Page 61 - EVRY Annual Report 2012
Basic HTML Version
From the Boardroom
61
policy and setting requirements for subcontractors and
monitoring their compliance. The work to achieve improve-
ments addresses technical and technological aspects, organi-
sational measures and competence development throughout
the organisation.
EVRY produced a climate report in 2012 in accordance with
the Greenhouse Gas Protocol and participated in the Carbon
Disclosure Project (CDP).
EVRY achieved a score of 78 points, which is a satisfactory
result for a company reporting for the first time. A climate
report is an important tool for measuring improvement and
ensuring that measures implemented have the desired effect.
Corporate governance
The Board of EVRY is committed to sound corporate govern-
ment practices.
The company applies the Norwegian Code of Practice for
Corporate Governance as issued on 21 October 2010 and
revised on 20 October 2011 and 23 October 2012. The com-
pany produces a comprehensive annual report on corporate
governance as part of its annual report, and the information
is also available on
.
The company complies with the Norwegian Code Practice for
Corporate Governance, with no material deviations from the
Code’s recommendations. EVRY ASA is a Norwegian public
limited company and is listed on the Oslo Stock exchange,
and complies with Section 3-3B of the Norwegian Accounting
Act in respect of corporate governance.
EVRY’s general corporate governance principles are based
on maintaining open and reliable lines of communication,
having a Board that is autonomous and independent of the
group management, having a clear division of responsibil-
ity between the Board and the executive management, and
treating all shareholders equally. Further information on the
company’s corporate bodies and their function and work can
be found in the Corporate Governance report on page 46 of
this annual report.
The group has guidelines for business ethics and social
responsibility. All the group’s employees, including em-
ployees of wholly-owned subsidiaries, are required to sign
an annual declaration to confirm that they have read and
understood the company’s guidelines for business ethics.
All new employees are introduced to these rules as part of
their initial training program, and are also required to sign a
declaration to confirm that they have read and understood
the guidelines.
The group has reviewed its procedures for whistleblow-
ing, and has established a newWhistleblowing Unit,
which has set procedures for managing notifications from
employees. Compliance officers have been appointed for
Norway, Sweden, Ukraine and India. Employees can report
whistleblowing matters to the Whistleblowing Unit, which
handles all such notifications in accordance with formal pro-
cedures approved by the Board. The group also has an agree-
ment with an independent law firm to protect whistleblow-
ers, i.e. employees who wish to take up potentially serious,
censurable or illegal matters, in a manner that ensures their
anonymity with respect to the company’s management.
Risk exposure and risk management
EVRY’s overall objective in its risk management is to identify
and quantify risks in order to provide a basis for decision mak-
ing. In addition, risk management forms part of the process of
value creation by ensuring that risk exposure is taken into ac-
count in the company’s decision processes as well as ensuring
compliance with relevant legislation and regulations.
Risk management is an integrated part of the company’s
management model and of its financial reporting, and the key
areas of risk that the business units consider to be material
are monitored as part of the executive management’s routine
supervision of the business areas and key financial metrics. In
operational terms, the company’s objective is to integrate sys-
tematic risk management into the group’s business processes
as well as supporting our customers in the risk management
they carry out in relation to their value chains.
EVRY has structured and organised its approach to risk
management through an Enterprise Risk Process (ERM). This
process embeds risk management into business activities as
a normal and routine part of activities at every level in EVRY.
EVRY’s ERM process ensures a shared understanding of the
concept of risk, defines a group-wide methodology for iden-
tifying, assessing, managing and monitoring risks, and also
stipulates risk acceptance criteria and limits for the level of
risk that can be owned.
Risk management includes all categories of risks such as
strategic risk, financial risk, reputational risk, operational/
technical risk and compliance risk. EVRY is committed to
making risk management integrated part of its corporate cul-
ture by using risk management to support all critical business
processes.
EVRY bases its ERM process on ISO31000:2009 when optimis-
ing activities to carry out risk assessment. Risk assessment is
the overall process of identifying, analysing and evaluating
risk. The results of risk assessment are managed by the organi-
sational structure, with risk exposure ‘owned’ in accordance
with the appropriate legal structure.
EVRY operates established risk reporting procedures for
the appropriate management groups to report to executive
management, the Board and the Audit Committee, and this
involves reporting all important and critical risk exposure and
ensuring that the ownership of responsibility for the expo-
sure is identified. In 2012, EVRY introduced a risk manage-
ment system (eGRC) in order to support the risk management
process and ensure traceability and aggregation of various risk
