Risk management policy
YIT’s risk management policy aims to identify major risk factors and manage these factors so that the company achieves its strategic and financial objectives responsibly. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. One key perspective in risk management is also to identify opportunities and to actively take advantage of them.
YIT’s risk management policy aims to identify key risk factors in the company’s operations and manage these in an optimal manner to allow the company to achieve its strategic and financial objectives and ensure the continuity of its operations. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. Risk management must be proactive, co-ordinated and systematic.
YIT’s Board of Directors approves the company’s risk management policy and its objectives, including the risk tolerance and risk appetite. The Board of Directors guides and supervises the planning and execution of risk management. The Audit Committee of the Board of Directors assists the Board of Directors in supervisory duties related to YIT Group’s accounting and reporting processes, including internal control, risk management, internal audit and guiding and supervising the audit.
The Group’s President and CEO retains overall responsibility for risk management. The President and CEO is responsible for the organisation and the design, development, co-ordination and monitoring of the risk management strategy, as well as its implementation and communication throughout the organisation. The heads of the business segments identify, assess and monitor the major risks facing their respective businesses, draw up contingency plans for those risks and attend to the implementation and supervision of risk management. The heads of the segments report to the President and CEO.
The Group’s financial and finance management is responsible for identifying and assessing financial risks, reporting to Group management. The Group’s internal audit organisation supports YIT’s management in arranging and developing risk management and internal control. The internal audit reports to the Audit Committee of the Board of Directors and to the President and CEO. Risk management plays a key role in the management, supervision and reporting of the company’s business operations.
THE GROUP’S RISKS
YIT has categorised the risks that are significant to its operations into strategic, operational, financial and event risks.
Strategic risks are risks that might endanger the achievement of the Group’s strategic and financial goals if they should materialise. A strategic risk review is carried out at the Group level once a year in connection with the review of the strategy and also as part of annual planning. As a result of the risk review, the major risks of the business segments, Corporate Services and the Group level are identified and classified into a risk matrix based on their likelihood of occurrence and possible impacts. The management of strategic risks is guided by the risk tolerance and risk appetite defined in annual planning.
Operational risks and event risks are related to the nature of business operations, and they are managed by, among other things, developing operating methods and decision-making procedures. Operational risks and event risks are assessed and reported monthly as part of normal management.
Risk management is an inseparable part of the preparation and implementation of projects and other operations. The primary objective of the management of event risks is the prevention of damage. A responsible operating model takes economic, social as well as environmental perspectives into consideration.
Financial risks include risks related to the sufficiency of financing, currency and interest rates, credit and counterparty risks and risks related to the reporting process. Financial risks are monitored on a monthly basis as part of the normal monitoring of results. The risks associated with the financial reporting process are identified and assessed annually.
The Group’s business development function is responsible for steering the practical development of risk management. The implementation of the annually selected development themes is spread out across the organisation.
A more detailed description of YIT's risks can be found in the Annual Report 2016.