Values and business principles are an important element of the internal environment for risk management. Directly related to its mission to create brighter lives for people today and generations to come, DSM has chosen sustainability as its one core value. DSM's business principles, which are defined in the DSM Code of Business Conduct, are based on this core value. The DSM Code of Business Conduct, which is available on this website, describes principles in the areas of People (social and humanitarian standards), Planet (principles with regard to the environment) and Profit (principles regarding fair and ethical business practices). The worldwide implementation of the Code is ongoing. It is being supported by the distribution of a booklet in 17 languages, an intranet site and an e-Learning course for all employees.

In line with the mandatory risk management process, business groups that updated their strategy in 2011 performed a business risk assessment to identify and assess the implementation risks of the chosen strategy and agree on responses. At mid-year and toward year-end, all business groups updated their risk assessments as part of the semi-annual risk reporting process. Additionally, risk assessments were performed by a number of central functions and on major projects and programs.

In 2011, the Managing Board updated the Corporate Risk Assessment (CRA). Based on the results of the CRA conducted in 2010, internal risk and incident reports and risk information from external sources, the Managing Board, facilitated by the Corporate Risk Office, identified the risks that are relevant in relation to the achievement of the targets of the strategy DSM in motion: driving focused growth. This strategy is described via the link and in the individual business group reports. Board members individually identified and assessed risks, and during a Managing Board session they reached consensus on these risks and identified any necessary responses to be made in addition to the mitigating actions already in place.

In the CRA, responses were chosen to bring the risks within DSM’s risk appetite. This risk appetite cannot be captured in one figure or formula, but varies per category of risks. The main characteristics of DSM’s risk appetite can be described as follows:

• To fulfill its strategic intent (growth through the four growth drivers: High Growth Economies, Innovation, Sustainability and Acquisitions & Partnerships) DSM is prepared to accept the considerable risks involved. These risks will, however, always be limited by well-defined hurdle criteria and rigorous implementation programs.
• DSM takes a conservative approach to managing financial risks.
• Through dedicated quality, technology and business continuity management, DSM aims to limit its operational risks. DSM’s safety and health policies are aimed at achieving zero injuries and work-related illnesses. The financial impact of operational mishaps is further limited by several insurance policies.
• With regard to legal compliance issues and unethical business conduct, DSM takes a zero tolerance approach.
• Risk tolerance in the areas of stakeholder relations, reputation, sustainability and social responsibility is low. Advanced policies and implementation programs are in place in an effort to turn risks in these areas into opportunities.

Elsewhere on this page and in the description of risk categories on this website, the risk appetite is quantified for several risk areas.

The preliminary outcomes of the CRA were reported to and discussed with the Audit Committee of the Supervisory Board in the meeting of 12 December 2011. These 'top-down' outcomes were compared with the risks and incidents as reported 'bottom-up' by the operational units in their Letters of Representation and with findings from internal and external audits. The final risk profile was reported to and discussed with the Audit Committee of the Supervisory Board on 27 February 2012. It is the basis for the main risks and responses as reported on below.

The CRA identifies the likelihood and impacts of events that could jeopardize the achievement of the targets for 2013, 2015 and 2020 set in the DSM in motion: driving focused growth strategy. In setting these targets, assumptions were made about the macro-economic and global financial developments (basic scenario). Since the recession in 2008 DSM has improved its early warning and forecasting processes. It has also proven to be able to adjust quickly to sudden adverse market conditions. If an economic downturn were to occur again, however, this could have a significant detrimental effect on the achievement of the targets. This effect could be aggravated by volatility in currencies. The sensitivities to variations in several key currencies are given in note 23 'Financial instruments and risks'.

The table below shows the most important risks for DSM achieving its targets under the basic scenario, and the remedial actions to mitigate them.

