|
The Management Board reviewed and assessed its Internal Risk Management and Control System framework and discussed it with the Supervisory Board. This is performed against five related components which are derived from COSO’s framework ‘Enterprise Risk Management – Integrating with Strategy and Performance’*. Its relevance to SBM Offshore is explained in Key features, Achievement in 2025, Maturity assessment and the Company’s Future ambitions. |
| | | | | |
Component | Key features | Achievements in 2025 | Maturity assessment according to Management Board | Future ambitions |
|---|
- Management identifies risks assesses and treats in line with strategy and the Risk Appetite.
- The Risk Assurance Committee (RAC) oversees risk treatment and the internal control Framework, ensuring alignment with the Risk Appetite.
- Internal audit independently tests the internal control environment,ensuring governance.
- Develop ICoESG within global internal control framework.
| - Aligned risk management in identifying and treating risks coordinated with the strategy and risk appetite.
- Enhanced oversight, through the RAC in aligning risk and opportunities management with organizational standards procedures.
- Strengthened governance with independent audits to ensure effective three lines of defense.
| Management decisions are driven by a risk-aware and control-focused approach. | - Reinforce governance and risk policies to promote a risk awareness and culture.
- Further integration with strategic goals monitoring and improved risk oversight.
- Enhance internal controls environment and accountability across the company.
|
- The Management Board sets the Risk Appetite, which is endorsed by the Supervisory Board.
- Financial and non-financial risk-bearing processes are identified and incorporated into the Internal Control Framework.
- Implement the ICoESG matrix and test it
- Roll out the harmonization of Financial Authority Levels (FAL) to apply across both IFS and legacy systems.
| - ESG risks, impacts, and opportunities are assessed and monitored periodically.
- The risk appetite was revised in the course of 2025 to keep the alignment with strategic objectives.
- FAL was fully implemented in July, establishing a transparent framework seamlessly connected to the JCR, while ensuring zero disruption to business operations.
| Strategy and its Material Topics are well integrated into the Company’s Risk Management and Internal Control Framework | - Continue to integrate risk and internal controls at both strategic and operational levels
- Enhance risk monitoring through collaboration of strategic oversight and risk & control functions
- Strengthen ESG-related non-financial controls
- Keep focusing on emerging Risks
- Expand FAL connectivity beyond JCR to include IFS, LUCY, NADIA, and other core platforms.
|
| | | | |
Key features | Achievements in 2025 | Maturity assessment according to Management Board | Future ambitions |
|---|
- Business achieves its objectives through adequate Risk Management and Internal Control support
- Activities are performed according to the annual Strategy Cycle and disclosure requirements.
| - Implemented key risk indicators (KRIs) providing improved insight and control over strategic and operational risks.
- Strengthened ESG and Reporting Controls with ESG KPIs and related internal controls.
| - Risk Management and Internal Control are adequately performed, providing information for discussion and prioritization of assurance.
| - Further develop key risk indicators (KRIs) and financial metrics within the integrated risk and control framework.
- Improve the monitoring of ESG KPIs and associated internal controls, incorporating non-financial reporting controls.
- Advance the ICoESG RCM framework by introducing residual risk scoring and embedding ESG/regulatory requirements, supported by digital tools for continuous monitoring.
|
- The Risk Assurance Committee (RAC) meets monthly to ensure an integrated assurance approach.
- Management Board, Audit Committee and Supervisory Board monitors on quarterly basis, the Company’s risk profile and associated internal control.
| - Policies and tooling were regularly reviewed and improved with the RAC.
- Integrating risk mitigation with business objectives.
- Applications mapping exercise completed to anticipate changes as result of new ERP.
| Risk Management and internal control policies, procedures and tooling are annually discussed and reviewed with the RAC and Supervisory Board. | - Improve activities based on internal review and external feedback.
- Continue to adapt risk and internal control framework based on company strategy.
|
- The Company keeps track of its risks, controls, and actions in appropriate digital solutions.
- Results are disclosed according to relevant regulatory frameworks, including ESG.
- Strengthen local and functional risk and internal control. environment and raise awareness.
- Further integration within the Management Report of risk opportunities review.
| - Quarterly Risk Report of Company’s Risk Appetite measurement and main risks and related mitigating actions.
- Improved disclosure of climate change related risks and opportunities.
- Continue training and awareness about internal risk and control management systems across locations.
| Disclosure of information, internal and external, through digital support and solutions operates adequately. | - Enhance existing digital solutions (e.g., data analytics tools to improve analysis and KPIs to monitor thresholds).
- Consider adoption of digital tool aiming to improve risk and control efficiency.
|
* Committee of Sponsoring Organizations of the Treadway Commission (COSO) is dedicated to providing thought leadership through the development of frameworks and guidance on ERM, designed to improve organizational performance, oversight and to reduce the extent of fraud. |