The Internal Control and Risk Management System (ICRMS) of Cementir Group is defined as the set of tools, organizational structures, procedures and corporate rules aimed at ensuring, through an adequate process of identification, evaluation, management and monitoring of the main risks, a correct business management, consistent with the set objectives in terms of:

  • compliance with laws and regulations;
  • safeguards of company assets;
  • effectiveness and efficiency of operating activities;
  • accuracy and completeness of reporting.

The Internal Control and Risk Management System of Cementir Group is integrated in the organizational, administrative, accounting and governance structure of the Group.

The Internal Control and Risk Management System involves, at different levels, various corporate actors that interact with each other.

In particular, the Board of Directors has an oversight role by addressing and evaluating the Internal Control and Risk Management System, also by availing of the Audit Committee, which performs a preliminary analysis with reference to the related evaluations and decisions.

The Ethic Committee has the responsibility to ensure that the activities are conducted according to the ethical principles provided by the Code of Ethics. Moreover, it monitors the received reports related to Code of Ethics violations, regarding which it receives periodical information from the Internal Audit Department, and it can request further analysis or specific checks, if necessary.

The Group Management is the first responsible for the internal control and risk management activities and the second level control functions support the Management in the definition of adequate risk management systems and related controls according their competencies (i.e. EHS, Anticorruption, Antitrust, Privacy, etc.).

The Internal Audit Department has the responsibility for carrying out independent assurance activities on the Internal Control and Risk Management System, verifying the related adequacy in relation to the Group size and operating activities and ensuring the definition and implementation of adequate mitigation actions from the Management.

It helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

The Internal Audit Department of Cementir Group, on the basis of the mission assigned on the approved internal Audit Charter, supports the Top Management and the Board of Directors in the continuous improvement of the Internal Control and Risk Management System for all companies of the Group. The Internal Audit Department shall verify all companies on three years basis. 

The yearly "Audit Plan" is drawn up on the basis of a "risk based" and “integrated” approach that guarantees the coverage of the relevant processes and the principal laws and regulations applicable to the Group. 

In this way, the Audit Plan includes operational audits; compliance audits (ex Law 262/05, Human Rights, GDPR, 231 activities, Business Ethics Compliance, Diversity, Equity & Inclusion audits), Environmental, Health & Safety (EHS) audits; investigations to verify all complaints (Whistleblowing) received via dedicated channels and guarantee the respect of law, regulations and internal procedure (included the Code of Ethics of Cementir Group).

Risk Management

Enterprise Risk Management (ERM) is the Group's structure that supports management in identifying, assessing and monitoring risks, as well as defining the most effective response strategies for their mitigation.

The approach adopted by ERM is based on the principles envisaged by the Enterprise Risk Management – Integrated Framework, international standard issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO Report).

Risk management is an annual basis process that involves both the entire Corporate perimeter and a plurality of corporate functions.

The Risk Management Model is characterized by a structured approach, based on international best practices and considering the guidelines of the Internal Control and Risk Management System, which is structured on three control levels:
 

 

The Risk management process takes a top-down and risk-based approach, starting from the definition of Cementir's Industrial Plan. It ensures that major risks are identified, assessed, managed and monitored while taking into account the individual operations, risk profiles and risk management systems of each business unit, to create a wholly integrated risk management process.

At an operational level, the risk owners, through the support of the Risk Management function, identify the risks under their responsibility and provide an indication of the actions necessary to mitigate them. The results of this activity are subsequently consolidated in order to identify risks at the Group level, allowing an integrated management.

Risks are defined in a "Risk Library" divided into five macro categories:

 

 

This library is updated periodically: the latest update has included specific risks on climate change issues.

Cementir has therefore committed itself to adopting the recommendations of the TCFD “Task Force on Climate-related Financial Disclosures” committing to be transparent about the risks and opportunities related to climate change. Identification, assessment and effective management of risks and opportunities associated with climate change are fully integrated into the Group's risk management process.

The risks are assessed with quantitative and qualitative tools considering both the likelihood of occurrence and the impacts that would occur in a defined time horizon when the risk occurs.

MAIN RISKS TO WHICH THE GROUP IS EXPOSED

The main types of risks and opportunities to which the Group is exposed are described below.

  • Russia-Ukraine conflict
    Description Impact Mitigation actions

    The continuation of the conflict will bring risks of STAGFLATION: Rising commodity and energy prices increase the likelihood of sustained high inflation, depressing demand.

    HUMANITARIAN CRISIS: the conflict is a worrying humanitarian crisis affecting millions of people, the costs and effects of which in social, developmental and economic terms will be long-lasting.

