BE ER BE ER

Enterprise Risk Management Enterprise Risk Management

Dick Oude AlinkDick Oude AlinkCorporate Risk ManagerCorporate Risk Manager

October 18, 2005October 18, 2005

Risk Management

Risk Management

6% Other regions

17% USA/Canada

9% Asia

22% Other European countries

46% Euro region

Akzo Nobel in the WorldAkzo Nobel in the World

Geographic breakdown net sales (by origin)Geographic breakdown net sales (by origin)

Risk Management

OrganizationOrganization

Board of Management

Corporate Staff

Chemicals BUsPharma BUs Coatings BUs

Risk Management

PharmaPharma

• Intervet, Organon, NobilonIntervet, Organon, Nobilon

CoatingsCoatings

• Car Refinishes, Decorative Coatings Europe, Car Refinishes, Decorative Coatings Europe, Decorative Coatings International, Industrial Finishes, Decorative Coatings International, Industrial Finishes, Marine & Protective Coatings, Nobilas, Powder CoatingsMarine & Protective Coatings, Nobilas, Powder Coatings

ChemicalsChemicals

• Base Chemicals, Functional Chemicals, Polymer Base Chemicals, Functional Chemicals, Polymer Chemicals, Pulp & Paper Chemicals Chemicals, Pulp & Paper Chemicals (Eka Chemicals), Surfactants(Eka Chemicals), Surfactants

Business UnitsBusiness Units

Risk Management

Akzo NobelAkzo Nobel

Our AmbitionOur AmbitionBe the first choice of customers, shareholders Be the first choice of customers, shareholders and employees and a respected member of societyand employees and a respected member of society

Our CommitmentsOur Commitments•Focus on our customersFocus on our customers•Competitive returns for our shareholdersCompetitive returns for our shareholders•Create an attractive working environment Create an attractive working environment •Socially responsibleSocially responsible

Risk Management

Our StrategyOur Strategy• Obtain leadership positionsObtain leadership positions• Seek market segments with an attractive structural Seek market segments with an attractive structural

profitabilityprofitability• Develop critical massDevelop critical mass

Our ValuesOur Values• Entrepreneurial spiritEntrepreneurial spirit• Personal integrityPersonal integrity• Social responsibilitySocial responsibility

This strategy calls for a constant upgrading of the portfolio

Akzo Nobel Akzo Nobel

Risk Management

Akzo NobelAkzo Nobel

Our PrinciplesOur Principles• Recognize our responsibilitiesRecognize our responsibilities• Endorse free enterpriseEndorse free enterprise• Insist on business integrityInsist on business integrity• Encourage community activitiesEncourage community activities• Stimulate communicationStimulate communication

Health, Safety and the EnvironmentHealth, Safety and the Environment• HSE is an integral part of the business policyHSE is an integral part of the business policy• Go beyond complianceGo beyond compliance• Actively support HSE care programsActively support HSE care programs

Risk Management

Akzo NobelAkzo Nobel

Policy Health, Safety and the EnvironmentPolicy Health, Safety and the Environment• Prevent harm to and promote the health of employees Prevent harm to and promote the health of employees

and other stakeholdersand other stakeholders• Strive to prevent injuries at work Strive to prevent injuries at work • Prevent or minimize the environmental impactPrevent or minimize the environmental impact• Expand our concern for HSE (Product Stewardship)Expand our concern for HSE (Product Stewardship)

In SocietyIn Society• Be a respected member of societyBe a respected member of society• Support educational, sports, arts, cultural and scientific Support educational, sports, arts, cultural and scientific

programsprograms• Encourage young talentEncourage young talent

Risk Management

Have a LookHave a Look

Go to website

Facts and FiguresFacts and Figures

Risk Management

EUR mln

Net income* 770

Net sales 12,688

Operating income* 1,210

Number of employees (year-end) 61,450

* excluding nonrecurring items

Key Figures 2004Key Figures 2004

Risk Management

PeoplePeople

32%

19%

2%

47%

60%

14%

7%

15%

4%

PharmaCoatingsChemicalsOther units

EuropeNorth AmericaLatin AmericaAsiaOther regions

Risk Management

Breakdown Net Sales 2004Breakdown Net Sales 2004

PharmaCoatingsChemicals

25%

34%

41%

Risk Management

Research and DevelopmentResearch and Development

• 2004 R&D expenditures (EUR 823 million), 2004 R&D expenditures (EUR 823 million), were down 7,0% from 2003.were down 7,0% from 2003.

