The aim of the risk management is to manage risk relating to the company’s operations in a proactive and comprehensive manner. The Board of Directors and the CEO of the company are responsible for ensuring that the company’s risk management is organised appropriately and effectively.
The aim of the risk management is to secure the efficiency of the company’s operations and the performance as well as to ensure the continuation of the business. Risk management also secures the reliability of the information concerning the company and compliance of the operating principles applied in the company.
Risk management is implemented cost-efficiently and systematically throughout the company. Risk management belongs to the company’s strategic and operative planning and is a part of daily decision-making and the company’s internal auditing. Risk management is a comprehensive approach formed by the objectives and risks of the business and the associated risk management measures. Risk management consists of all actions that relate to goal setting, risk recognition, measurement, assessment, handling, reporting, monitoring, control and reaction.
Risk management is aimed at:
- identifying and assessing systematically and comprehensively all significant risks threatening the achievement of goals, including, risks relating to business, assets, agreements, expertise, currencies, finance and strategy,
- utilising business opportunities to the greatest extent possible and ensuring the continuance of the business in exceptional situations,
- foreseeing and recognising significant uncertainty factors and hence developing risk prediction and measures required by the risks,
- taking only conscious and carefully assessed risks, for example, in the expansion of the business, growth of market position and creating new business,
- avoiding or minimising accident risks,
- ensuring the safety of products, solutions and services,
- creating a safe working environment for the personnel,
- minimising the occurrence of harmful practices, crime or malpractice by having clear operating principles and sufficient supervision,
- providing information about risks and risk management to stakeholders, and
- cost efficiency.
Risk management does not attempt to:
- remove risks in their entirety,
- create unnecessary or inefficient processes or control measures, or
- create additional administrative burden.