Operational Risk Management Managing operational risks in an Industrial Environment Jo Willaert- Corporate Risk Manager PRMIA - BELRIM 18 September 2014

Agfa Specialty Products Organisation Agfa-Gevaert Group Parent Company Corporate Centre Agfa Specialty Products Agfa Graphics Agfa HealthCare

Agfa in the world Sales organisations in 40 countries Representations in 100 countries Manufacturing sites in 10 countries Other Prepress No 1-2 HealthCare

Agfa Graphics: product portfolio Software Computer-to-Film Film setter Film Analog Plates Offset Press Computer-to-Plate Plate setter Digital Plates Thermal, Polymer & Silver Proofing PC Flexo Printing Flexo Plates Flexo Press Flexo CTP Screen Printing Screen Press Screen exposure frame Screen Digital Inkjet Print Scanner Industrial Inkjet Printing Ink

Agfa HealthCare: product portfolio radiology Processor Conventional X-ray Film Conventional Radiography X-ray Table X-ray Film PACS Dry Film Reusable Phosphor plate CR Digitizer NX workstation Dry Imager Softcopy CR DR-GenRad DR CT MRI US NM PET Scanners Hardcopy

Agfa HealthCare: digital workflow in radiology CR & DR on Musica

Agfa HealthCare: IT solution portfolio The HealthCare Community Referring Physicians Assisted Living Home Care Pharmacists Payors Electronic Patient Record Administration Resource Management Logistics Catering Accounting Billing Planning Examining Diagnosing Treating Reporting Emergency Room Nursing Intensive Care Surgery Intensive Care Laboratory Cardiology Radiology

Agfa Specialty Products: product portfolio Classic Film Functional Foils Advanced Coatings and Chemicals

Enterprise Risk Management Design of an ERM-Program in an Industrial Environment Jo Willaert- Corporate Risk Manager PRMIA - BELRIM 18 September 2014

Design of an ERM-Program in an Industrial Environment Why? To reduce the volatility of the performance of the group To safeguard business continuity When? Started in 2003 Not regulated, so flexibility in set up the ERM-program Agfa’s ERM-Program design is not unique, is based on what was available in the literature at that time but is adapted to the culture and goals of the group. It’s how Agfa did it, there are many other ways to organize ERM.

Design of an ERM-Program in an Industrial Environment Mission Statement of the ERM-Process ERM (Enterprise Risk Management) is the process whereby the risks related to the group’s activities are methodically assessed in order to avoid the negative consequences of the events that might push the company’s performance below expectations

Design of an ERM-Program in an Industrial Environment Responsibilities Group’s Management Risk Owner Risk Manager Internal Auditor versus Risk Manager within the ERM-process

Design of an ERM-Program in an Industrial Environment Responsibilities Group’s Management defines and monitors risk policies in accordance with the company’s global strategy Defining the company’s policy regarding Enterprise Risk Management Defining internal audit planning by allocating audit resources in accordance with the risk management process Defining the goals end objectives within Enterprise Risk Management Monitoring the various ERM-programs Setting of priorities in rolling out the risk management initiative

Design of an ERM-Program in an Industrial Environment Responsibilities Risk Owner Person with the authority to manage the risk, to make the necessary decisions to keep the risk within the agreed boundaries.

Design of an ERM-Program in an Industrial Environment Responsibilities Risk Manager overviews the ERM-process Overview of risk management activities in all risks Support, guidance and best practice to the risk owners Evaluation of adequacy of risk management methods used by the risk owners Preparing/endorsing periodical risk management reporting Ensuring adequate follow-up of the audit recommendations Link between risk owners, Internal Audit and Management

Design of an ERM-Program in an Industrial Environment Responsibilities Internal Auditor versus Risk Manager within the ERM-process Internal Auditor reviews that the internal contracts are operational and that they have the expected result Risk Manager provides support and makes sure that all significant risks are identified and evaluated

Design of an ERM-Program in an Industrial Environment What needs to be done? Objective setting (objectives, indicators, opportunities, frame) Inventory (Identification of every significant risk and its respective owner) Determine the risk tolerance of the group Determine the risk appetite of the board Measure and prioritize each risk Action plan Systematic and Formal Control and Follow Up

Risk Evaluation (gross risk score) Factor Score Description  Probability 1 2 3 4 5 Extremely rare: only in extreme circumstances Rare: every 10 – 25 years Periodic: every couple of years Recurrent: yearly Occurs frequently: can occur more than once   Potential Severity Less than € 10,000 € 10,001-€ 100,000 € 100,001-€1,000,000 € 1,000,001-€ 10,000,000 Over €10,000,000 Time-to-Impact Occurs over a long period of time providing opportunity to adjust or react Occurs quickly, limited advance warning (days / weeks)  Occurs suddenly - no advanced warning - no time to react

RISK MINIMIZING MEASURES times gross risk score = NET RISK SCORE Adequacy Factor Score Description   Insurance 1 0,75 0,50 No insurance available Partial insurance available Fully insured Preventive Measures (before event) No preventive measures available Partially effective preventive measures available Fully effective preventive measures available Reductive Measures (after event) No reducing measures available Partially effective reducing measures available Fully effective reducing measures available Audit Procedures No audit procedures available Partially effective audit procedures available Fully effective audit procedures available

Design of an ERM-Program in an Industrial Environment FINANCIAL RISKS Financial market risks Currency / foreign exchange fluctuations Asset values Credit default Liquidity cash flow issues STRATEGIC RISKS Market demand Customer / industry changes Intellectual capital Research & development Image and reputation M&A / Joint Ventures Channels and networks . OPERATIONAL RISKS Information systems Accounting / control system Key managers Regulatory environment Supply chain HAZARD RISKS General / Public Liability Property damage Employee injury (WC, EB, EPL) Natural disasters Business interruption 7 - 8

Design of an ERM-Program in an Industrial Environment Core roles: Internal Audit Core Role: Risk Management Core Roles: Line Management

Design of an ERM-Program in an Industrial Environment Threats & Pitfalls Too much, too fast, too much details Accumulation of non-significant risks Risk Owner’s limited knowledge of consequences of risks in other processes Risk Ownership (= decision making) often confused with execution responsibility and/or hierarchical position. Lack of communication / co-operation between different departments Lack of support / commitment of senior management Not equal part of yearly objectives/personal targets

Design of an ERM-Program in an Industrial Environment Conclusion No entrepreneurship without risks Risks are opportunities, challenges versus threats, obstacles. ERM is a methodology, Risk Management is an attitude, a mind-set ERM should focus on: Economical reality Budget reality Culture of the group Credibility

Design of an ERM-Program in an Industrial Environment Advice based on own experience Before starting ERM-project: be sure you have the full support of the board be sure you know company’s culture start with the very high risks only communication is listening in the first place patience is a virtue