• R&D expenses as percentage of sales: 6.5%R&D expenses as percentage of sales: 6.5%

20%

15%

10%

5%

0%

3% 3%

Pharma Coatings Chemicals

16%

Risk Management

Be aware that risks can have many faces……

Risk Management

Why Risk Management and why now?Why Risk Management and why now?

• Dynamic and complex business environmentDynamic and complex business environment

Risk Management

Dynamic & Complex Business EnvironmentDynamic & Complex Business Environment

• Global CustomersGlobal Customers

• Fluctuating Exchange ratesFluctuating Exchange rates

• Increasing raw material/transport pricesIncreasing raw material/transport prices

• Changing regulationsChanging regulations

• Reduced raw material availabilityReduced raw material availability

• Complex logisticsComplex logistics

• etc.etc.

Risk Management

Why Risk Management and why now?Why Risk Management and why now?

• Dynamic and complex business environmentDynamic and complex business environment

• Changing risk arenaChanging risk arena

Risk Management

Changing Risk ArenaChanging Risk Arena

from 2000 onwardsfrom 2000 onwards late 1990’slate 1990’s

11 Loss of ReputationLoss of Reputation FireFire

22 Failure to ChangeFailure to Change Business InterruptionBusiness Interruption

33 Business InterruptionBusiness Interruption Employee RisksEmployee Risks

44 Product LiabilityProduct Liability EnvironmentalEnvironmental

55 Computer CrimeComputer Crime Computer CrimeComputer Crime

Clear tendency towards intangible & non-insurable risksClear tendency towards intangible & non-insurable risks

The Risk List ‘Greatest Risk Top 5’The Risk List ‘Greatest Risk Top 5’

Risk Management

Why Risk Management and why now?Why Risk Management and why now?

• Dynamic and complex business environmentDynamic and complex business environment

• Changing risk arenaChanging risk arena

• Shareholder & stakeholder expectationsShareholder & stakeholder expectations

Risk Management

• PeoplePeople

Shareholder & Stakeholder ExpectationsShareholder & Stakeholder Expectations

• ProfitProfit• PlanetPlanet

Risk Management

Why Risk Management and why now?Why Risk Management and why now?

• Dynamic and complex business environmentDynamic and complex business environment

• Changing risk arenaChanging risk arena

• Shareholder & stakeholder expectationsShareholder & stakeholder expectations

• Corporate Governance requirementsCorporate Governance requirements

Risk Management

Corporate Governance RequirementsCorporate Governance Requirements

• Transparency in operations (opportunities and risks)Transparency in operations (opportunities and risks)

• Risk based thinking (internal and external auditors)Risk based thinking (internal and external auditors)

• Law on behalf of Shareholders and StakeholdersLaw on behalf of Shareholders and Stakeholders

- Sarbanes Oxley- Sarbanes Oxley

- Tabaksblat- Tabaksblat

- European Corporate Governance Forum- European Corporate Governance Forum

Risk Management

Corporate Governance RequirementsCorporate Governance Requirements

COSO Internal Control framework

Control Environment

Risk Assessment

Control Activities

Information & Communication

Monitoring

Internal Environment

Objective Setting

Event Identification

Risk Assessment

Risk Response

Control Activities

Information & Communication

Monitoring

COSO ERM framework

Enterprise Risk Management within Enterprise Risk Management within Akzo NobelAkzo Nobel

Risk Management

Risks are inherent to our Risks are inherent to our business operationsbusiness operations

&

by taking measured risks by taking measured risks we want to we want to make moneymake money

Risk Management

Managing risks is a pre-requisite for Managing risks is a pre-requisite for generating sustainable valuegenerating sustainable value

&

mustmust therefore be an integral therefore be an integral part of our business activitiespart of our business activities

Risk Management

Enterprise Risk ManagementEnterprise Risk ManagementPrinciplesPrinciples

• Have opportunities and risks visible and understandableHave opportunities and risks visible and understandable

• Show transparency on balance of risks, internal and Show transparency on balance of risks, internal and externalexternal

• Avoid surprisesAvoid surprises

– FinancialFinancial– ReputationReputation– Compliance Compliance – Business principlesBusiness principles

Risk Management

Enterprise Risk Management Enterprise Risk Management ProgramProgram

CorporateGovernance•Tabaksblat•SOX

Risk Managementprocess

Internal risk reporting

External risk reporting

objectives/strategy

risk profiles

risk paragraphTOP, SOP, RF LOR

Framework: COSO Risk

Management Framework

and Process

Risk Management standards and best practices

Process owner: ARM

Business planning

Business planning levels• Akzo Nobel• Group• BU, sub BU, process,

site, plant• Corporate

departments

Risk awarenessIntegrated RM

Transparency Transparency

Risk Management

Enterprise Risk ManagementEnterprise Risk ManagementImplementation ApproachImplementation Approach

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Sites

Plants

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Compliance

Sub-BUs

Processes

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Operational

BUs

Corp. Depts.

