Risks and risk management
YIT’s risk management policy aims to identify major risk factors and manage these factors so that the company achieves its strategic and financial objectives responsibly. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. One key perspective in risk management is also to identify opportunities and actively take advantage of them.
Risk management policyYIT’s risk management policy aims to identify key risk factors in the company’s operations and manage these in an optimal manner to allow the company to achieve its strategic and financial objectives and ensure the continuity of its operations. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. Risk management must be proactive, coordinated and systematic.
YIT’s Board of Directors approves the company’s risk management policy and its objectives, including the risk tolerance and risk appetite*. The Board of Directors guides and supervises the planning and execution of risk management. The Audit Committee of the Board of Directors assists the Board of Directors in supervisory duties related to YIT Group’s accounting and reporting processes, including internal control, risk management, internal audit and guiding and supervising the audit.
The Group’s President and CEO retains overall responsibility for risk management. The President and CEO is responsible for the organisation and the design, development, coordination and monitoring of the risk management strategy, as well as its implementation and communication throughout the organisation. The heads of the business segments identify, assess and monitor the major risks facing their respective businesses, draw up contingency plans for those risks and attend to the implementation and supervision of risk management. The heads of the segments report to the President and CEO.
The Group’s financial and finance management is responsible for identifying and assessing financial risks, reporting to Group management. The Group’s internal audit organisation supports YIT’s management in arranging and developing risk management and internal control. The internal audit reports to the Audit Committee of the Board of Directors and is in the organisation under the President and CEO.
Risk management plays a key role in the management, supervision and reporting of the company’s business operations.
* Risk tolerance and risk appetite specify target threshold values; for example, for the use of capital and the company’s sales risk, taking the prevailing economic situation and operating environment into account. They are defined as part of the annual planning process, and their actual results and forecasts are continuously used in steering the company’s operations.
The Group’s risksYIT has categorised the risks that are significant to its operations into strategic, operational, financial and event risks.
Strategic risks are risks that might endanger the achievement of the Group’s strategic and financial goals if they should materialise. A strategic risk assessment is carried out at Group level once a year in connection with the review of the strategy. As a result of the assessment, the major risks of the business segments, Group Services and the Group level are identified and classified into a risk matrix based on their likelihood of occurrence and possible impacts. The management of strategic risks is guided by the risk tolerance and risk appetite defined in annual planning.
Operational risks and event risks are related to the nature of business operations, and they are managed by, among other things, developing operating methods and decision-making procedures. Operational risks and event risks are assessed and reported monthly as part of normal management and results monitoring. Risk management is an inseparable part of the preparation and implementation of projects. The primary objective of the management of event risks is the prevention of damage. The responsible operating model takes economic, social as well as environmental perspectives into consideration.
Financial risks include risks related to the sufficiency of financing, currency and interest rates, credit and counterparty risks and risks related to the reporting process. Financial risks are monitored on a monthly basis as part of the normal results monitoring. The risks associated with the financial reporting process are identified and assessed annually.