5 minute read
RISK MANAGEMENT
With a view to continuous improvement, Comer Industries has adopted a risk management model inspired by the ISO 31000:2018 standard.
With this in mind, in 2022 the Company further consolidated the method aimed at identifying and assessing risks and progressively applied it to various assessment areas and business processes. The goal is to implement a comprehensive Enterprise Risk Management model in the short term.
The process is formalized in a specific procedure and coordinated by the Quality, Sustainability & Lean Development function, in synergy with the other functions supporting the BoD in decision-making processes, the Board of Statutory Auditors, the SB and the Audit Firm. The risk management model was adopted consistent with the Risk Management material topic resulting from the materiality analysis.
Procedure For Identification And Assessment Of Risks
• Analysis of the context – The internal and external issues and the stakeholders are defined for each context dimension and for each primary process.
• Identification of risks and opportunities – Based on the relevant issues, needs and expectations of involved stakeholders, possible events are identified, the consequences of which could prevent, hinder, or delay the achievement of objectives (risk) or promote, increase, accelerate the achievement of objectives (opportunities).
• Assess risks and opportunities – The risk is assessed by combining the extent of the impact with the probability of its occurrence. The evaluation is carried out considering any existing measures, which confirm or modify the impact and probability measures. The opportunity is assessed by combining the extent of the expected benefit with its duration. The risk matrix is the tool for assessing and recording risks and opportunities.
• Risk and opportunity treatment – Each level of risk/opportunity corresponds with a priority of intervention and relative treatment. Each action is linked to a manager and a completion date.
• Monitoring and review – The plan is periodically monitored to verify the closure of the actions within the pre-established times and to identify any changes in the identification or assessment of the risks and opportunities due to changes in the context.
There are summary and quantitative indicators whose trends are periodically evaluated. Monitoring enables analysis of trends in risk levels and the effectiveness of actions aimed at minimizing the likelihood or effects of priority risks.
The Company also applies the precautionary principle. Introduced in 1992 at the United Nations Conference on Development and Environment, the principle states that "In order to protect the environment, the precautionary approach shall be widely applied by States according to their capabilities. Where there are threats of serious or irreversible damage, lack of full scientific certainty shall not be used as a reason for postponing cost-effective measures to prevent environmental degradation.”
Regarding the risk management strategy, the application of the precautionary principle involves a prior assessment of potential adverse environmental and social effects, which could result from strategic decisions or choices related to products and processes. In the event of risk of serious or irreversible damage is identified, the adoption of appropriate and effective measures, also in relation to the benefits and costs, aimed at preventing or mitigating the negative impacts must be evaluated. Some examples of application of this principle are the adoption of sustainability criteria in the qualification of new suppliers, or the preliminary assessment of risks in the case of new or modified processes.
Management Approach
In addition to quality, environment, and security, the assessment now includes information security, anticorruption, human rights compliance, and finally climate change risks by applying a common weighting and ranking method. For some specific processes such as product development or supplier selection, systematic risk assessment steps have been incorporated into the standards of reference as the basis for decision making.
In summary, or with specific cross-references in the document or to the Company website, the following table shows how the main risks identified are managed, as well as the strategies, policies, and action plans implemented as a safeguard against risks. The reported disclosures also include the consistency of the risk with the underlying material topic of the NFS.
Climate change: risks related to the transition or physical risks.
Cybersecurity: cyber attacks with loss or dissemination of strategic data.
Sociopolitical risks related to social, political, and economic instability in the countries where the Group operates or sells its products.
Compliance
Privacy: loss or disclosure of the personal data of employees or other stakeholders in violation of Regulation EU 269/2016 and Legislative Decree 101/2018.
Effective and efficient energy management. Emissions and climate change. Supply chain sustainability and responsibility. Generation and distribution of value.
Security of personal data and information. Generation and distribution of value. Business continuity. Digitization.
Ethics and integrity in business. Human rights and fair labor practices. Compliance. Supply chain sustainability and responsibility. Business continuity. Generation and distribution of value.
See section Environment | Climate change and emissions management
Information security management included in the Integrated Management System.
Specific risk assessment based on the context and business processes with actions implemented based on a priority scale.
Monitoring of the evolving socio-political-economic environment and worst-case assessment of impacts along the value chain and compliance. Specific risk mitigation actions.
Security of personal data and information. Compliance. Ethics and integrity in business. Generation and distribution of value. Digitization.
Information security management included in the Integrated Management System.
Specific risk assessment based on the context and business processes with actions implemented based on a priority scale.
Digital system for managing personal data and the impacts of context and regulatory changes. Analytical performance measurement tools.
Risks related to corruption in violation of the Code of Ethics and Legislative Decree 231/2001 on corporate administrative liability.
Risks related to the violation of human rights in Company operations or by Company stakeholders.
Risks related to violations of international trade regulations, including restrictions and sanctions applied with respect to the socio-political environment.
OPERATIONAL RISKS
Negative social and environmental impacts of the product downstream of the supply chain.
Ethics and integrity in business. Compliance.
Specific risk assessment based on the context and business processes with actions implemented based on a priority scale.
Ethics and integrity in business. Compliance. Human rights and fair labor practices.
Specific risk assessment based on the context and business processes with actions implemented based on a priority scale.
Ethics and integrity in business. Compliance. Human rights and fair labor practices.
Objective and subjective evaluations of products sold and business partners, with relevant updates based on regulatory developments.
Product/service innovation. Product quality and safety. Environmental impact of products.
Design solutions aimed at reducing environmental impacts and maximizing safe use. Systematic evaluation of product failures before production. Specific requests and evidence relating to product compliance at the same time as the component validation procedure.
Injuries to personnel inside and outside the Company.
Occupational health and safety. Human capital and employee welfare.
Integrated Health and Safety Management System. Specific procedures for contracted suppliers and visitors.
Procedures for traveling staff.
Working environment: demotivation, stress, attracting and retaining talent.
Training and staff development. Human capital and employee welfare. Diversity and equal opportunities.
Continuous training processes and specific pathsComer Academy. Structured performance evaluation and feedback systems (ASC).
Diversity and inclusion policy. Application of agile work in a structured form.
Supply chain: continuity and development of the supply chain.
Supply chain sustainability and responsibility. Ethics and integrity in business. Human rights and fair labor practices. Compliance. Business continuity. Environmental impact of products.
Sustainability engagement. Sustainability performance evaluation during qualification and mass production. Inclusion of sustainability criteria in Vendor Rating metrics.
Due diligence to assess human rights compliance within the supply chain.
Risks related to the transition towards a circular economyResource scarcity.
FINANCIAL RISKS
Responsible use of water resources Responsible waste management.
Market - Credit - Cash - Price and cash flow. Generation and distribution of value.
Implementation of measurement systems, monitoring, targets and improvement actions regarding energy consumption, water withdrawals and waste generated, also in terms of the percentage of recycling.
Please refer to the relevant section in the Report on Consolidated Financial Statements at December 31, 2022.
