ORLEN ORLEN Group 2017
Integrated Report

Risk Management


In the course of its business, the ORLEN Group conducts ongoing monitoring and risk assessment and undertakes actions aimed at minimizing its impact on the financial situation.

Functioning of the Enterprise Risk Management System

In 2017, the organisation and underlying principles of the Enterprise Risk Management System did not change relative to the previous year. Based on its Enterprise Risk Management Policy and Procedure, the ORLEN Group monitors and assesses its risk exposures on an ongoing basis and takes steps to minimise their impact.

As required by these internal regulations, the Audit, Financial Control and Enterprise Risk Management Office was established to coordinate the enterprise risk management (ERM) processes across all levels of the organisation, to provide independent assessment of risk management and internal control systems, and to analyse business processes. Management boards at each ORLEN Group company, supervised by their respective supervisory boards, are responsible for risk management.

The Enterprise Risk Management System is a tool used to support effective delivery of the ORLEN Group’s strategic and operational objectives. It ensures identification of strategic risks and  control mechanisms as well as their assessment.

Key roles in the Corporate Risk Management System

Management Board
  • Monitoring of the Corporate Risk Management System.
  • Risk assessment acceptance for the Company / the ORLEN Group.
Audit Committee of the Supervisory Board
  • Monitoring of the Corporate Risk Management System.
Audit, Financial Control and Enterprise Risk Management Office
  • Coordination of the process of corporate risk management as well as provision of tools and methodological support for the process participants.
Processes owners
  • Risk assessment on the process level.
  • Coordination of the process of control mechanisms self-assessment.
Risk owners
  • Main risk elements management.
Control owners
  • Supervision over realization of control activities in processes in which they take part.
  • Running self-assessment of control mechanisms.
The ORLEN Group Employees
  • Risk identification.
  • Conveying information about potential risk to the Audit, Financial Control and Enterprise Risk Management Office.

The assessment of risk by the business areas in PKN ORLEN and the ORLEN Group companies is carried out every year, as part of the process of self-evaluation, and its purpose is to provide an update of risk assessment which are most significant for the organisation. The process and risk owners are responsible for its performance. The most significant element of the methodology applied involves the comparison of two risk assessments: gross risk assessment (value of risk in the absence of control mechanisms and preventive measures) and net risk assessment (value of risk estimated taking into account the efficacy of the control mechanisms and preventive measures for the specific risk that are in place).

As a result of periodic assessment of control mechanisms by control owners, plans of corrective actions are defined for the individual risks and controls, which main aim is to achieve an acceptable net risk level. The report on the most significant risks and planned method of their limitation is submitted to the Management Board and the Supervisory Board Audit Committee after completion of risk assessment and control mechanisms testing process.

The adopted methodology allows to identify risks in the ORLEN Group on a basis of a common model and link them with business processes and strategic objectives.

Audit and control tasks are carried on the basis of annual control and audit plans, approved and accepted by the Management Board, Supervisory Board Audit Committee and the Supervisory Board. Ad hoc audits and controls are also commissioned by the Supervisory Board and the Management Board of the Company.

In 2017, the process of risk self-assessment and control mechanism testing carried out in PLN ORLEN encompassed the assessment of 521 risks by testing 1,251 control mechanisms in 83 business processes. In the ORLEN Group companies 1,036 risks and 2,750 control mechanisms in 215 processes were assessed.

In 2017 the ERM system was implemented in the following ORLEN Group companies: PKN ORLEN, Anwil, Grupa ORLEN Lietuva, Grupa Unipetrol, ORLEN Deutshland, ORLEN Paliwa i ORLEN Centrum Usług Korporacyjnych. The implementation was stated also in the ORLEN Południe Group.

