Note 30 – Enterprise Risk Management Audited

The Enterprise Risk Management (ERM) program is a critical platform for Lonza’s global organization and business as it provides a mechanism and a structure for prudently addressing risk responsibility and management in each and every organization. Lonza pursues a comprehensive risk management program as an essential element of sound corporate governance and is committed to continuously embedding risk management in its daily culture.

Lonza’s ERM process is performed in four steps: Step 1: Identification (through detailed risk discussions with risk owners), assessment and assignment of risks; Step 2: Consolidation, review and prioritization of risks; Step 3: Presentation of consolidated risk overview to the Executive Committee and Board of Directors; and Step 4: Update on risks and mitigation measures.

Lonza has identified six risk categories: (i) strategic risks, (ii) financial risks, (iii) corporate governance and reputation risks, (iv) political, legal and regulatory risks, (v) products and services risks and (vi) operational and performance risks.

Each identified risk is assessed according to its probability of occurrence and its negative impact on the Group:

  • The probability of occurrence is assessed for the period until year-end 2019, with a risk range from unlikely to highly probable.
  • Any potential negative effect of a risk is assessed according to its impact on the annual Group’s EBIT, the Group’s reputation and the Group’s operations.

Through the above-described process, we have drawn up a Lonza-specific risk universe. Risks have been identified for each segment and for the corporate functions, and they are tracked if there is a year-on-year increase or decrease. These risks scenarios were presented to the Executive Committee and to the Board of Directors at their meetings in October 2016 with a follow-up of status of mitigation actions during the first quarter of 2017.

Financial risk management is disclosed in note 28.