Risk management organisation
The Audit and Risk Committee is responsible for risk oversight within the Group. Corporate Risk Management is an independent function headed by the Chief Risk Officer (CRO), who reports to the CFO, and is responsible for assessing and reporting the Group's consolidated risk exposure to the Board of Directors and Group Management. Corporate Risk Management also monitors and reports risks in relation to
mandates approved by the CEO. The main principle is that risks are managed at the source, unless otherwise agreed. In order to maintain a strict segregation of duties, risk control functions in the divisions and corporate units, like Treasury, are responsible for reporting risks to Corporate Risk Management. In connection with the organisation change, in March 2014, the Division Risk Control teams in the three COO divisions were centralised; that now the responsibility for risk control services for these divisions is shared and based on the requirements set by Corporate Risk Management.