Enterprise-Wide Risk Management

Non-financial and financial risks are regularly identified, assessed, and reported through the Group-wide Enterprise-Wide Risk Management (EWRM) process.

The main purpose of the OMV Group’s EWRM process is to deliver value through risk-based management and decision-making. The OMV Group is constantly enhancing the EWRM process based on internal and external requirements. The process is facilitated by a Group-wide IT system supporting the established individual process steps, guided by the ISO 31000 risk management framework.

The Executive Board is responsible for risk oversight, ensuring that management has put in place a rigorous process for identifying, prioritizing, managing, and monitoring the critical risks affecting the Company. The Executive Board sets, communicates, and implements our risk management culture throughout the OMV Group.

The Group Risk Committee, which is composed of the OMV Group CFO and members of senior management, meets at least four times a year, ensuring that risk awareness and prevention are deeply integrated into decision-making processes. The Committee validates the key non-financial and financial risks identified with respect to OMV’s medium- and long-term objectives. (For more information, see the Annual Report).

OMV focuses particularly on five Sustainability Strategy areas: Health, Safety, Security, and Environment (HSSE); Carbon Efficiency; Innovation; Employees; Business Principles and Social Responsibility. OMV Executive Board members regularly (at least quarterly) discuss current and upcoming environmental, climate, and energy-related policies and regulations; related developments in the fuels and gas market; the financial implications of carbon emissions trading obligations; the status of innovation project implementation; and progress on achieving sustainability-related targets. OMV focuses on assessing the potential vulnerabilities of the Company to climate change (e.g., water scarcity, droughts, floods, and landslides), the impact of the Company on the environment, and the mitigation actions that will ensure a successful transition to a low-carbon environment (reduction of carbon emissions, compliance with new regulatory requirements, etc.).

Risk Management Process

The risk management process combines an intensive bottom-up and top-down approach, with every single employee responsible for implementing the most appropriate mitigation strategies for the risks within their sphere of responsibilities. Risks are identified using a selection of the appropriate risk identification techniques like interviews, workshops, surveys, and analyses of historical losses, but also information on risks documented in risk registers or loss databases. In particular, environmental risks are identified by using approaches such as a standardized environmental risk assessment methodology applying a double materiality approach whenever possible. Such risks are then analyzed against a medium-term horizon of three years or the long-term perspective (more than ten years), including their possible quantitative impact as a deviation of cash flow from the midterm plan and the likelihood of such an impact. Heat maps or risk matrices are used to support the assessment process and serve to identify probability ranges and the related consequences if risks were to materialize.

In order to identify such risks, we continuously monitor OMV’s internal and external environment and conduct interviews with senior management, subject-matter experts, and Executive Board members. This process complements the bottom-up approach and captures the risks inherent in the strategy. We collect information on root causes, consequences, corresponding risk mitigation actions and their effectiveness, and changes in internal and external factors influencing likelihood. These are assessed in working sessions with senior management and subject-matter experts. As part of the Risk Report, this analysis is discussed at the OMV Executive Board level and presented to the OMV Audit Committee.

All risks with risk ratings exceeding a certain threshold at Group level are included in the Group Risk Report and are considered to be substantive irrespective of their probability. However, the threshold can vary depending on the management focus for that specific risk management measure. In addition, risks are considered to be substantive if they are seen as such by relevant stakeholders, including local communities, governmental authorities, employees, or suppliers, even when the financial impact is not significant.

Bottom-up and top-down perspectives are combined to provide a comprehensive risk profile of the organization, which is taken into consideration when the OMV strategy is developed or updated.

Risk Taxonomy

Paying attention to every single risk makes risk management a holistic process. We use common risk terminology and language across OMV in order to facilitate effective risk communication. Environmental, Social, and Governance (ESG) risks are a key element in the OMV taxonomy.

The full spectrum of risks relating to OMV’s business, including economic, environmental, and social issues, is analyzed using either a semi-qualitative or quantitative approach and documented in a centralized risk repository. The resulting corporate risk profile provides a holistic view of issues that could affect Company performance in the medium and long term. The profile is therefore integrated into the decision-making process.

According to the OMV risk taxonomy, the following risk categories are considered:

Financial risks, including market price risks, foreign exchange risks, and risks arising from European Emission Allowances: The market price risk is monitored and analyzed centrally in respect of its potential cash flow impact using a specific risk analysis model that considers portfolio effects. Such risks also cover the impact of volatile prices for (European) Emission Allowances, where typical mitigation activities like spot, forward, or futures transactions are applied to ensure a balanced position of emission allowances by selling the surplus or covering the gap.

Operational risks, including all risks related to physical assets, production risks, project risks, personnel risks, IT risks, HSSE, climate change, and regulatory/compliance risks: All operational risks are identified, analyzed, monitored, and mitigated following the Group’s defined risk management process.

Strategic risks arising, for example, from changes in technology, climate change, risks to reputation, or political uncertainties

For reporting purposes, this taxonomy is mapped to various other risk classifications such as NaDiVeG and TCFD. Additional information on major financial and non-financial risks is included in the Annual Report 2020.