The top risks and related mitigating actions

Description of risk	Mitigating actions
People, organization and culture The implementation of the strategy is supported by organizational measures to enhance regional and functional effectiveness. These measures may lack sufficient clarity and/or speed, resulting in inadequate collaborative and result-oriented behavior and/or insufficient speed in achieving the projected diverse and international human resource base.	The following mitigating actions are being taken: - Setting up and implementing an overall program for filling leadership positions worldwide. - Implementing clear charters, especially for the regional resources. - Implementing programs for increased diversity of the workforce.
Acquisitions and partnerships DSM has successfully acquired and integrated several activities, most notably Martek. It may, however, have difficulties in implementing sufficient additional value adding acquisitions to fulfill its growth targets.	For acquisitions, resources are being focused and decision making is being optimized by continuous prioritization and direct involvement of the Managing Board.
Innovation Within the Emerging Business Areas, DSM has made Biomedical and Bio-based Products & Services its main areas of focus. Developments in these fields are subject to the uncertainties inherent in new technologies and markets.	Within the areas of focus, DSM will further concentrate its efforts, reinforce the talent base and make sure to fully capitalize on this talent.
Growth and profitability in the Pharma cluster DSM has made a successful start with its partnering strategy in the Pharma cluster, but there remain considerable uncertainties in realizing the desired growth and returning to adequate profitability levels in this business area.	Maximum attention will continue to be given to successfully implementing the Pharma partnering strategy.

 

In addition to the top risks, the most recent risk assessment and reports show the following risks as being most important:

1. Raw material and energy price and availability risks
   DSM implements various policies to avoid supply chain disruptions (e.g. multiple supplier strategy) and decrease price volatility (e.g. commodity hedging). Nevertheless, the increasing complexity and interdependence of worldwide supply streams as well as increasing (perceived) pressure on the availability of resources may lead to price fluctuations and availability issues, influencing DSM’s profitability and/or business continuity.
2. Intellectual property (IP) risks
   The policy of accelerated growth through speeding up innovation and expansion in high growth economies holds the risk of increased exposure in the IP area. Measures will continue to be taken to contain these risks, but these may not always be completely effective in mitigating IP risks.
3. Security (including information security)
   Especially in the area of the security of and access to data in ICT systems a continued focus on monitoring and mitigating actions is required, given the increasing tension between the growing professionalism of cybercrime and widespread use of (mobile) IT.
4. Business continuity risks
   Major disruptions, especially in the supply chain, in manufacturing and in the ICT environment, remain a low likelihood but possibly high impact risk. Actions are being continued to recognize and prepare for the most important scenarios.
5. Safety, health and environmental (SHE) risks
   After a number of fatalities, DSM has enhanced its already strict safety policies even further, among other things by strengthening the implementation of the Life Saving Rules. Nevertheless, SHE risks cannot be excluded altogether and any accidents may have a deep impact in terms of human suffering and (reputation) damage to the company.
6. Product liability risks
   To reduce product liability risks, product risk evaluations have been carried out, contractual and quality procedures have been updated and insurance policies have been reviewed. Unexpected effects of or undetected flaws in DSM's products or services may, however, still cause considerable product liability exposures.

An overview is given of all risk categories that have been identified as potentially important and from which the main risks described above have been derived.. This description is to be considered an integral part of the Integrated Annual Report. Additionally, information on the risks related to financial instruments is also provided in the Financial statements in the section Financial instruments and risks.

For the management of all these categories of risks, strategies, controls and/or mitigating measures have been put in place as part of DSM’s risk management practices. These nevertheless involve uncertainties that may lead to the actual results differing from those projected. There may also be risks that the company has not yet fully assessed and that are currently qualified as ‘minor’ but that could have a material impact on the company's performance at a later stage. The company's risk management and internal control system has been designed to identify and respond to these developments on time, but 100% assurance can never be achieved.

Each business group and each major operational service unit has an Audit Committee which, under the direction of the director of the group or unit, sets up annual risk management plans, monitors their implementation and reviews risk management issues on a regular basis. During the year under review, major risk management events, such as business risk assessments, audits and the occurrence of control failures or weaknesses, were discussed with the responsible Managing Board member.

Commonly occurring risks are mitigated through the implementation of the Corporate Requirements and process controls in the business processes. The operational units regularly test compliance with these requirements and the effectiveness of the controls. Deviations from Corporate Requirements are only allowed temporarily, if sufficient alternative controls are in place and after approval by the responsible Board member. A limited number of waivers have been granted.

