Risk management is an essential part of Metsä Board’s standard business planning and leadership. Risk management belongs to daily decision-making, operations follow-up and internal control, and it promotes and ensures that the objectives set by the Company are met.
Linking business management efficiently with risk management is based on the operational principles confirmed by the Board; the aim of the principles is to maintain risk management as a process that is well defined, understandable and sufficiently practical. Risks and their development are reported on a regular basis to the Board’s Audit Committee. Centralised risk management also takes care of the coordination and competitive bidding of Metsä Board’s insurance coverage.
The most crucial objective of risk management is to identify and evaluate those risks, threats and opportunities which may have an impact on the implementation of the strategy and on how short-term and long-term objectives are met. A separate risk review is also included in the most significant investment proposals.
The business areas regularly evaluate and monitor the risk environment and related changes as part of their normal operational planning. The risks identified and their control is reported to the company's management, Audit Committee and the Board at least twice a year. Business risks also involve opportunities, and they can be utilised within the boundaries of the agreed risk limits. Conscious risk-taking decisions must always be based on an adequate evaluation of the risk-bearing capacity and the profit/loss potential, among other things.
Risk management responsibilities are divided among different functions. The Board is responsible for the Company’s risk management and approves the Company’s risk management policy; the Audit Committee evaluates the levels and procedures of the Company’s risk management and the essential risk areas and provides the Board with related proposals. The CEO and the Management Team are responsible for the specification and adoption of the risk management principles. They are also responsible for ensuring that the risks are taken into account in the company’s planning processes and that risk reporting is adequate and appropriate. The Vice President of Risk Management reports to the CFO and is responsible for the Company’s risk management process development, coordination, the implementation of risk evaluation and the essential insurance decisions. Business areas and support functions identify and evaluate the essential risks related to their own areas of responsibility in their planning processes, prepare for them, take necessary preventive action and report on the risks as agreed.
Responsibilities for risk management are shared between the different governing bodies. The Board of Directors is responsible for risk management and approves the risk management policy, while the Audit Committee assesses the Company's risk management levels and practices and key risk areas and makes proposals to the Board of Directors in this regard. The CEO and the Corporate Management Team are responsible for defining and implementing risk management policies and are also responsible for ensuring that risks are taken into account in the Company's planning processes, and that they are adequately and appropriately reported. Risk assessments and the development of Metsä Board’s risk management process are coordinated by Metsä Board’s Risk Committee. Based on the risk mapping conducted twice a year, the Risk Committee compiles a summary of the key risks, which the CEO presents to the Board of Directors after it has been handled by the Corporate Management Team. Businesses and support functions identify and assess the risks in their areas of responsibility in their planning processes, prepare for them, take the necessary preventive measures and report on the risks as agreed.
Metsä Board's essential risk management elements include implementing a comprehensive corporate risk management process that supports the entire business, protecting property and ensuring business continuity, corporate security and its continuous development, as well as crisis management and continuity and recovery plans. According to the risk management policy and principles, adequate risk management forms a necessary part of the preliminary review and implementation stages of projects which are financially or otherwise significant.
The tasks of Metsä Board’s risk management are to
- ensure that all identified risks with an impact on personnel, customers, products, property, information assets, corporate image, corporate responsibility and operational capacity are controlled according to applicable laws and on the basis of best available information and financial aspects
- ensure that the company’s objectives are met
- fulfil the expectations of stakeholders
protect property and ensure disruption-free business continuity
- optimise the profit/loss possibility ratio
- ensure the management of the company’s overall risk exposure and minimise the overall risks.
The most significant risks and uncertainties known to the Company are described in the Report of the Board of Directors.