As part of the implemented in the ORLEN Group Corporate Risk Model, all identified risks are classified according to the following categories:
I. STRATEGIC RISKS – risks directly connected with the strategic goals, referring to specific actions and to the degree of their performance. For the purposes of detailed identification of strategic risks, partial strategies are created for the individual areas attributed to the business owners, who perform quarterly risk assessments.
II. PROJECTS RISKS – events or circumstances which may have a negative impact on at least one project goal realization, if they occur. They are assessed on a systematic basis during work projects, and in any case at least once a year as part of the self-assessment process.
PROCESS / OPERATIONAL RISKS - identified within the existing business processes, refer directly to key business goals as well as enable efficient processes management. These risks are assessed annually as part of the self-assessment process by the business owners. The intention of the process is to confirm the effectiveness of the control mechanisms  and keeping the net risk at the defined level.

Risks and processes classification along with control mechanisms within the ERM functioning

Risks/Processes Risk description Risk mitigation method
  • Inconsistent and unrealistic strategic goals and assumptions.
  • Change of strategic goals/assumptions during the process.
Systematic review of the key strategic goals to check if they are up to date and their ongoing monitoring against the changing environment (regulations, market, key suppliers, etc.)

Division of competences
  • Inappropriate division of competences between the organisational units.
  • No decision-making centre.
High degree of employee specialization, appropriate assignment of duties and responsibilities by developing precise scopes of tasks.
Internal consistency
  • Lack of internal consistency between strategic goals within the organisation.
Preparation of partial strategies for individual areas for the purpose of specific identification of strategic risks as well as review of their consistency and approval by the Management Board.

New regulations

  • Entry into force of unfavourable legal regulations
  • No effective action of the public administration in relation to enforcement of the law.
Participation in public consultations for legislative drafts reducing the risk of unfavourable regulations.
Accidents at work and other threats
  • Insufficient knowledge about work safety among contractors.
  • Threats to work safety and fire safety related to the presence of third-party employees on the ORLEN Group’s premises.
Supervision and management of contractors’ work by implementation of tools to monitor work safety.Implementation of uniform requirements for contractors and subcontractors in line with the guidelines set forth in the “ORLEN Group Safety Standard no. 9”.
Budget overrun
  • Inappropriate estimate of the project implementation costs.
Systematic monitoring of the contractor’s activities and potential delays in project realization.
Schedule overrun
  • Inappropriate assumptions concerning the project completion time.
Constant supervision over the performance of the work in progress, systematic evaluation of the progress of implementation of successive stages of the project and enforcement of performance of the work.
Project scope modification
  • Incomplete performance of the project.
  • Exceeding the project framework.
Systematic analysis of the environment in which the project is being implemented. Depending on the circumstances arising, potential decision to change the scope of its implementation.
Division of competences
  • Inappropriate division of competences between the organisational units.
  • No decision-making centre.
Preparation and implementation of methodology concerning competency division of project team members in order to avoid conflict of interests. Utilisation of dedicated IT tool supporting project implementation.
  • Absence of IT systems supporting project implementation.
Definition of alternative IT systems at the project planning stage or commencement of testing of other systems allowing project implementation.
  • Supplying crude oil (by land and by sea) in a quantity and of a quality not corresponding to the requirements.
  • Planning supplies of crude oil in such a way as to meet the quality requirements.
Monitoring of the process of supplies carried out by land and by sea. Using dedicated analytical and statistical tools, analysing industry and news portals.
Monitoring of the market of selected crude oil types with regard to their availability and purchase possibility. Confirmation of purchase profitability each time for transactions not covered by contracts.
  • Purchase of investment services and biocomponents.
Supplier selection process performed in line with the procedures in force and in accordance with the required documents (including market analysis, time schedule, supplier assessment).
  • Guarantee of production continuity.
Making sure that internal procedures are in place making it possible to react effectively in the case of an emergency by way of purchasing services and raw materials for production directly.
  • Inappropriate planning and management of repairs in the production area.
Functional IT system supporting the repair planning process and maintenance at the production plant.
  • Ineffective production balancing.
The area responsible for the production balancing process has tools in place making it possible to perform the balancing process in an optimum manner. The procedures and processes in place define responsibility, scope and deadlines for the provision of input data for the production balancing process.
  • Failure to achieve the assumed economic benefits resulting from the implementation of the initiatives.
Ongoing monitoring and verification of initiatives on the basis of expert knowledge, ensuring the realisation of projects with highest efficiency potential.