Top 10 Risks

Per Risk profile

Actions

Risk Profile

Strategic

BoM

Groups

Risk

Transparency

Risk

Consolidation

Risk

Responses

Management

Self-Assessment

Business

ObjectivesAkzo Nobel

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Sites

Plants

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Compliance

Sub-BUs

Processes

Top 10 Risks +

Risk Responses

Per Risk profile

Actions

Risk Profiles

Operational

BUs

Corp. Depts.

Top 10 Risks

Per Risk profile

Actions

Risk Profile

Strategic

BoM

Groups

Risk

Transparency

Risk

Consolidation

Risk

Responses

Management

Self-Assessment

Business

ObjectivesAkzo Nobel

Risk Management

Enterprise Risk ManagementEnterprise Risk ManagementWorkshop ProcessWorkshop Process

Key Success FactorsKey Success Factors

• Top-Down processTop-Down process

• Fully aligned with Business Planning Fully aligned with Business Planning

and Reportingand Reporting

• Bottom-Up reporting Bottom-Up reporting

• Execution at all (management) levelsExecution at all (management) levels

• Maximum use of employees Maximum use of employees

knowledge and experienceknowledge and experience

• Enforced Decision-making process Enforced Decision-making process

• Use of robust interactive toolsUse of robust interactive tools

Understand theBusiness

Clarify Objectives

AssessRisks

Identify Risks

Respond to Risks

1 2

34

5

Understand theBusiness

Clarify Objectives

AssessRisks

Identify Risks

Respond to Risks

1 2

34

5

2001 Initial Pilot 2002 Project Roll-out 2003 Operational 2004 Fully Applied2005 Continuous

Improvements

Risk Management

Akzo Nobel

Risk Policy

Policy

1 2

34 5

Understand Clarify

IdentifyAssess

Respond Process

E N V I R O N M E N T R I S K

I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K

P R O C E S S R I S K

© 2001 Arthur Andersen. All rights reserved.

Customer SatisfactionHuman Resources

Product DevelopmentEfficiency

Cycle TimeCompliance

Product/Service FailureEnvironmental

Health and SafetyTrademark/Brand

Name Erosion

Capacity

OPERATIONS RISK EMPOWERMENT RISK

Leadership

OutsourcingCommunications

Authority/Limit

INFORMATION PROCESSING/TECHNOLOGY RISK

IntegrityInfrastructure

INTEGRITY RISK

Employee Fraud

Unauthorized Use

Reputation

CompetitorCatastrophic Loss Patent Regulatory Industry

Shareholder RelationsSovereign/Political

FINANCIAL RISK

CurrencyCommodity

Cash Flow

ConcentrationDefault

Price

Liquidity

Credit

OPERATIONALProduct Pricing

Regulatory ReportingContract Commitment

Financial Reporting Evaluation

FINANCIALBudget and Planning

Investment Evaluation

STRATEGICEnvironmental ScanBusiness Portfolio

Valuation

Resource AllocationPlanning

Technological InnovationGlobalization

Product AcceptanceResource Availability

Product Costing Product Life Cycle

Channel Effectiveness LanguageBusiness Plan

Q.Reviews

Reporting

Board

Business Units

Accountabilities

Letter of

LOR

Representation

AssuranceTools

Documentation

Website

Support

Akzo Nobel Enterprise Risk Management ProgramAkzo Nobel Enterprise Risk Management Program

Risk Management

Enterprise risk management Policy

Akzo Nobel is committed to creating long-term value for its customers, shareholders, employees and

society, recognising that sustainable profit is essential for the continuity of its business. Risks are an

integral part of our business and can feature both in terms of opportunities and gains, as well as

threats and losses.

Our policy is to ensure that risks are timely identified, adequately understood, properly assessed and

effectively responded to by responsible employees at all levels within the company. Through our

enterprise risk management framework, we want to provide reasonable assurance that our business

objectives can be achieved and our obligations to employees and society can be met.

