MANAGING RISKS TO OUR ENTERPRISE
Effective planning and execution of our strategy require careful analysis of all risks associated with PotashCorp's goals and objectives. Based on their likelihood, severity and ability to adversely affect the company, we prioritize the risks and select the ones to manage, and, through mitigation responses, accept, control, share, transfer, diversify or avoid each.
Risk to Reputation
The most severe risk, always, is loss of reputation. Continually building goodwill and communicating with stakeholders, using best practices, committing to sustainability, ensuring transparency and practicing leading-edge corporate governance are ways we mitigate this risk.
RISK MANAGEMENT METHODOLOGY
Recognizing the integrated nature of the risk categories encompassed within our business, we think about PotashCorp's global risk universe as a continuum. Our understanding of the inherent and relative risks within the categories and their interrelationships allows us to design and implement risk management activities that give us the opportunity to execute our strategies and meet our business goals and objectives with acceptable relative risk.
The Risk Ranking Matrix
We identify risks in our global environment and allocate them to six categories: Markets/business, distribution, operational, financial and information technology, regulatory and integrity/empowerment.
When we identify an inherent risk, we assess it against our risk ranking matrix as if no mitigation measures had been taken. We then evaluate the risk in light of any mitigation actions to determine the residual risk.
The matrix is used to assess the severity and likelihood of such a potential event in our overall business, and establish relative risk levels identified by the letters A, B, C, D and E. "A" represents the highest level risk, "E" the lowest.
- Extreme: Initiate risk management activities immediately to reduce risk. If such activities cannot sufficiently reduce risk level, consider discontinuation of the applicable business operation in order to avoid the risk.
- Major: Initiate risk management activities at next available opportunity to reduce risk. If such activities cannot sufficiently reduce risk level, board approval is required to confirm acceptance of this major risk level.
- Acceptable: Level of risk is acceptable within tolerances of the current Risk Management Policy. No additional risk management activities required.
- Low: Monitor risk according to Risk Management Policy requirements, but no additional risk management activities required.
- Negligible: Consider discontinuing any related risk management activities in order to direct resources to higher-value activities, providing such discontinuance does not adversely affect any other risk areas.
Relative risk can be lowered by either reducing the likelihood of the initiating event occurring or reducing the significance of the consequence should it actually occur.
Residual risk is what is left after applying mitigation or control measures to an identified inherent risk. Our objective is to ensure that we are fully aware of all potential inherent risks that could adversely impact the company, and are making appropriate choices about the levels of residual risk to accept.
Our Risk Management Process Is Continuous
Every quarter we re-evaluate risks and address new risks that result from changes in operations, external factors or increase in risks previously identified. Management reports quarterly to the Board of Directors about risk management actions and plans.