Denisa POPA Strategy and PMO Team Leader Risk management We are exposed to a wide variety of risks, some with a short-term impact, as part of our business operations. To counter this potential risk, we use a uniform risk management system defined at REWE Group level by applying our core values: z Self-assessments – Governance, Risk and Compliance (GRC) approach for identification,risk assessment and risk management with a focus on the "antitrust" and "corruption" components z 4 risk management strategies – avoidance, mitigation, transfer and acceptance At the same time, we use the Risk to chance "R2C" software tool, mainly designed to identify and reassess compliance risks. Risk Managers independently identify, assess and manage risks in our risk departments throughout the year. The following parameters are considered when identifying and categorizing risks: the relevance of their potential to threaten the business, financial situation and earnings, cash flow and the Group's reputation. Each identified risk is categorized as high, medium or low. Top management is informed of the results of the analyses carried out by the risk officers and the stage of implementation of the management plans. In addition, in accordance with mandatory provisions, any significant new or existing risks identified that may have a material impact are reported in a timely manner and directly to management. For more details on how we manage risks and ensure legal compliance, you can access previous sustainability reports. Relevant risks are managed and monitored by corporate departments selected according to their expertise. In addition to operational business risks with significant threat, the focus is also on risks in the areas of legal and compliance, finance, accounting, tax and duties, IT and information security or data protection. In 2022, the following major risk categories have been identified at group level: Specific relevant risks Risk level* Data security and cybercrime Cyber-attacks and data security requirements Considerable Catastrophes The pandemic Considerable Compliance Antitrust law Substantial Purchase of goods Supply chain Significant * Risk assessment is based on given or realistically foreseeable circumstances. In principle, risks are assessed on a net basis (= monetary loss minus mitigation measures plus costs incurred for these measures). Specifically for PENNY Romania, 46 risks were identified in 2022. The risks identified with the highest likelihood of occurrence are: false consumer information/misleading commercial practices and incorrect selling prices. As a preventive measure, supervision by the area sales manager was implemented. Another risk with high probability of occurrence identified was bankruptcy of service providers (prepress, print shop, logistics, distributor, radio shop). The preventive measure implemented was the contractual liability for unforeseeable situations. In regards to the volatility of energy prices (electricity and gas), as recommended by the group, the risk no longer applies this year. SUSTAINABILITY REPORT PENNY ROMANIA 2022 82/250 SUSTAINABILITY STRATEGY ABOUT US AND OUR VALUE CHAIN THE FUTURE IS MADE TODAY SUSTAINABILITY HIGHLIGHTS MESSAGE FROM THE GENERAL DIRECTORS CONTENTS SUSTAINABILITY STEP BY STEP
RkJQdWJsaXNoZXIy MTk3NjE0OQ==