Distribution and logistics

  • Environmental pollution as a result of the distribution processes carried out.
Periodic checking of levels of fuel products contamination in Oil Terminals.
  • Failure to comply with the requirements to physically maintain an appropriate level of mandatory stocks.
Systematic monitoring of stock levels.
  • Failure of the logistics infrastructure affecting supply of products continuity or risk of their loss.
Periodic inspections of the condition of the logistic infrastructure.


  • Inefficient process of contract conclusion and price negotiations.
Pricing policy setting forth the rules of collaboration with contracting parties and implemented systemic mechanisms to prevent irregularities. Checking the correctness of parameters of the contracts with fleet clients before entering them into the system and verifying customers’ purchasing potential.
  • Failure to apply ethical standards and unfair conduct on the part of employees, fraud on company property and other violations.
Checking compliance with the ethical standards in place, as well as observance of the Ethical Code of Conduct; checking for any signs pointing to violations of ethical standards or fraud.
  • Failure of the pricing policy to maximize benefits and to develop market potential.
Dedicated tools used to manage prices and to ensure the pursuit of an efficient and competitive pricing policy.
Checking and monitoring whether changes in retail prices are entered correctly in the systems.


  • Readiness to react quickly with regard to adjustment of sales plans in the case of changes in the value and production chains.
Systematic checking of sales and production plan implementation with the participation of the wholesale area and of the supply chain management office.
  • Inefficient process of negotiating terms and of concluding commercial contracts.
Negotiation of trading conditions and signing agreements in accordance with the scope of authority granted.
Formal process in place for the conclusion of contracts and for the issuing of opinions about them.
  • Failure of the pricing policy to maximize benefits and to develop market potential.
Price formulas approved by the area responsible for pricing policy development. Additional review by the units responsible for product sale.


  • Commodity risk – related to changes in margins generated from the sales of products, to the Brent/Ural differential, to prices of crude oil and products as well as of CO2 emission allowances, and to the risk related to prices of commodities in cash-and-carry arbitrage transactions.
Market risk management policy and hedging strategies defining the rules for measuring individual exposure, parameters and time horizon for the hedging against the specific risk, as well as the use of hedging instruments.
  • Exchange rate risk – related to the currency exposure of cash inflows and outflows, investments as well as assets and liabilities denominated in foreign currencies.
  • Interest rate risk – related to assets and liabilities held, for which the interest revenue and costs depend on variable interest rates.
  • Liquidity risk – related to an unexpected shortage of cash or lack of cash or access to sources of financing.
Policy for short-term liquidity management, defining the rules of reporting and consolidating liquidity of PKN ORLEN and ORLEN Group companies. The Group pursues a policy of diversifying sources of financing and uses diversified tools for efficient liquidity management.
  • Risk of loss of cash and deposits – risk of bankruptcy of domestic or foreign banks in which the ORLEN Group keeps or invests its cash. Short-term credit rating of the bank.
Short-term liquidity management policy and policy of diversifying sources of financing as well as a tool for efficient liquidity management.
  • Credit risk – related to the contracting parties’ failure to pay trade receivables Analyses of contracting parties’ reliability and solvency.
Management based on the procedures and policy adopted with regard to trade credit management and debt recovery.

Applicable law and other regulations2

  • Amendments to existing legislation or new regulations significantly influencing the ORLEN Group as well as its financial position and business results.
Monitoring changes in legislation in countries, where the ORLEN Group operates as well as active participation in legislative processes.

Corporate management

  • Insufficient IT system security.
A procedure in place in relation to the management of logical access to IT systems, which includes for instance authorization of requests to grant or modify rights, restricted access to the OS layer and databases as well as to the system hardware, and complex level of password security.
  • Inappropriately configured operational planning and supply chain optimization model favouring non-optimal business decisions.