Approved by the Board of Management, December 2001

A clear policy statement

Risk Management

Akzo Nobel Risk Management ProcessAkzo Nobel Risk Management Process

Understand the Business

ClarifyObjectives

AssessRisks

IdentifyRisks

Respond to Risks

1 2

3 4

5

Workshop preparation

WorkshopIntroduction

Workshop execution

WorkshopFollow-up

Risk Management

The Risk Management Process in 5 basic stepsThe Risk Management Process in 5 basic steps

Understand the Business

Clarify Objectives

AssessRisks

Identify Risks

Respond to Risks

1 2

3 4

5

Risk Management

1.1. Understand the BusinessUnderstand the Business

What is the nature of the business?What is the nature of the business?

What is the culture and operating style within and What is the culture and operating style within and around the business?around the business?

What are the internal constraints which limit freedom of What are the internal constraints which limit freedom of action or choice?action or choice?

What are the external constraints like laws, regulations What are the external constraints like laws, regulations and mandatory standards?and mandatory standards?

The design of the enterprise risk management The design of the enterprise risk management framework will vary according to the characteristics framework will vary according to the characteristics of the business of the business

Risk Management

2. Clarify ObjectivesClarify Objectives

What expectations have been set?What expectations have been set?

What promises have been made?What promises have been made?

What must be delivered?What must be delivered?

Who is responsible for achieving the objectives?Who is responsible for achieving the objectives?

Do the objectives cover all elements of sustainable Do the objectives cover all elements of sustainable development (economic, social & environmental)?development (economic, social & environmental)?

Clarification of the objectives enables the Clarification of the objectives enables the identification of the related risksidentification of the related risks

Risk Management

3. Identify risksIdentify risks

Health, Safety & Environment

Customers

Asset Integrity

Financial

Natural events Reputation

IT systems

Laws & Regulations

People

Partnering

Research & developmen

t

Integrity

Risk Management

The Impact versus Likelihood map

Likelihood

Imp

act

HighLow

High

Low

Customer satisfaction

Regulatory

Reputation

Credit

Business Interruption

InterconnectedBilling and revenue

Assurance

IT SystemIntegrity

Financial ReportingEvaluation

Pricing

Technology obsolescence

Fraud

Capital Availability

PerformanceMeasurement

Medium Human Resources Product

Development

Efficiency

Competitor

4.4. Assess the RisksAssess the Risks

Risk Management

The Risk level versus Control effort map

CONTROL EFFORT

HighLow

Low

High

Risks may be Under-

controlled

Risks may be over-

controlled

Ris

k L

evel

Moderate

Acceptable level of control effo

rt

for the ris

k

4.4. Assess the RisksAssess the Risks

Risk Management

Risk Sourcing and Response DevelopmentRisk Sourcing and Response DevelopmentWhat do we need to do to deal with the identified risk?

Control Effort

Ris

k L

eve

l

low

low

high

• Reduce effort level

highModerate

• Maintain current effort level

What needs to be done?• Increase effort level

Risk Management

5.5. Respond to Risks (the four T’s)Respond to Risks (the four T’s)

In relation to a particular risk there areIn relation to a particular risk there arecertain basic strategies to choose from:certain basic strategies to choose from:

• TTerminate the activityerminate the activity

• TTransfer the risk to another partyransfer the risk to another party

• TTreat the risk by instituting appropriate business controlsreat the risk by instituting appropriate business controls

• TTake the risk (where no further cost effective controls ake the risk (where no further cost effective controls are possible)are possible)

Risk Management

Take

Intentionally pursue

Fully accept

Finance the consequences

Build in contingencies

Transfer

Insure

Share (JV, alliance, partnership

Contract out (outsource, assign)

Diversify / spread

Hedge

TeERMinate

Cease activity

Pull out of market

Divest

Change objectives

Reduce scale

Treat

Dealing with risk requires adaptation:

• Organization

• People & Relationships

• Direction

• Operational

• Monitoring

5.5. Respond to RisksRespond to Risks(possible risk response strategies)

Risk Management

Risk sourcingRisk sourcingFinding the root cause of the risk• The aim is:

