Risk management is based on the Company’s values, as well as strategic and financial objectives. Risk management aims to support the achievement of the objectives specified in the Company’s strategy, as well as to ensure the financial development of the Company and the continuity of its business.
Furthermore, risk management aims to identify, assess and monitor business-related risks which may influence the achievement of the Company’s strategic and financial goals or the continuity of its business. Decisions on the necessary measures to anticipate risks and react to observed risks are made on the basis of this information.
Risk management is a part of the regular daily business in the Company, and it is also included in the management system. Risk management is controlled by the risk management policy approved by the Board.
A risk is any event that may prevent the Company from reaching its objectives or that threatens the continuity of business. On the other hand, a risk may also be a positive event, in which case the risk is treated as an opportunity. Each risk is assessed on the basis of its impact and probability. Methods of risk management include avoiding, mitigating and transferring risks. Risks can also be managed by controlling and minimising their impact.
The Company’s risk management policy seeks to maintain and further develop a practical and comprehensive system for the management and reporting of risks. The risk management process includes systematic surveying of functionand unit-specific risks, their assessment and comparing the risks with the Company risk management plan. Risk management is systematically implemented and monitored as part of the daily business. The Company aims at promoting its risk management by increasing awareness of the significance of risk management and supporting shared risk management projects of the functions.
The key risks to the Company’s business are divided into four categories: strategic and operative risks, as well as financing risks and risks of injury or damage.
The term “strategic risk” refers to a risk related to the nature of the Company’s business, its selected strategy and implementation of the strategy. Such risks may refer to the competitive situation, markets or market environment, legislation and other legal norms, for example. A strategic risk may also be a major investment or a strategic choice related to the business. If realised, a strategic risk may clearly deteriorate the preconditions for the Company’s business.
Market and operating environment
Any global economic crisis and general economic fluctuations affect the demand for the Company’s products and thus its financial position. The fact that the Company does business in more than forty countries balances out the fluctuation risks. Furthermore, the Company aims to maintain its business so that it is flexible and adaptable to changes in order to be ready to quickly adapt its business to the prevailing market situation. The competitive situation and changing requirements of the markets may influence the demand for and profitability of the Company’s products. The Company invests in understanding the needs of its customers, and it carefully studies the requirements posed by different markets on products in order to ensure that the products comply with the specific requirements of each region and are competitive. The Company has an extensive network of stakeholders. Stakeholder risks are mitigated by continuously monitoring the network and engaging in good cooperation. The price development of strategically important raw materials and their availability in the global market influence the profitability of the Company’s products. Risks related to the price development and availability of raw materials are mitigated by surveying alternative materials and developing acquisition channels.
Legislation and the environment
Changes to the political environment, legislation influencing the Company’s business and phenomena connected to climate change may clearly influence the Company’s business in different market areas. In cooperation with its subsidiaries and regional partners, the Company actively monitors the requirements posed by the markets on products, services and the business as a whole – such as general business and import legislation, as well as product compliance and environmental requirements. Furthermore, the Company actively communicates with its stakeholders, influences future solutions and sees such solutions as new opportunities.
Product and technology
The Company’s product and technology risks refer to technological choices and R&D. These risks are mitigated by staying close to customers and other stakeholders in order to ensure that product technology is developed in the correct manner. Furthermore, the Company aims to actively cooperate with universities, institutions of higher education and research establishments, as well as participate in global R&D projects. Developed technologies and products are protected by means of intellectual property rights. The Company is also aware of the industrial property rights of its competitors and respects them in the conduct of its own business.
The term “operative risk” refers to a risk related to the Company’s internal processes, personnel, business network and systems. If realised, operative risks may deteriorate the Company’s earnings, effectiveness and profitability
Organisation and management
Risks related to the Company’s organisation and management include risks connected to, for example, the availability of workforce, labour market disturbances and the management of key competence. The Company’s personnel strategy has a key role in managing risks related to the organisation and management. The commitment of key employees in the Company is improved by means of an incentive scheme. Investments in recruiting are made in order to ensure access to the correct type of workforce. The Company’s image as an employer is developed by means of appropriate communications and cooperation with various educational establishments and other stakeholders.
Information and IT
The Company’s information and IT risks include, for example, the risk of trade secrets leaking out of the Company, as well as risks related to the functionality, security and safety of IT systems. The Company complies with an information security policy to manage these risks, with the aim of ensuring that all preconditions for the functionality and safety of the systems exist. Information leaks are proactively prevented by all possible means
The Company persistently develops its supplier network. Material price and availability risks are also related to the supplier network. The Company aims to ensure a competitive material price level by studying alternative procurement channels and concluding long-term agreements. In order to achieve cost-efficient solutions, the Company invests in close R&D cooperation with its supplier network.
