2020 Sustainability Report | 2019 Performance

Risk Management

Logo

Risk Management

At a time of increased volatility, uncertainty, complexity, ambiguity and change, navigating the complexities of the global semiconductor business presents both opportunities and risks for ST.

We take appropriate steps to identify, manage and monitor these risks in pursuit of our objectives as a listed industrial semiconductor company operating across the globe.

Enterprise Risk Management (ERM)

Our approach to ERM is formalized in a specific policy and is aligned with ISO 31000. Our ERM approach enables us to:

  • set our Company strategy, manage our performance, and capitalize on opportunities
  • perform systemic identification, evaluation and treatment of risk scenarios

ERM process aligned with

ISO 31000

Following an independent audit of our ERM approach in late 2017, ST increased its investment in risk management. In particular, we defined a three-year improvement roadmap in mid-2018, which was rolled out in 2019.

As part of that roadmap, we defined, set up and deployed an ERM framework.

ST’s ERM framework

Governance, organization and culture
  • ERM oversight and governance
  • Risk culture
  • Risk appetite
  • ERM function and community

Managing risk and opportunities
  • Risk in strategy and performance management
  • Risk monitoring
  • ERM interactions with other risk functions

ERM enablers
  • ERM policy framework and methodology
  • ERM process
  • ERM tools

ERM process

Our risk appetite depends on the nature of the risk. We regularly determine the amount of risk we are willing to eliminate, mitigate, pursue or retain, depending on the expected rewards, opportunities and costs.

The ERM process is embedded in all ST organizations and Company key processes. It applies a holistic approach, combining both ‘top-down’ and ‘bottom-up’ perspectives, to ensure that risk identification, evaluation, and management are performed at the right level.

In 2019, we carried out the annual review of our top-down risk assessment with executive management. The output from this exercise was a risk map linked to our strategic objectives, including 11 ‘priority 1’ risk areas.

Risk owners (members of senior management) were appointed for each of these risk areas to develop risk-mitigation action plans and enhanced monitoring and reporting capabilities. These plans are regularly reviewed by senior management and periodically discussed with the Supervisory Board and Audit Committee.

We also completed a bottom-up risk assessment in organizations throughout the Company, including Marketing and Sales, Product Groups, Manufacturing and Technology, corporate functions and large Company projects.

Specific risks and related mitigation activities can be found in the relevant sections of this report.

Bottom-up risk assessment process (organizational chart)
* ST organizations

Business continuity

We deploy a structured Business Continuity Management System (BCMS) across our main sites and selected organizations. It provides a consistent and structured methodology to address potential business disruptions that may affect our supply chain and operations through seven broad potential scenarios:

Pink globe with 2 arrows around it, 1 for business and one for continuity (logo)
  • site unavailability
  • people unavailability
  • IT systems disruptions (e.g. cyber-attacks)
  • facilities disruptions
  • critical sourcing disruptions
  • logistics/transportation disruptions
  • security violations

ISO 22301

re certified in 2019

As such, our approach encompasses potential disasters due to natural hazards (such as earthquakes, floods, snowstorms, volcanic eruptions or tsunamis), industrial accidents (such as fires and explosions), and major impacts related to human activities (such as terrorism, strikes or pandemics).

In 2019, ST obtained its ISO 22301 recertification for three years. In the coming year, third-party surveillance audits and internal audits will be performed.

In January 2020, in the face of the COVID-19 pandemic, we triggered our crisis management and business continuity protocols focusing on two overarching priorities:

  • first and foremost, maximizing measures to prevent infection and supporting our employees and their families
  • secondly, executing our business continuity plans, closely monitoring the situation across our whole supply chain and working with our customers, suppliers and partners

Sustainability risks

Sustainability risk scenarios are considered as part of our Company ERM program, both from a top-down and bottom-up perspective.

In addition, we identify our overall sustainability risks (and opportunities) through a regular materiality exercise. For more information, see Sustainability strategy.

Annual risk assessment of our 

tier 1 supply chain

For each topic covered by our sustainability strategy, we identify the risks and then define and implement programs to manage these risks. This includes defining policies, deploying certified management systems such as OHSAS 18001 and ISO 14001, and implementing industry standards such as the Responsible Business Alliance (RBA) code of conduct and supporting evaluation and auditing tools. It also includes managing climate-related risks (see Addressing climate-related risks).

In addition, we conduct an annual risk assessment of our entire tier 1 supply chain, to determine the risks related to Labor and Human Rights; Environment, Health and Safety; and Ethics (see Supply Chain Responsibility).