    Impact on the Group's earnings figures and financial position

    The Group monitors the development of the international environment by analyzing the impact on business activities, the financial situation and profitability in a timely manner.
  • Volatility in commodity prices
    Description Impact Mitigation actions

    Risk linked to the volatility of commodities market prices (electricity and fuel) and freight costs, which may affect the Group's results.

    COMMODITIES - Electricity and fuel
    The Group is highly exposed to the risk of fluctuations in the prices of all raw materials that enter the production cycle, electricity, coal, petcoke (material derived from oil refining). There is also a risk related to the availability of fuel resulting from macroeconomic market dynamics (especially the outbreak of the Russia-Ukraine conflict). Market trends are constantly monitored in search of the best supply conditions (availability and price) to meet its needs.

    FREIGHT COSTS
    As a result of the global crisis, prices for trade routes have risen increasingly more than in previous years, and prices for container ships have also seen similar increases. There are few signs of a reduction in the short term.

    Cost increases
    • Use of financial instruments to hedge price risk;
    • Sales contracts based on indexed prices;
    • Renegotiation of long-term agreements with suppliers;
    • Replacement of fossil fuels with alternative fuels;
    • Evaluation of the use of gas within the production process;
    • Freight contracts on a COA basis "Contract of affreightment"
  • Cyber security
    Description Impact Mitigation actions

    The growing use of IT systems increases the Company's exposure to various types of risks. The most significant is the risk of cyber-attacks which is a constant threat to the Group.

    Data loss

    Privacy impacts

    Business interruption

    Reputational damage
    • Strengthening of network infrastructure;
    • Strengthening of protection systems;
    • Constant updating of internal procedures;
    • Continuous training for all staff to strengthen the corporate culture on cyber security issues.

     

    .
  • Geopolitical risk
    Description Impact    Mitigation actions

    Geopolitical instability in some of the countries where the Group operates may influence demand trends.

    Impact on the Group's business results of operations and financial condition.
    • Monitoring of the geopolitical context in which the Group operates;
    • Request for letters of credit to protect credit positions;
    • Monitoring of the currency system and monetary policy of the countries where the Group operates.

     

  • Risk of the Covid-19 pandemic
    Description Impact Mitigation actions

    Cementir is an international company present in several countries, some of which have been significantly impacted by the COVID-19 pandemic. Although there is broad consensus on the gradual improvement of global health prospects in the short to medium term, this assumption involves uncertainties mainly related to the large-scale availability of vaccines. If these risks were to persist, they could lead to a disruption of normal market dynamics.

    		 Impact on the Group's operations, earnings, cash flows and financial position

    The Company has promptly adopted control and prevention measures for all employees around the world, including through alternative (remote) working methods, both for offices and operational sites.
    The Group works closely with local management on the development of health plans to be able to intervene promptly with coordinated actions, including “cross-border” activities.

     

    .
  • Health and safety
    Description Impact Mitigation actions

    Risk of accidents that can have consequences for the health of workers and / or cause problems in production processes.
    • Economic
    • Organisational
    • Reputational
    • Relations with local communities
    • Workers' health
    • Improvement of the Group's safety culture;
    • Monitoring of health and safety performance and the effectiveness of improvement plans for all plants;
    • Certification of all cement plants according to international standards (ISO 450001) by the end of 2022;
    • KPIs on health and safety included in the management incentive process.

     
  • Compliance
    Description Impact Mitigation actions

    These are risks related to compliance with applicable regulations (antitrust, anti-corruption, GDPR, Legislative Decree 231/2001).

    		 Potential violations of laws and regulations

    In relation to these risks, the Legal Department implements targeted programmes with guidelines, procedures and training to ensure compliance with the above regulations. The Organisation and Control Models required under Legislative Decree 231/2001 are periodically updated.
    The Internal Audit function carries out specific audits on compliance with regulations.

CLIMATE CHANGE

The cement industry's ability to reduce its CO2 emissions and respond to climate change has become a focal point for investors. In 2021, the Cementir Group has launched a project to implement the recommendations of the TCFD (Task Force on Climate-Related Financial Disclosure) committing to be transparent on risks and opportunities related to climate change. The identification, assessment and effective management of risks and opportunities related to climate change are fully integrated into the Group's risk management process.

As suggested by the TCFD, the Group monitors the risks and opportunities arising from the evolution of transition scenarios and the evolution of physical variables.

