Risks and risk management
Sponda uses effective risk management to protect its business operations, to ensure the continuity of its operations and the achievement of key objectives. Risk management is integrated into the company’s planning system and day-to-day operations.The group's risk-bearing capacity is taken into account in Sponda's risk management.
Sponda manages the risks associated with its operations by identifying, measuring and preventing key uncertainties.
Risks are assessed in terms of their probability as well as their financial impact. Achieving financial targets is a sign that risk management has been successful. Sponda’s key risks are classified as strategic risks, operational risks, damage and asset risks and financing risks.
Integrated risk management as a key strength
Sponda has adopted a systematic approach to risk management and one of the company’s key strengths is its ability to integrate risk management as part of the strategy process, the enterprise resource planning system and business processes.
The responsibility for risk management is determined in accordance with business responsibility. The ultimate responsibility for risk management lies with the Board of Directors, which sets risk management objectives, decides on risk management policy, organises risk management and monitors key risks. Business units and corporate functions are responsible for arranging for risk management to be monitored and reported as part of the company's other reporting activities. The company’s internal audit function monitors the effectiveness of the risk management system.
Risk management is tied to the company’s annual planning process and risks are assessed in a risk survey carried out twice a year. The risk survey identifies the company’s key risks, assesses the probability of their occurrence and potential impacts thereof, and defines risk management procedures. The risk survey is updated every autumn in conjunction with budgeting. The Group’s risk management guidelines and the operations handbook are updated to reflect the decisions made on the basis of the risk survey. The risk survey also includes an assessment of the company’s approach to risks.
Sponda’s toolbox of risk management includes risk aversion, risk elimination and reducing the probability of their materialisation. Risks can also be restricted and reduced. A business continuity and recovery plan has been prepared for the contingency that substantial risks materialise.
Key features of internal controls relating to financial reporting
The risk management in Sponda’s financial reporting process is part of the Group’s overall risk management and internal control. The company has defined the main features of its internal control using the international COSO model. The model has been used in defining the control environment, risk assessment method and the applicable control measures. The internal control solutions adopted by the company also take into consideration its industry, the management of the Group as a single entity and the company form of ownership of properties.
The company’s internal control is a Group-wide process that involves the Board of Directors, executive directors, other staff members and internal audit. Internal control aims to ensure the effectiveness and appropriateness of the company’s operations, the reliability of financial information and reporting as well as compliance with laws and regulations.
Achieving financial targets is a sign that risk management has been successful.