Periodic analysis and update of models used for operational planning and daily monitoring of operating plan implementation.

Standardization of data layout for corporate planning purposes and precise work scheduling.

1For detailed description of the financial risks as well as the methods applied to measure, manage and hedge the risks, see section 9.3 of the Consolidated Financial Statements for 2017.
2The principal legislative acts regulating the oil sector include:
Biofuels – the Act amending the Act on Biocomponents and Liquid Biofuels and Certain Other Acts of November 24th 2017, which entered into force on January 1st 2018 – the purpose of the amendment is to facilitate the implementation of the National Indicative Target (NIT) by fuel companies and change the structure of its implementation. The regulations essentially remove the quantitative limit on the amount of biocomponents (liquid bio-hydrocarbons, HVO) added to diesel oil; introduce quarterly measurement of the fulfilment of the compulsory blending targets; introduce a mechanism of double counting of ‘advanced biocomponents’ (mainly derived from waste) in NIT; introduce the possibility of 15% derogation from the NIT in exchange for an emission charge; and lower penalties for failure to meet the NIT.
Emergency stocks – producers and traders must pay a substitute fee for gradual reduction in the amount of physical stocks they are required to maintain. Poland: fulfilment of the physical stocks target – from December 31st 2017: 53 days, the substitute fee maintained at its current level (PLN 43/t of oil equivalent and PLN 99/t of LPG). Czech Republic: emergency stocks are maintained by a state agency for 90 days of net imports of crude oil and are financed from the state budget. Lithuania: maintaining stocks equivalent to the higher of 90 days of average daily net imports or 61 days of average daily domestic consumption. The amount equal to at least 30 days of average daily domestic consumption is collected and maintained by the state agency as earmarked stocks, with the balance maintained by businesses.
Regulations on the liquid fuel market and on curbing grey economy in fuel trade – the Act Amending the Value Added Tax Act and Certain Other Acts (the so-called “fuel package”) of July 7th 2016 and the Act Amending the Energy Law and Certain Other Acts (the so-called “energy package”) of July 22nd 2016, which introduced a number of changes to the regulation of the liquid fuel market in Poland, including new rules regarding VAT settlements liquid fuel imports to Poland, and linked the requirements with licence requirements.
Monitoring of road freight transport  – the Act on System of Monitoring Road Freight Transport of March 9th 2017. The purpose of the act is to further curtail the grey economy in fuel trade in Poland,  and the legislation supplements the solutions introduced as part of the fuel package and the energy package. The act imposes an obligation to register road transport of goods considered to be sensitive and to establish a system for monitoring such transport.
Energy and electricity efficiency – the Act Amending the Energy Law and Certain Other Acts, which regulates such matters as the cogeneration support mechanism (until the end of 2018), revenue from yellow and red certificates, costs of fulfilling the obligation towards end users of electricity (green and purple certificates), and costs of emission charges in the event of a failure to hold the required number of certificates of origin.
CO2 – Maintaining in 2018 free CO2 emission allocation for the ORLEN Group following designation of its units as exposed to the risk of carbon leakage. Directive 2003/87/EC of the European Parliament and of the Council of 13 October 2003 establishing a scheme for greenhouse gas emission allowance trading is being reviewed – potential implications go beyond 2018.
Restricted Sunday Trading – the Act on Restricted Trading on Sundays and Public Holidays and Certain Other Days of January 10th 2018, which regulates retail trading as from March 2018. The Sunday trade ban will not apply to service stations and shops located at railway stations.
Natural gas market − the Act Amending the Energy Law and Certain Other Acts of November 30th 2016, which introduced a roadmap for the deregulation of gas prices in Poland as from October 2017, and imposed on importers the obligation to maintain mandatory stocks of natural gas.
Taxation of upstream activities in Poland – tax on production of certain minerals, payable from 2020, calculated individually for each well, at 1.5%–6% of derived revenue, depending on the type of deposits and hydrocarbons. Production royalty, depending on the volume and quality – for natural gas: PLN 5.34–PLN 24.73/1,000 Nm3; for crude oil: PLN 38.0–PLN 51.5/tonne. Extraction charge – fixed component (determined on a case-by-case basis) and variable component of 50% of the mineral production royalty for the previous year. Special hydrocarbon tax – payable from 2020, at 0%–25% of net cash flows, depending on the ratio of accumulated revenue to accumulated expenses, real property tax of up to 2% of the initial value of property, plant and equipment, CIT at the rate of 19%.
Taxation of upstream activities in Canada: royalties – payable on wells spud on or after January 1st 2017. Royalty rate from 5% to 40%, depending on the type of hydrocarbons, market prices, and well output. Exemption on account of incurred costs of drilling and completion – relief in the form of reduced tax liabilities with respect to all new qualifying wells. Royalty of up to 5% on a well’s early production until the well’s total revenue from all hydrocarbon products equals the drilling and completion cost allowance, CIT at the rate of 27%.

