Pirelli’s Enterprise Risk Management model forms part of three key phases in the decision making process:
- strategic planning (medium/long term);
- operational planning (annual and quarterly);
- new investment projects.
Pirelli’s Risk Model was evaluated as the best-inclass in 2011 in the “Autoparts and Tyres” sector by the SAM Group in an assessment for the Dow Jones Indexes in 2011.
|Risk analysis in strategic planning||Risk analysis in the annual and quarterly operational planning||Risk analysis in new investment projects|
Risk analysis and risk measurement accompany the medium/long term planning process that is concluded with the presentation of the three year plan to the investors.
The methodology adopted is structured into three macro-phases:
- (i) definition of the risk model;
- (ii) risk analysis;
- (iii) risk management.
Pirelli’s Risk Model is a model that is used to represent the risk portfolio to which the Group is exposed, and is based on two key areas:
- Strategic Risks, which are closely linked to Pirelli’s objectives and to the strategic choices. This category includes the risks associated with the developments of the “external scenario” in which Pirelli operates and some risks stemming from internal factors (financial risks, risks associated with typical business processes and risks associated with human resources and the organisation).
- Cross Risks, which can always impact the operational activities, regardless of the strategies currently implemented. This area includes the business interruption risks, risks associated with the IT systems, risks linked with compliance with laws and regulations and the risks linked with the financial reporting process.
The Managerial Committee identifies the priority risk areas in relation to the industrial plan’s objectives and the strategic lines (key value driver) with reference to the Risk Model (for example: raw materials/commodities, economic situation, competitors, exchange rates), these areas are examined in greater detail in the subsequent Risk Analysis phase. The significant production sites for the Group’s growth strategies and the information systems to support the core processes are also identified in relation to the Business Continuity and Information Technology transversal risks.
The Risk Management Committee defines the risk analysis methods and establishes the metrics to measure the risk events, in particular:
- the economic, financial and “intangible” reference parameters to measure the risks and their impacts (PBIT, Cash Flow and financial/tax charges, reputation etc.);
- the probability scales;
- the references to assess the maturity level of the existing risk management systems (referred to the level of protection from risk in relation to the existence of management and control procedures/ processes, monitoring/reporting tools and the responsibility and “ownership” of the defined risk).
The priority risk areas are analysed and discussed with the Senior Management in order to identify specific risk scenarios/events for which the region/country and business function Managers are required to assess the exposures. Statistical inference techniques are applied to some risk events which are especially significant for Pirelli to build possible development scenarios as an alternative to the scenarios considered when the industrial plan was defined in order to evaluate the “strength” of its assumptions and the possible impacts on the expected results.
The use of quantitative metrics to measure the impact permits an aggregation of the risks and a representation of the Group’s overall exposure to risk (so-called Profit@Risk).
The Risk Management Committee assures that the following aspects are defined in relation to the so-called Profit@risk:
- the target levels of exposure to priority risks;
- the risk management strategies, in line with the existing risk appetite (transfer, reduce, eliminate, mitigate the risk);
- the plans of action and the “management” policies to maintain the levels of exposure within the “target” limits.
The Board of Directors takes into account the quantified risks and opportunities during the phase to approve the three-year plan and verifies that the volatility of the economic and financial results falls within the defined tolerance threshold.
The causes of risk and the existing risk management structure are analysed in relation to the most significant risk events, in terms of the following aspects:
- risk management strategies, policies and processes;
- organizational protections;
- supporting monitoring/reporting tools and information systems in order to define targeted risk mitigation plans.
The three-year plan targets and the strategic choices which the plan reflects are also submitted to “stress tests” to verify the Group’s economic, financial and equity “capacity” at the occurrence of uncertainty phenomena which cannot be readily “weighed” using probabilistic factors.
The Group’s overall exposure to priority risks and the respective mitigation strategies and actions are contained in the Annual Risk Assessment and Management Plan.
The Risk Officer assures the implementation of the agreed mitigation plans and the on-going monitoring of the exposure to priority risks and the Risk Officer can also propose a redefinition of the current recovery plans (if they are inadequate) and an analysis of any possible emerging risks.