As reported last year, a special project was initiated at DSM Nutritional Products (DNP) to bring the unit into compliance with the DSM Corporate Requirements. It can now be confirmed that by year-end 2011 this special project had been completed and material gaps had been closed. For the same reason, critical controls within DNP are checked with a special tool. The outcomes of these checks, too, were satisfactory.

Generic/strategic risks

1. Global financial and economic development risks
2. Risks related to high growth economies
3. Risk of competition and commoditization in existing markets
4. Political and country risks
5. Risks related to divestments, acquisitions and joint ventures
6. Innovation risks (new markets, products and technologies)
7. People, organization and culture risks
8. Intellectual Property protection risks
9. Raw material / energy price and availability risks
10. Sustainability risks

Operational risks

1. Reputation risks
2. Customer risks
3. Production-process risks
4. Business-continuity risks
5. Product-liability risks
6. ICT risks
7. Program and Project Management risks
8. (Information) security and Internal Control related risks
9. Industrial relations risks
10. Safety, health and environmental risks

Financial and reporting risks

1. Liquidity and market risks
2. Currency risks
3. Pension risks
4. Other financial risks
5. Reporting integrity risks

Legal and compliance risks

1. Risks of non-compliance with the DSM Code of Business Conduct, Policies, Requirements and Management Directives
2. Risks of legal non-compliance
3. Risks related to regulatory developments

A continuous effort is being made to inform people about the DSM risk management system and train them in its use. A special version of the risk management training course was conducted for financial staff in China. To increase general awareness of risk management, a video was produced featuring the CEO, the CFO and many other top executives of the company. Finally, new booklets were distributed, containing the purpose and summaries of the Corporate Requirements.

Information on the functioning of the system was collected on a continuous basis. Business groups tracked compliance with Corporate Requirements and follow-up of actions arising from risk assessments; they conducted assessments on the effectiveness of their internal controls and reported and investigated incidents. Independent audits on the effectiveness of risk management implementation were executed by the Corporate Operational Audit department according to a program agreed with the Audit Committee of the Supervisory Board. If applicable, information coming in via the DSM Alert whistle-blowing channel was also used as a source for reviewing the effectiveness of the risk management system. Any critical findings were addressed immediately.

By signing an affidavit, the business group controllers confirmed, among other things, that the quarterly financial statements had been produced according to the internal accounting rules and reporting procedures.

Based on developments within and external to the company, as well as findings from the various risk assessments, audits and monitoring and reporting efforts, the Corporate Risk Office drew up a consolidated risk report, including recommendations for further improvement of the risk management system. These recommendations were integrated into an update of the Corporate Risk Management Plan 2011-2015.

In the May 2011 meeting of the Audit Committee of the Supervisory Board the most important enhancements to the risk management system and developments in the risk profile were discussed. The enhancements are described in the next section.

At the end of the second quarter, the operational units were asked to provide an update of their material risks and incidents over the first half of 2011 and the status of the mitigation of the risks reported over 2010, and to specify any material risks or uncertainties for the rest of the year. The consolidated overview of these risks, incidents and mitigation measures was the basis for the risk section and the statements of the Managing Board as provided with the first-half figures in accordance with the requirements of the Dutch Financial Markets Supervision Act.

Together with the annual financial accounts, the directors of all entities reporting to the Managing Board reported on any material strategic, operational, reporting and compliance risks or incidents over the year 2011 in their Letter of Representation. The Corporate Risk Office consolidated the reported risks and incidents and compared them with the outcome of internal and external audits and of the Corporate Risk Assessment. The findings were reported to and discussed with the Audit Committee of the Supervisory Board in its meeting on 27 February 2012.

Initiatives to further enhance controls in the area of product liability, project management, (information) security and safety, health and environment were continued. In order to support strategic developments within DSM, special attention was given to the high growth economies (enhancement of local risk management capabilities and region specific risk assessment, starting in China), sustainability (improvement of reporting controls, inclusion of sustainability risks in the risk register and risk assessments), and acquisitions and partnerships (improvement of risk management practices in the integration of acquisitions and joint ventures). Finally, new, more flexible concepts for control and continuous control monitoring were developed.