Whenever possible, the Company utilises a policy of two suppliers, in order to manage material availability risks. The business environment is stabilised by means of long-term supplier agreements, and suppliers are regularly audited in compliance with the auditing programme. The Company aims to create a supply chain by which the Company does business directly with manufacturers in order to retain a real- time communications channel. A supply chain management tool is utilised in monitoring the supplier network and optimising batch sizes.
Production and processes
The Company’s business requires comprehensive process management. What is important for a cost-efficient business is maintaining and improving processes. The Company’s quality management system is continuously developed in order to maintain its processes as functional. Functionality of the system is assessed by utilising results obtained from process management, as well as ISO 9001 certification by a third party.
Production process disturbances or disruptions may hamper business operations. Preparations for major disturbances are made by maintaining substitute manufacturing methods and equipment. Furthermore, the opportunity to manufacturing cooperation with key partners is maintained.
The Company is exposed to several financing risks in the normal course of its business. The Company’s financing risk management system aims to protect the Group’s performance, cash flows, shareholders’ equity and liquidity from unfavourable financing market fluctuations. Financing risk management is handled in a centralised manner by the Company Financing Unit. The Board ratifies the Company financing risk management policy, and the Company CFO is in charge of its practical implementation in cooperation with the Financing Unit.
The Company’s financing risks include currency, interest, credit and liquidity risks, as well as capital management risks. For more information on financing risk management, please see Note 30 to the consolidated financial statements.
The main focus in risk of injury or damage mitigation lies in identifying and preventing risks. Identified risks of injury or damage include, for example, occupational health and safety risks, environmental risks and risks of property damage. Risks of injury or damage are managed by means of an extensive insurance scheme. Damage is proactively prevented by applying a safety policy and safety guidelines, as well as ensuring that working methods and tools are safe. The Company quickly reacts to any dangers observed. All accidents and close-call situations are recorded in a monitoring system, and the necessary measures to prevent dangers are implemented. The Company’s objective is an accident- free working environment. Risks of injury or damage are regularly assessed by means of internal audits. The entire personnel participate in identifying the risks of injury or damage.
|Risk management organisation and responsibilities|
|Board of Directors||Decides on risk management objectives and principles as well as ratifies the Company Risk Management Policy. The Board supervises the implementation of risk management.|
|President and CEO||Responsible for arranging risk management measures and presenting risk management issues to the Board.|
|CFO||Coordinates the risk management process, carries responsibility for reporting and presents risk management issues to the Management Team.|
|Management Team||Risk management is included in the strategy process. The Management Team participates in controlling the risk management process and naming the persons in charge. Each member of the Management Team is in charge of identifying risks in his or her business area and implementing risk management.|
|Regional directors||The subsidiaries independently implement their risk management in compliance with the Group’s risk management policy and guidelines.|
|All employees||Obligated to act in a manner required to prevent risks, follow the Company policies and report any observed risks to their supervisors.|
In compliance with the Finnish code of corporate governance, internal auditing and risk management seek to ensure that the Company’s activities are effective and profitable, the information used by the management when making decisions is reliable, the Company policies are followed, implementation of risk management measures complies with the risk management policy, and the Company complies with all laws and regulations. Internal auditing supports the Board’s management task.
Internal auditing is integrated into the Company’s management and reporting system. Internal auditing is implemented by the Board of the Company, operational management and employees. Implementation of internal auditing is ensured by paying special attention to organising activities, the competence of personnel, operational guidelines, reporting and the scope of auditing.
The Board ensures that the auditing of the Company’s accounting, asset management and risk management has been properly organised and complies with the relevant legislation. Furthermore, the Board ensures – together with the President and CEO – that the Company conducts its business in compliance with its values. The Board approves the risk management policy and all guidelines pertaining to internal auditing and the code of governance. If necessary, the Board may request external auditors or other service providers to conduct an internal audit.
The President and CEO is in charge of the daily management of the Company in compliance with the Board’s instructions. The President and CEO provides a basis for internal auditing by managing and guiding top management and monitoring how executives audit their own activities.
The Company’s Management Team ensures that different activities of the Company comply with the internal auditing guidelines and practices. Risk management, financial administration guidelines and financial administration practices are of particular importance.
Under the management of the Company CFO, financial administration assists in creating proper risk management and financial management auditing practices, and monitors the sufficiency and practical functionality of the auditing measures.
The President and CEO, the members of the Management Team and managers of the subsidiaries have the responsibility for legislative compliance of the accounting and administration of their areas of responsibility, as well as compliance with the Company’s operational guidelines. Auditors annually check the accounting and administration of the subsidiaries. Audits of all the Group companies are performed by authorised accounting firms. The auditor of the parent company has the responsibility for coordinating audit focus areas, analysing audit observations from the perspective of the consolidated financial statements and communicating with the Group’s financial administration. The internal auditing structure of the Group companies is taken into account when deciding upon the scope of the audit. Annual detailed reports on auditing results are provided to Group management and the Board.