Risk management & internal control

The aim of our risk management system is to enable the company to identify risks in a proactive and dynamic way; and manage or mitigate risks to an acceptable level wherever possible.

Each business unit operates in an environment which carries specific growth expectations and differing degrees of market and technological uncertainty that could impact strategic objectives. As such, the primary source of risk and opportunity identification lies within the business units. Similarly, each business unit is responsible for mitigation of its own risks. Mitigating actions are systematically reported corresponding to the respective strategic objectives and identified risks. Specific corporate departments are also tasked with managing and mitigating certain risks under the auspices of the Executive Committee. These risks cover Group-wide elements that extend beyond the purview of individual business units. These include environmental risks, financial risks etc.


Internal control mechanisms exist throughout Umicore to provide management with reasonable assurance of our ability to achieve our objectives. They cover:

  • Effectiveness and efficiency of operations
  • Reliability of financial processes and reporting
  • Compliance with laws and regulations
  • Mitigation of errors and fraud risks

Umicore adopted the COSO framework for its Enterprise Risk Management and has adapted its various constituents within its organization and processes. “The Umicore Way” and the “Code of Conduct” are the cornerstones of the Internal Control environment; together with the concept of management by objectives and through the setting of clear roles and responsibilities they establish the operating framework for the company. Specific internal control mechanisms have been developed by business units at their level of operations, while shared operational functions and corporate services provide guidance and set controls for cross-organizational activities. These give rise to specific policies, procedures and charters covering areas such as supply chain management, human resources, information systems, environment, health and safety, legal, corporate security and research and development.

Umicore operates a system of Minimum Internal Control Requirements (MICR) to specifically address the mitigation of financial risks and to enhance the reliability of financial reporting. Umicore’s MICR framework requires all Group entities to comply with a uniform set of internal controls in 12 processes. Within the Internal Control framework, specific attention is paid to the segregation of duties and the definition of clear roles and responsibilities. MICR compliance is monitored by means of selfassessments to be signed off by senior management. The outcome is reported to the Executive Committee and the Audit Committee.

Out of the 12 control cycles, 4 cycles (Internal Control Environment, Tax, Inventory Management and Hedging) were reviewed and assessed in the course of 2019 by the 99 control entities currently in scope. The Minimum Internal Control Requirements in Information Technology Management have been reviewed and updated. The assessment of this cycle is planned for the year 2020. Risk assessments and actions taken by local management to mitigate potential internal control weaknesses identified through prior assessments are monitored continuously. The Internal Audit department reviews the compliance assessments during its missions.

Discover the stories behind our success!

Read now

      Umicore uses certain monitoring and tracking technologies such as cookies. These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our web visitors with a better experience.

      By clicking on the "Accept all" button you agree to the use of these cookies while using the website. For further information regarding how we use cookies and other tracking technologies, please see section 11 of our website privacy notice

          Necessary cookies are essential and help you navigate our website. This helps to support security and basic functionality and are necessary for the proper operation of our website, so if you block these cookies we cannot guarantee your use or the security during your visit.

          Cookies that help us to understand the behaviour of users of our website. This allows us to continuously improve our website to provide the best information in support of our project aims. These cookies also help us understand the effectiveness of our website. For instance these cookies tell us which pages visitors go to most often and if they get error messages from web pages.

          Cookies that deliver content to you based on your interests, which are assumed from your browsing history. Most Targeting Cookies track users via their IP address and, thus, may collect some Personal Data. Personal Data collected by Targeting Cookies may be shared with third parties, such as advertisers.