Risk Policy and Risk Map

Risk management is part of the culture of NH Hotel Group and istransversally integrated throughout the Company’s operations.

The Company’s Risk Management and Control Policy is defined by the Board of Directors, which is also responsible for supervising the Risk Management and control System, through the Board’s Audit and Control Committee.

This policy was approved in 2015 by the Board of Directors, with the aim of defining the basic principles and the general framework of action for the identification and control of risks that could affect the companies over which NH Hotel Group has effective control.

In 2018, the Company has updated its Risk Map through a process in which 33 senior executives defined by the main risks to which the Company is exposed. This update has been validated by the Audit and Control Committee and approved by the Board of Directors on February 7th 2019.

During 2018, action plans have been initiated to mitigate the potential impact of the risks, and indicators have been established in order to monitor periodically the evolution of the risks. For the first time, the SAP GRC risk management and compliance tool has been used, which reduces the time that has to be dedicated to planning and risk assessment and obtaining information relating to Risk Management of the entire Company at global level.

Each of the main risks identified in the map is assigned a “risk owner” who is, in turn, a member of the Management Committee. Each risk owner meets regularly with the Audit Committee to present the existing or ongoing mitigation measures for his or her risks, the implementation status of action plans and measurement of key indicators.

The risks to which NH Hotel Group is exposed may be classified in the following categories:

 

Risk Management Model

NH Hotel Group’s risk management model permits the identification of events that could have a negative impact on the attainment of the objectives of the Company’s Strategic Plan, with the aim of obtaining maximum assurance for shareholders and stakeholders, while at the same time protecting the Group’s revenues and reputation.

This model is based on ERM (Enterprise Risk Management) methodology and contemplates a set of methodologies, procedures and support tools in order to:

1. Identify the most relevant risks that could affect the attainment of strategic objectives. Each risk assessor in the Company can propose new risks using the SAP GRC tool for subsequent evaluation.

2. Analyse, measure and assess risks according to the likelihood of occurrence, as well as their impact, which is assessed from the financial and reputational point of view.

3. Prioritize these risks.

4. Identify measures to mitigate the risks based on the Group’s appetite for risks. More specifically, the definition of risk owners and the establishment of actions plans agreed in the Management Committee.

5. Follow up the mitigation measures established for the main risks.

6. Update periodically the risks and their assessment.

Furthermore, the Company has an Executive Risks Committee to provide support to the periodic monitoring of risks, new initiatives, activities related to the implementation of action plans and to create a risk-awareness culture in the Company. During 2018, this Committee met on two occasions.