– To create a clear picture of where and how business risks originate

– To focus attention on the specific areas that have the highest

influence on the respective risks

– To assist in developing effective risk responses (action plans)

plant reliability

dependency on single source

catastrophic accidents

No back-up capacity

political/legislation

Business interruption

inherent hazardproduct

process

maintenance risk

inaccessibility

Lack of preventive maintenance

Having chosen to have one supplier

No other suppliers known

No other suppliers available

terrorism

Natural catastrophe

human error

Accident at neighbour

Site infrastructure and utility restriction

Logistics related accidents

sabotage

Lack of knowledge

Investment too high

no back-up plan

Previous experience

public opinion

permit issues

HSE legislation

Create a Contingency plan

Analysis opportunity cost vs worsecase scenario

Review and update maintenance programs

Risk Management

Response DevelopmentResponse DevelopmentWhat must be done to deal with the root cause?Risk Source/Root

causeAction Responsible Due date

plant reliability

dependency on single source

catastrophic accidents

No back-up capacity

political/legislation

Business interruption

inherent hazardproduct

process

maintenance risk

inaccessibility

Lack of preventive maintenance

Having chosen to have one supplier

No other suppliers known

No other suppliers available

terrorism

Natural catastrophe

human error

Accident at neighbour

Site infrastructure and utility restriction

Logistics related accidents

sabotage

Lack of knowledge

Investment too high

no back-up plan

Previous experience

public opinion

permit issues

HSE legislation

Create a Contingency plan

Analysis opportunity cost vs worsecase scenario

Review and update maintenance programs

Risk Management

Follow-up and Closing Follow-up and Closing Risk Management reporting format (I)

Report date (dd-mm-yy):

Organisation Updated Organisation Updated

(s)BU risk profile Top-10 risks in terms of Risk level (impact * likelihood)

# Impact Likelihood Control Effort Risk Level Risk PriorityA 0.0 0.0

B 0.0 0.0

C 0.0 0.0

D 0.0 0.0

E 0.0 0.0

F 0.0 0.0

G 0.0 0.0

H 0.0 0.0

I 0.0 0.0

J 0.0 0.0

Most significant risks in terms of risk level (descending order of risk level = Impact x Likelihood)

Risk Management Report for TOP/RF(sub-)Business Unit:

Risk Maps

Description of risk

1.0

5.0

9.0

1.0 5.0 9.0Likelihood

Impact

1.0

41.0

81.0

1.0 5.0 9.0 Control Effort

Risk Management

Enterprise Risk ManagementEnterprise Risk ManagementMonitoring RisksMonitoring Risks

Last year’s Risk profile

This year’s Risk profile

Continuous Management ReviewContinuous Management Review

• External developmentsExternal developments

• Changes in the Changes in the Business ObjectivesBusiness Objectives

• Internal DevelopmentsInternal Developments

• Other Risk Profiles in Other Risk Profiles in the Organizationthe Organization

• Risk Mitigation ActionsRisk Mitigation Actions

Risk Management

Enterprise Risk Management Enterprise Risk Management StandardsStandards

• Risk profiles throughout the organization Risk profiles throughout the organization

(BoM, BUs, sBUs, processes, main sites and corporate)(BoM, BUs, sBUs, processes, main sites and corporate)

• Actual & up to date risk profiles and actions plans (Annually Actual & up to date risk profiles and actions plans (Annually

reviewed)reviewed)

• Risk Profiles for strategic changesRisk Profiles for strategic changes

(major investments, acquisitions, divestments, etc.)(major investments, acquisitions, divestments, etc.)

Risk Management

ERM on track forERM on track forCorporate GovernanceCorporate Governance

• SEC Final rule SOX 404: COSO

• Tabaksblat: COSO

• PCAOB Audit Standard No. 2: COSO

Risk Management

ERM on track forERM on track forCorporate GovernanceCorporate Governance

SEC Final rule SOX 404:• The COSO Framework satisfies our criteria and may be used as an evaluation

framework for purposes of management's annual internal control evaluation

and disclosure requirements. Tabaksblat:• “II.1.4. It would be logical for the management board to indicate in the

declaration on the internal risk management and control systems what framework or system of standards (for example the COSO framework for internal control) it has used in evaluating the internal risk management and control system.

PCAOB Audit Standard No. 2:• The COSO report, provides a suitable and available framework for purposes

of management's assessment. For that reason, the performance and reporting directions in this standard are based on the COSO framework.

Risk Management

Enterprise Risk ManagementEnterprise Risk ManagementProcess applied to:Process applied to:

• Projects (e.g. Investments, Outsourcing, Innovation, etc.)Projects (e.g. Investments, Outsourcing, Innovation, etc.)

• Acquisition/DivestmentsAcquisition/Divestments

Risk Management

ConclusionConclusion

• Enterprise Risk Management is proven to add value to Enterprise Risk Management is proven to add value to the companythe company

• Enterprise Risk Management is mandatory for Akzo Enterprise Risk Management is mandatory for Akzo Nobel, both internally as well as externallyNobel, both internally as well as externally