Sponda uses effective risk management to secure the company’s operations, their continuity and the achievement of key objectives. Risk management is integrated into the company’s planning system and day-to-day operations. Risk management takes into account the Group’s risk-bearing capacity. Sponda manages the risks associated with its operations by identifying, measuring and preventing key uncertainties.
Risks are assessed in terms of their probability as well as their financial impact. Achieving financial targets is a sign that risk management has been successful. Sponda’s key risks are classified as strategic risks, operational risks, damage and asset risks and financing risks.
Risk management organisation
Sponda has adopted a systematic approach to risk management and one of the company’s key strengths is its ability to integrate risk management as part of the strategy process, the enterprise resource planning system and business processes.
The responsibility for risk management is determined in accordance with business responsibility. The ultimate responsibility for risk management lies with the Board of Directors, which sets risk management objectives, decides on risk management policy, organises risk management and monitors key risks. Business units and corporate functions are responsible for arranging for risk management to be monitored and reported as part of the company’s other reporting activities. The company’s internal audit function monitors the effectiveness of the risk management system.
Risk management is tied to the company’s annual planning process and risks are assessed in a risk survey carried out twice a year. The risk survey identifies the company’s key risks, assesses the probability of their occurrence and potential impacts thereof, and defines risk management procedures. The Group’s risk management instructions and guidelines and the operations manual are updated according to the decisions concerning risk management made on the basis of the risk survey. The risk survey also includes an assessment of the company’s approach to risks.
Sponda’s toolbox of risk management includes risk aversion, risk elimination and reducing the probability of their materialisation. Risks can also be restricted and reduced. A business continuity and recovery plan has been prepared for the contingency that substantial risks materialise.
Key risks in terms of the company’s operations are listed in the Annual Report’s Risks and Risk management section.
The executive management reports Group-level risks to the Board of Directors twice a year. Risk reporting at Executive Board and business unit levels takes place as part of enterprise resource planning.
Sponda’s Audit Committee has reviewed the principles of internal control and the internal audit guidelines. The Audit Committee approves the internal audit plan annually.
The Corporate Governance Statement is available on the company website.