Grupa LOTOS S.A. - Annual Report 2010

Organisational Maturity Assessment

During the period under report, an Organisational Maturity Assessment of Grupa LOTOS was conducted. The assessment referred to the year 2010 and – as it is the first assessment of the Company ever done – it shall serve as a model for future assessments.

Organisational maturity of a company is the professionalisation level of its key organisational systems, processes and activities which is achieved by the company as well as their compliance with best practices in the area of its functioning and management.

In line with the management approach adopted byt Grupa LOTOS, which assumes continuous improvement, the Company has decided to take steps to obtain the objective reassurance that the solutions it adopted in the areas of:

• internal control,
• risk management,
• compliance,
• abuse prevention,
• corporate governance

meet the criteria of maturity as defined above.

In order to conduct the internal assessment of the maturity of these systems, the Company – in cooperation with an external advisor – has developed an assessment model using best practices set out in the GRC Capability Model (Government, Risk Management and Compliance) designed by the Open Compliance and Ethics Group. Other documents including the Code of Best Practice for WSE Listed Companies and methodology drawn up by the external advisor for risk management and abuse risk management also provided the basis for work on the model.

The developed model calls for a unified approach to conducting the review and formulating assessments of the structure of the individual systems as well as of the effectiveness of their operation. It enables the company to both formulate an assessment for any of the systems separately and to carry out a comprehensive organisational maturity assessment of the entire Company. Therefore, this approach helps to identify the areas in which improvement or deterioration of the results have taken place as well as to formulate recommendations and to initiate corrective measures.

The assessment of the Internal Control System mainly concerns the internal control environment. The main area of interest for the assessment of the risk managament system is how this process is managed and how the risks are identified and assessed. The compliance system is assessed with regard to the correctness of the solutions adopted to ensure compliance with external regulations of the applied measures and actions taken. In the assessment of the abuse prevention system mainly the solutions which aim to prevent abuse, including those aimed at building and cultivating appropriate ethical positions as well as the approach adopted to identify and assess the areas of abuse are assessed. Important elements of the corporate governance assessment are management effectiveness and organisational efficiency of the Company, including shaping the corporate culture, setting goals, communication, monitoring, control, etc.

The aggregate organisational maturity assessment of the Company shows that Grupa LOTOS is an organisation which strives to professionalise its activities and to adopt solutions which constitute best practices in the functioning and management of the organisation. However, it can be also noticed that the level of development, understood as design and efficiency, of the separate systems influencing the organisational maturity of the Company differs markedly between the systems.

The high assessment rating achieved in the process by Grupa LOTOS results mainly from efforts made in previous years to preserve the value and functioning of the company. The efficient internal control system as well as the solutions adopted in corporate governance and compliance systems are the effects of these efforts.

This result was also possible thanks to actions taken to establish the risk management system in the organisation. The consistent implementation and linking of this system to decision-taking processes undertaken in the Company will possibly become an important factor in the process of creating shareholder and stakeholder value.

Grupa LOTOS intends to conduct organisational maturity assessments also in the coming years, on an annual basis.

Requirements of Grupa LOTOS for its Contractors software system

One of the priorities of Grupa LOTOS is to provide secure working conditions both for its own employees and for the employees of external companies, commissioned to do work on the premises of the Company. Following these priorities and the results of contractor audits, a need arose to refine the distribution channel of Grupa LOTOS’ requirements to its contractors. Bearing in mind the consistent effort to raise the effectiveness of communication with its stakeholders – one group of which are the contractors, –  Grupa LOTOS devised a new electronic system aimed at distributing current internal requirements and rules applicable on the Company’s premises, in particular the ones regarding safety at work, health care, physical safety and fire protection in their broad sense.

The software system Requirements of Grupa LOTOS for its Contractors, which was implemented as of January 1st 2011, will be availbale only for authorised persons through a protected, dedicated website. It also constitues a platform for information exchange regarding safety at work between the contractors and the HSE service of Grupa LOTOS.

Information Security Management System

In Grupa LOTOS, Data Loss Prevention – a sensitive information protection system – is currently being implemented. The system enables the company to control the flow of information within the organisation and to prevent uncontrolled or unauthorised leakage or transmission of information which are of uppermost importance to the Company outside it, in compliance with its information security rules.

Enterprise Risk Management

The LOTOS Group continues to implement its Enterprise Risk Management (ERM) system which is aimed at ensuring the secure and effective execution of the LOTOS Group’s strategic and operational goals. The system supports the organisation in taking prompt, accurate and informed decisions based on the results of the previously conducted risk analysis whereas the implemented principles of identifying and evaluating risks allow the company to react early to existing threats and to eliminate them, partially or totally. The system also allows to prepare for the scenario when the given risk materialises by drawing up suitable action plans and to identify arising chances and opportunities for Grupa LOTOS which the Company strives to take advantage of. Thanks to the ERM system, Grupa LOTOS can take actions – within the acceptable risk limit – which are optimum from the point of view of its business activities.