Risk management means the systematic procedures that are built into the management system, the purpose of which are to identify and assess the risks associated with the group’s operations and to prepare for them. Risk management is vital to ensuring and safeguarding the Company’s economic operating conditions and performance. Risk management is a part of internal control, and so implementation of internal controls also promotes the implementation of risk management. Risk management should not be separated from internal control, since awareness of internal control practices is ultimately essential to risk prevention.
The overall purpose of risk management processes is to support the achievement of the goals that are set out in the Company’s strategy, to safeguard continuity of the Company’s financial development and business operations, and to maintain and develop a comprehensive and pragmatic system for risk management and reporting. Risk management emphasises prevention: the purpose of risk management processes is to help identify risks pre-emptively, and to minimise the likelihood of their realisation. The risk management process also includes evaluation and follow-up to keep track of business risks that may have an impact on the Company’s strategic and financial goals or the continuity of business operations.
The risk management process
A risk is any potential event or chain of events that manifests itself as uncertainty with regard to achieving the company’s objectives, or that threatens the continuity of business operations. A deviation from the set goal, i.e. the realisation of the risk, may be negative, but could also be positive. In other words, risks can be both threats and opportunities. Risks are an inevitable part of business, and profitable business performance often requires thoughtful risk-taking. Although risks cannot be avoided entirely, it is possible to prepare for the potential realisation of harmful risks. Risk management is part of normal, day-to-day business operations. Ponsse Pcl’s risk management practices are based on the company’s values, and its strategic and financial goals.
Decisions on the necessary measures for preventing and responding to identified risks are made on the basis of evaluations. Risk assessment in any given case is based on the potential impact and probability of the risk. The primary means of risk management are avoidance, reduction and transferral of risks. Risks can also be controlled, and their effects can be minimised.
The key factors for effective risk management are
- Realistic assessment
- Timely assessment
- Awareness: personnel must be aware of the principles of risk management so that they can act according to instructions;
- Comprehensiveness: risk management is part of every activity, but risk management processes are present to a particularly high degree in the vital processes of operation.
Risks are divided into four categories: strategic, operational, financial and accident-related risks. Strategic risk refers to the nature of the business operations, the choice of strategy, and the risk associated with the implementation of the strategy. If realised, strategic risks can significantly weaken the Company’s operating conditions. Examples of strategic risks are risks relating to competition, or to the regulation of business activities. Strategic risks can be realised, for example, in the context of significant investments and other business-related strategic decisions.
Operational risks relate to the Company’s internal processes, such as the Company’s management or personnel, or the Company’s business network and systems. If an operational risk materialises, it lowers the efficiency of the Company’s operations, and consequently harms the results and profitability of the Company’s operations.
Financial risks include risks relating to currencies, interest rates, credit, liquidity and capital management. The goal of financial risk management is to safeguard the Ponsse Group’s financial performance, cash flow, equity and liquidity from unfavourable fluctuations in financial markets. Financing risk management is handled in a centralised manner by the Company Financing Unit. The Board of Directors confirms the Company’s financial risk management policy, and the Company’s CFO is responsible for its practical implementation together with the financial operations.
Accident-related risks are a more concrete threat to the Company’s operations than the aforementioned types of risk. The emphasis in accident-related risk management and avoidance is on identifying risks. Accident-related risk factors include risks to work health and safety, environmental risks and property damage. Another area of emphasis with regard to this type of risk is prevention. A comprehensive insurance programme has been prepared for accident-related risks, and efforts are made to pre-emptively prevent risks through a safety and policy and guidelines, and by ensuring the safety of working methods and tools. The Company is very attentive to hazardous situations and is quick to respond to them. Increased attention is now being given to personnel safety matters. All accidents and near-misses are recorded in the monitoring system, and the necessary measures are taken to prevent hazardous situations. The Company’s goal is an accident-free working environment. Accident-related risks are regularly assessed by internal audits for the entire personnel.
Risk management organisation and division of responsibilities
The Company’s Board of Directors and management have the primary responsibility for defining the Company’s risk management policy and for organising risk management. The Company’s Board of Directors reinforces and defines the risk management principles and risk management policy for Ponsse Group as a whole, and also assesses the effectiveness of risk management. The Board of Directors also oversees the implementation of risk management policies and processes. However, the risks to business continuity are assessed regularly at all levels of Ponsse Group. Each employee of the group is required to contribute to anticipating risks and preventing them from materialising, for example by reporting risks to their supervisor.
The risk management process includes systematic risk mapping and risk assessment for each type of operation and unit, and making sure that they are reflected in the Company’s risk management plan. Risk management is systematically implemented and monitored as part of the daily business. The Company promotes its risk management by increasing awareness of the significance of risk management and supporting shared risk management projects of the functions.
|Body, responsible party||Task|
|Board of Directors||Decides on the objectives and principles of risk management, and reinforces the Company’s risk management policy. Supervises the implementation of risk management.|
|President and CEO||Is responsible for organising the implementation of risk management, and presents risk management-related to the Board of Directors.|
|Management Group||Participates in the control and assignment of responsibilities in the risk management process. Each member of the Management Group is responsible for identifying risks in their own area of business operations, and for implementing risk management.|
|Chief Financial Officer||Coordinates the risk management process, and is responsible for reporting on and presenting risk management matters to the Management Group.|
|Area directors||Each of the subsidiaries independently carry out risk management in accordance with Ponsse Group’s risk management policy and guidelines.|
|Employees||Every employee is obliged to take action to prevent risks, to comply with the Company’s operating instructions, and to report any risks they detect to their supervisor.|