunities and risks
- Aggregation at a Group level
The BASF Group’s risk management process is based on the international risk management standard COSO II Enterprise Risk Management – Integrated Framework (2004), and has the following key features:
Organization and responsibilities
- Risk management is the responsibility of the Board of Executive Directors, which also determines the processes for approving investments, acquisitions and divestitures.
- The Board of Executive Directors is supported by the corporate units Finance; Corporate Controlling; Strategic Planning & Controlling; Legal, Taxes, Insurance & Intellectual Property; and the Chief Compliance Ofﬁcer. They coordinate the risk management process at a Group level and provide the structure and appropriate methodology. Opportunity and risk management is thus integrated into the strategy, planning and budgeting processes.
- A network of risk managers in the business and corporate units advances the implementation of appropriate risk management practices in daily operations.
- The management of speciﬁc opportunities and risks is largely delegated to the business units and is steered at a local level. Risks relating to exchange rates and raw material prices are an exception. In this case, there is an initial consolidation at a Group-wide level before derivative hedging instruments, for example, are used.
- BASF’s Chief Compliance Officer (CCO) manages the implementation of our Compliance Management System, supported by additional compliance officers worldwide. The CCO regularly reports to the Board of Executive Directors on progress in the program’s implementation as well as on any signiﬁcant results. Furthermore, the CCO provides a status report to the Supervisory Board’s Audit Committee in at least one of its meetings each year, including any major developments. In the event of signiﬁcant incidents, the Audit Committee is immediately informed by the Board of Executive Directors.
- The internal auditing unit (Corporate Audit) is responsible for regularly auditing the risk management system established by the Board of Executive Directors in accordance with Section 91(2) of the German Stock Corporation Act. Furthermore, as part of its monitoring of the Board of Executive Directors, the Supervisory Board considers the effectiveness of the risk management system. The suitability of the early detection system we set up for risks is evaluated by our external auditor.
- The Risk Management Process Manual, applicable throughout the Group, forms the framework for risk management and is implemented by the business units according to their particular business conditions.
- A catalog of opportunity and risk categories helps to identify all relevant opportunities and risks as comprehensively as possible.
- We use standardized evaluation and reporting tools for the identiﬁcation and assessment of risks. The aggregation of opportunities, risks and sensitivities at the business and Group level using a Monte Carlo simulation helps us to identify effects and trends across the company.
- Company management is informed about operational opportunities and risks (observation period of up to one year) in the monthly management report produced by the Corporate Controlling unit. In addition, the corporate units Corporate Controlling and Finance provide information twice a year about the aggregated opportunity/risk exposure of the BASF Group. Furthermore, if a new individual risk is identiﬁed which bears reputational risks or has a more than €10 million impact on earnings, it must be immediately reported.
- As part of our strategy development, the Strategic Planning & Controlling unit conducts strategic opportunity/risk analyses with a ten-year assessment period. These analyses are annually reviewed as part of strategic controlling and are adapted if necessary.
- Our Group-wide Compliance Program serves to ensure adherence to legal regulations and the company’s internal guidelines. Our global employee Code of Conduct firmly embeds these mandatory standards into everyday business. Members of the Board of Executive Directors are also expressly obligated to follow these principles.