Physical variables are divided into two categories of risk:

  • Acute: related to the occurrence of extreme weather conditions such as cyclones, hurricanes or floods. Acute physical phenomena, in the various cases, are characterised by considerable intensity and a frequency of occurrence that is not high in the short term, but which, considering long-term scenarios, sees a clear upward trend;
  • Chronic: refers to gradual and long-term changes in climate patterns (e.g., sustained high temperatures) that can cause sea-level rises or chronic heat waves.

With regard to the energy transition process, towards a progressive reduction of carbon emissions, there are risks and opportunities linked to changes in the regulatory, technological, market and reputational context.

The Group has decided to align itself to the TCFD framework to clearly represent the types of risks and opportunities by indicating how each of them should be managed. The effects were assessed over three time horizons: the short term (1-3 years), linked to the implementation of the Industrial Plan; the medium term until 2030, in which it will be possible to see the effects of the energy transition; the long term until 2050, by which the Group is committed to achieving net-zero emissions throughout its value chain.

  • Physical risk

     

    ACUTE RISK
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Medium Term Increase in the frequency and intensity of extreme weather events such as floods, ice storms, hurricanes. Extreme events can have an impact in terms of damage to assets, interruption of business operations, interruption in the supply chain with impact on the production process. The Group adopts a series of control practices such as real-time monitoring of the weather conditions at each plant.
    It carries out a risk assessment of extreme natural events (e.g. hydrogeological risk) of specific morphological areas.
    Adopt business continuity management processes that guarantee an adequate level of maintenance to limit and/or reduce damage to company assets.
    It requires the certification of environmental management systems according to international standards (ISO140001).    		 SDG's 13

     

    CHRONIC RISK
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Medium Term Water stress due to global warming The Group operates in some areas defined as highly water stressed. This risk may lead to an increase in the costs for the supply and operations for the recovery of water resources used in the production process. As part of its climate commitments, the Group has defined its policy on water management. Maximising its reuse/recycling, minimising withdrawals and consumption and applying efficient operating practices are areas of focus, starting with those geographical areas with the greatest water scarcity. The Group has set targets for improvement in the specific consumption of water for cement production, with an overall reduction of 20% by 2030 and, in areas with greater water stress, of 25%.
         		 SDG's
    SDG's 13
    SDG's 6
  • Transition risk
    POLICY
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Short Term RISK
    Increase in the price of CO2 and adoption of the ETS Regulation in non-EU countries
         		 Regulatory changes regarding the energy transition can impact business performance in both economic and operational terms. The Group has launched a decarbonisation policy and a sustainability strategy, setting emission reduction targets and establishing specific short-term (1-3 years), medium (until 2030) and long-term (until 2050) action plans. SDG's 12
    SDG's 13
    MARKET
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Short Term RISK
    non-availability of raw materials    		 The production of cement and ready-mixed concrete requires the use of raw materials such as clay, blast-furnace slag and fly ash (the latter two are by-products respectively of coal-fired power plants and steel mills whose production is destined to decrease). To mitigate this risk, the Group has established long-term contractual arrangements with suppliers to ensure adequate supply.
         		 SGD's 12
    SDG's 13
    TECHNOLOGY
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Long Term RISK/
    OPPORTUNITY
    CO2 capture and storage project
    The Group, through its subsidiary Aalborg Portland, has launched the following projects:
    -"Greensand II Project"
    -“ConsenCUS”
    The projects aim to capture, liquefy, transport and store CO2 in the North Sea..
    		The Group participates in international consortia funded by the Danish government and the European Union to seize opportunities related to the development of breakthrough technology projects. SDG's 17
    Short Term OPPORTUNITY
    Development of low emission impact products    		 The Cementir Group is developing new products (i.e. FUTURECEM®) with low emission impacts. The production and distribution of a new product with low emission content will allow the mitigation of potential risks and exploit opportunities related to the energy transition.
         		 SDG's 9
    SDG's 13
    REPUTATION
    Time
    horizon    		 Description Impact Mitigation atcions SDG's
    Medium Term OPPORTUNITY
    Increased supply of district heating in the city of Aalborg
         		 The Aalborg plant recovers excess heat from cement production to provide district heating to local residents. In 2021, Aalborg Portland delivered approximately 1.7 million GJ of energy to the municipality of Aalborg. According to the engineering project developed by the Group, the Aalborg plant could improve energy supply by a further one million GJ. The Group maximises opportunities by exploiting heat recovery from combustion processes reducing local community CO2 The Group maximises opportunities by exploiting heat recovery from combustion processes reducing local community CO2 emissions (amount not emitted by the local power plant).ssions (amount not emitted by the local power plant). SDG's
Related content
Page
Corporate regulation
Page
Ethics and compliance
Last update: 04/10/2022 | 10:25