7. Main characteristic of risk management and internal control systems
- GRI disclosures
Solvay leaders and managers are accountable for the adequacy of the risk management and internal control framework in their respective entities (businesses, functions).
The Internal Audit & Risk Management Department (IA/RM) advises and ensures that leaders are well supported. The team is in charge of setting up a comprehensive and consistent system of risk management and internal control across the Group.
Solvay has set up an internal control system designed to provide a reasonable assurance that (i) current laws and regulations are respected, (ii) policies and objectives set by general management are implemented, (iii) financial and extra-financial information is accurate, and (iv) internal processes are efficient, particularly those contributing to the protection of its assets.
The five components of the internal control system are described below.
7.1. The control environment
As the foundation of the internal control system, the control environment promotes awareness and compliant behavior among all employees. Its various elements create a clear structure of principles, rules, roles, and responsibilities, while demonstrating general management’s commitment to compliance.
- The Solvay Management Book lists guiding principles and defines the roles and responsibilities of the Executive Committee, Global Business Units, and functions.
- The Code of Conduct is available on Solvay’s website More information can be found in the Charter on Corporate Governance.
- An Ethics Helpline, managed by a third party, enables employees to report potential Code of Conduct violations if they cannot go through their managers or through the Compliance organization, or if they wish to remain anonymous. More information can be found in the Charter on Corporate Governance.
- Standardized processes are in place for financial and non-financial activities.
7.2. The risk assessment process
The process of risk management takes into account the organization’s strategic objectives and is structured into the following phases:
- Risk analysis (identification and evaluation)
- Decision on how to manage the critical risks
- Implementation of risk management actions
- Monitoring of those actions.
The approach to designing internal controls for major processes includes a risk assessment step defining which key control objectives to tackle. This is the case in particular for processes at subsidiary, shared service, GBU, or corporate level, leading to the production of reliable financial reporting.
More information on Enterprise Risk Management, including a description of the Group’s main risks and the actions taken to avoid or reduce them, can be found in the “Risk management” section.
7.3. Control activities
Solvay uses a systematic approach to designing and implementing control activities for the most relevant Solvay processes.
After a risk analysis and a risk assessment phase, the controls are designed and described by the corporate process managers with the support of the Risk Management team. The controls descriptions are used as a reference for the internal control assessment and roll-out across the Group.
At each level of the Group (corporate, Shared Services platforms, and GBUs), the manager operating the process is responsible for the control execution.
An annual internal control plan (indicating which issues and controls are to be priorities for the coming year, as well as the roll-out plan) is validated each year by an Internal Control Steering Committee chaired by the Group CFO and comprising all function general managers.
Solvay implements policies, processes, and red lines applicable to all employees in the following domains: management control, financing and cash flow, financial control, financial communication, tax, and insurance policies. Control activities are defined for all these financial processes and in major cross-Group projects, like acquisitions and divestitures. Furthermore, an online Financial Reporting Guide explains how the IFRS rules should be applied throughout the Group.
Financial elements are consolidated monthly and analyzed at every level of responsibility in the Company (Solvay Business Services, the finance director of the entity, Group Accounting and Reporting, and the Executive Committee). Elements are analyzed using various methods, such as a variance analysis, plausibility and consistency checks, ratio analysis, and comparison with forecasts.
Besides the monthly reporting analysis prepared by Group Controlling teams, the Executive Committee thoroughly reviews GBU performance every quarter in the context of business forecast reviews.
7.4. Information and communication
Group-wide information systems are managed by Solvay Business Services. A large majority of Group operations are supported by a small number of integrated ERP systems. Financial consolidation is supported by a dedicated tool.
All financial reporting procedures and internal controls ensure that all material information disclosed by Solvay to its investors, creditors, and regulators is accurate, transparent, and timely, and that it fairly represents the Group’s most relevant developments, financial fundamentals, and performance.
The Group Accounting and Reporting department circulates written detailed instructions to all financial actors involved before each quarterly closing.
The publication of the quarterly financial results is subject to various checks and validations carried out in advance:
- The Investor Relations team designs, develops, and issues messages and information about the Group with the needs of financial markets in mind. It does so under the supervision and control of the Executive Committee,
- The Audit Committee ensures that financial statements and communications by the Company and the Group, conform to generally accepted accounting principles (IFRS for the Group, Belgian accounting law for the Company),
- The Board of Directors approves the consolidated periodic financial statements and those of Solvay SA (quarterly – consolidated only, semiannual and annual) and all related communications.
7.5. Internal control monitoring
The Audit Committee is in charge of monitoring the effectiveness of internal control systems. It supervises the work of Internal Audit and Risk Management with regard to financial, operational, and compliance monitoring. It is kept informed of the scope, programs, and results of the internal audit work, and it verifies that audit recommendations are properly implemented. The role and responsibilities of the Audit Committee are further detailed in the Charter.
The content of internal audit assignments is planned and defined on the basis of a risk analysis; due diligence focuses on the areas perceived as having the highest risks. All the consolidated entities within the Group are inspected by Internal Audit at least every three years. Internal Audit recommendations are implemented by management.
Other entities carry out similar activities in very specific areas. For example:
- The Health Safety & Environment department carries out health, safety, and environmental audits,
- Solvay’s Business Services Compliance and Risk Management department conducts information system audits, in coordination with Internal Audit,
- The Ethics and Compliance department coordinates investigations of potential Code of Conduct infringements.