Risks relating to social, employee, and environmental matters, respect for human rights, anti-corruption and bribery may occur in the three main categories of risks in the ORLEN Group listed above.

Specific risks and methods of their mitigation in the above areas are presented below.

New trends
  • Growing market/public expectations regarding environmental investments.
  • Little time to adapt to new environmental requirements.
Regular reviews of the compliance of internal regulations with legal requirements and their ongoing monitoring against the changing environment (regulations, decisions of public administration authorities, etc.).
Environmental protection
  • Failure to identify material environmental aspects in the operations.
  • No measurement results and no data available to prepare the required reports and/or failure to submit the reports to governmental authorities.
Monitoring the validity of decisions issued by governmental authorities, monitoring the process of computing fees for the economic use of the environment, delegation of precisely defined duties and responsibilities with regard to environmental aspects.
Soil and water contamination
  • Environmental pollution as a result of accident or failure.
  • High site restoration costs.
Monitoring of the technical condition of production units and their regular maintenance, ensuring compliance of reporting activities with applicable procedures, recognition of site restoration provisions.
Managing CO2 and other gas emission allowances 
  • Failure to meet the requirements and guidelines for monitoring CO2 and other greenhouse gas emissions.
  • Failure to obtain a permit for CO2 and other greenhouse gas emissions.
Updating internal regulations in line with legal requirements, keeping track of the validity of decisions issued by governmental authorities, environmental monitoring and reporting in accordance with applicable procedures.
Environmental impact
  • Non-compliance of the production process with applicable
    environmental protection standards.
  • Disrupted supply of utilities (water) to production units.
Monitoring of the process of water decarbonisation and distribution, inspecting the technical condition of facilities and equipment.
Wastewater and waste management
  • Failure to comply with the conditions specified
     in relevant decisions as to the type and quantity of generated waste.
  • Discharge of wastewater in violation of applicable permits.
Delegating responsibilities in waste management processes in accordance with the applicable procedure, monitoring the amount and types of waste in order to apply for and secure required amendments to the relevant administrative decisions, coordinating and monitoring the parameters of discharged effluents.
Corporate social responsibility
  • Lack of public awareness of the ORLEN Group’s CSR activities.
Implementation and supervision of the Responsible Care Framework Management System and appointment of the Responsible Care Framework Management System Officer.
Reputation, brand and marketing management
  • Use of the brand in connection with adverse, controversial activities.
  • Promotional activities with adverse effect on the image of PKN ORLEN.
Supervision over the process of defining the methodology for conducting promotional campaigns, key activities subject to approval by relevant business areas.
Outsourcing and subcontractor risk
  • Limited control over the ORLEN Group’s processes which are subcontracted or outsourced.
Ensuring correctness, completeness and quality of documentation, including completion reports and checklists, in IT systems.
Procurement management in the process of producer selection
  • Delays in the procurement process.
  • Protracting and inefficient tender and procurement procedures.
Appointment of an evaluation team to assess the submitted bids, conduct negotiations and document the selection process communicating terms of business on time and in line with internal regulations.
Fire safety
  • Fire during transport of products.
  • Injury/death as a result of fire.
Introduction of occupational health and safety and fire safety instructions, conducting fire safety inspections, appointment of the Fire Safety and Technical Commitee.
Chemicals management
  • Accidents/failures during transport or handling of chemicals.
Implementation of the Comprehensive Chemical Rescue Plan, including the delegation of responsibilities; introduction of the Process Safety Management System at PKN ORLEN.


