Risk management process
Scandic has established a risk management process designed to identify and reduce risks that can have an adverse effect on the Group’s earnings and cash flow, brand and reputation, or long-term competitiveness.
The process that provides a framework for the Group’s risk management follows an annual cycle:
- Executive Committee carries out risk mapping where risks are identified and measured based on the probability that they will occur as well as the consequences of their occurrence on the Group’s operations and financial position. This results in a risk map where each risk is classified as low, medium or high. Then the internal controls and the control environment are evaluated where a high level of control can reduce risks both in terms of probability and consequences.
- Based on the Group’s risk profile and risk strategy, any gapsare identified in relation to the desired level of control. Thereafter, an action plan is developed to reduce gaps where the value of reducing the risk is measured against the cost of establishing and maintaining internal controls.
- The structure and frequency of monitoring risk status and action plans is determined. Strategic risks are reported to the Board and monitored in connection with strategy seminars, establishing business plans and regular Board meetings. Financial risks are reported and monitored both in financial reporting to the Board and at Audit Committee meetings according to the adopted annual meeting agenda. Operational risks are managed by The Executive Committee and higher or more critical risks are also regularly reported to the Board.
Responsibility and monitoring
The Board of Directors has overall responsibility for ensuring that the Group has appropriate risk management structures in place. The Board is also responsible for monitoring strategic risks. The Audit Committee is responsible for evaluating the efficacy of the structure and risk management processes. The Audit Committee is also responsible for monitoring financial risks in accordance with the Committee’s instructions.
The President & CEO is responsible for managing risks in accordance with the guidelines adopted by the Board. The risk management process and work within specially identified risk areas are driven centrally by the Group’s Chief Financial Officer, who has the overall responsibility. Operational risks are managed by The Executive Committee where each significant risk identified is assigned to a designated manager who is responsible for proposing measures to fill any gaps and to ensure the execution of action plans. Financial risks are managed by Group Finance in accordance with Board-approved policies and instructions, and are reported by the Chief Financial Officer to the Audit Committee.