Risk assessment and risk management principles
At Ponsse, risk management means management system procedures that identify and assess uncertainties related to Ponsse Group’s operations, prepare for risks and seize opportunities. The objective of the risk management process is to support the achievement of the targets determined in the company’s strategy and to secure the company’s financial performance, sustainable development and business continuity. Ensuring a balance between risk management and business interests is essential in the company’s risk management. Risk management is seen as being part of internal control, and so the implementation of internal control also promotes the implementation of risk management.
The company’s key strategic targets underlying risk management include social, economic and environmental responsibility. The fulfilment of responsibilities is monitored regularly, and responsibility goals are monitored using key indicators. The company’s sustainability work is described in the annual sustainability report published together with the annual report.
Risk management focuses on prevention: the aim of the risk management process is to identify and assess material risks and prevent them from being materialised. Decisions on the risk mitigation measures required are made using assessments based on probabilities. Primary risk management measures include the avoidance, reduction, transfer, and control of risks, as well as their controlled acceptance. The risk management process also includes the continuous assessment and monitoring of risks.
The timely identification of risks and a realistic assessment of risks are key in terms of risk management. The company’s personnel must be aware of risk management principles in order for them to act in accordance with instructions and, above all, react as required by the situation. Risk management is part of all the company’s operations, but its importance is emphasised in processes that are vital to the company's operations.
In the risk management process, risks are divided into four categories in accordance with their nature:
|
Strategic risks |
Risks related to the nature of business operations, the choice of strategy and the implementation of the strategy, which, if materialised, may significantly weaken the company’s operating conditions. Examples: the prevailing competitive situation, the development of the regulatory environment for companies |
|
Operational risks |
Risks related to internal processes that, if materialised, may reduce operational efficiency and, consequently, the company’s performance and profitability. Examples: risks related to management, personnel and the business network |
|
Financial risks |
Risks arising from unfavourable economic or market conditions that, if materialised, may have adverse consequences for the company’s financial situation, such as the Group’s performance, cash flows and equity. Financial risk management at Ponsse is centralised in the parent company’s financial unit. The Board of Directors confirms the company’s financial risk management policy, and the company’s CFO is responsible for its practical implementation with the financial unit. Examples: currency, interest rate, credit and liquidity risks, as well as capital management |
|
Risks of injury or damage |
Physical or financial impacts, operational disruptions, or other harm to the organization caused by unexpected events. The management of these risks focuses in particular on identifying risks and ensuring that a comprehensive insurance programme is in place. Ponsse’s goal is an accident-free working environment. Safety policies and guidelines, as well as safe working methods and tools, are part of risk management. Risks of injury or damage are also managed by documenting incidents and near misses and by taking the necessary risk minimisation measures. Risks of injury or damage are regularly assessed at the level of the entire personnel. Examples: Occupational health and safety risks, environmental risks, damage to property, as well as risks related to information security and the digital operating environment |
In its revised risk management process, the company has placed more focus on risks and opportunities associated with the environment and social and financial responsibilities from the perspectives of strategic, operational, financing, and accident risks.
The risk management process includes the systematic identification and assessment of function- and unit-specific risks, and ensuring they are reflected in the company’s risk management plan. Risk management is systematically implemented and monitored as part of daily activities. The company aims to improve the efficiency of its risk management by increasing awareness of its significance and supporting shared risk management projects of different functions.
Risk management findings are reported to the company’s management twice a year as part of management reviews, and to the Board of Directors as part of the annual strategy process. Internal audit or risk management may at any time bring an identified risk to the attention of the Board of Directors or other management and require appropriate action.
The Board decides on the objectives and principles of risk management and confirms the company’s risk management policy. As part of its work, the Board also evaluates the implementation and effectiveness of risk management processes.
The President and CEO is responsible for organising the implementation of risk management and presents matters related to risk management to the Board of Directors. The CFO coordinates the risk management process and is responsible for reporting and presenting risk management matters to the Group’s Management Team. The Management Team participates in the control of the risk management process and in assigning responsibilities. Each member of the Management Team is responsible for identifying risks in their own area of business operations, and for implementing risk management. Internal audit supports the risk management process with assessments and verifications, promotes the identification of risks and monitors the implementation of the agreed measures.
Ponsse’s country organisations carry out risk management in accordance with Ponsse Group’s risk management policy and guidelines. Every employee is responsible for taking action to prevent risks, to comply with the company’s guidelines, and to report any risks they detect to their supervisor.