Availability of employees and subcontractors
  • Loss of key personnel.
  • Persistent shortage of experienced staff with relevant technical expertise.
Monitoring and reviewing of job-specific training needs, oversight of the recruitment process to ensure
employment of candidates with relevant qualifications.
Allocation and development of human resources
  • Constraints in recruitment/employee turnover; lack of transparency of the recruitment/employment termination process.
Identification of the key skills for a given position at the recruitment stage, supervision of the process of contract termination, control of the position change processes within the Company.
Social security and other benefits
  • Miscalculation of social security payments and other employee benefits.
Supervision of the process of calculation and verification of remuneration, social security and other employee benefits.
Workplace accidents and other hazards
  • Failure to identify material risks for particular jobs.
  • Injury/death at a production plant.
Introduction of a health and safety hazard reporting system, including division of responsibilities, supervision of the hazard identification process in the occupational risk assessment, introduction of procedures to follow in the event of an accident at work.

Employees and subcontractors’ activities

  • Activities of employees and subcontractors resulting in violation of OHS regulations.
Reviewing and issuing opinions on contracts with subcontractors in terms of security certificates and security clauses, implementation of the Comprehensive Prevention System.


Breach of ethical standards
  • Inadequate ethical standards for a given business environment.
  • No support for employees in resolving conflicts of interest.
  • Ineffective system of internal reporting of unethical or illegal practices.
Keeping track and reviewing compliance with the value system set out in the ‘Core Values and Standards of Conduct’ of PKN ORLEN, appointment of the Ethics Officer, introduction of the Anonymous Misconduct Reporting System.
Labour law
  • Violations of labour law.
  • Penalties imposed as a result of court proceedings initiated by current or former employees.
Obligatory knowledge of applicable laws and internal regulations governing employment relationships, i.e. the Work Rules, Core Values and Standards of Conduct, etc.
Agreement setting out the rules of cooperation between social partners in restructuring processes.
Fraud and other misconduct
  • Accepting financial gain from potential suppliers.
  • Conflicts of interest with respect to transactions.
Limiting access to supplier offers and the information they contain, monitoring impartiality towards potential suppliers, oversight of the supplier selection acceptance path.
Employees’ conduct resulting in violation of law
  • Involvement in illegal transactions or concealing information about illegal transactions by employees.
  • Execution of contracts in circumstances where the law does not permit continuation of the process.
Review of the correctness of contracted obligations against powers of attorney/authorisations, supervision by authorised employees of supplier contracts and protection of the ORLEN Group’s interests.
Misconduct on the part of clients or employees
  • Theft of fuel by employees or customers.
  • Release of products to unauthorised persons, for unauthorised vehicles.
Regular inspections of service stations and terminals by authorised employees, supervision of the process of delivering and ordering rewards in accordance with the rules

Effect of controls and risk response plans:

Types of

  •   very low
  •   low
  •   average
  •   high
  •   critical
  •   design
  •   strategic
  •   operating
  •   financial
The Risk Map shows the location of key risks for the organisation broken down by risk type, in terms of:
  • Gross risk − value of risk if no controls are applied,
  • Net risk − value of risk taking into account the effectiveness of the existing controls designed to mitigate the impact and reduce probability of the risk materialisation.

If controls (risk management strategies) are applied, risk is reduced to acceptable levels.