Risk management policy
YIT’s risk management policy aims to identify major risk factors and manage these factors so that the company achieves its strategic and financial objectives responsibly. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. One key perspective in risk management is also to identify opportunities and actively take advantage of them.
YIT’s risk management policy aims to identify key risk factors in the company’s operations and manage these in a balanced manner to enable the company to achieve its strategic and financial objectives and ensure the continuity of its operations. The starting point is to manage the Group’s total risk exposure, not merely the management of individual risk factors. One key perspective in risk management is also to identify opportunities and actively take advantage of them. Risk management must be proactive, co-ordinated and systematic.
YIT’s Board of Directors approves the company’s risk management policy and its objectives, including the risk tolerance and risk appetite. The Board of Directors guides and supervises the planning and execution of risk management. The Audit Committee of the Board of Directors assists the Board of Directors in supervisory duties related to YIT Group’s accounting and reporting processes, including internal control, risk management, internal audit and guiding and supervising the audit. The Audit Committee also monitors and evaluates the effectiveness, sufficiency and appropriateness of risk management systems.
The Group’s President and CEO retains overall responsibility for risk management. The President and CEO is responsible for the organisation and the design, development, co-ordination and monitoring of the risk management strategy, as well as its implementation and communication throughout the organisation. The heads of business segments and support functions identify, assess and monitor the major risks facing their respective areas of responsibility, draw up contingency plans for those risks and attend to the implementation and supervision of risk management. The management of the business segments and support functions report to the President and CEO.
Risk management planning and the evaluation of the overall risk position are part of the annual strategy process. Risk management is included in all of the Group’s significant operating, reporting and management processes. Material changes in risks are monitored on a monthly basis and reported in accordance with the Group’s management and reporting practices. When proposals or development projects are evaluated, their significant risks and how they should be taken into consideration are also assessed. The Board of Directors reviews and, if necessary, updates the Group’s defined risk levels and, among other things, the decision-making authorisations defined for the management of risks and investments. The President and CEO may implement stricter definitions.
The Group’s financial and financing management is responsible for identifying and assessing financial risks. The Group’s internal audit organisation supports YIT’s management in ensuring the effectiveness of risk management and internal control. The internal audit reports to the Audit Committee of the Board of Directors and to the President and CEO.
THE GROUP’S RISKS
YIT has categorised the risks that are significant to its operations into strategic, operational, financial and event risks.
Strategic risks are risks that might endanger the achievement of the Group’s strategic and financial goals if they should materialise. A strategic risk review is carried out at the Group level once a year in connection with the review of the strategy and also as part of annual planning. As a result of the risk review, the major risks of the business segments, Corporate Services and the Group level are identified and classified into a risk matrix based on their likelihood of occurrence and possible impacts. The management of strategic risks is guided by the risk tolerance and risk appetite defined in annual planning.
Operational risks and event risks are related to the nature of business operations, and they are managed by, among other things, developing operating methods and decision-making procedures. Operational risks and event risks are assessed and reported monthly as part of normal management.
Financial risks include risks related to the sufficiency of financing, currency and interest rates, credit and counterparty risks, and risks related to the reporting process. Financial risks are monitored on a monthly basis as part of the normal monitoring of results. The risks associated with the financial reporting process are identified and assessed annually.
Risk management is an inseparable part of the preparation and implementation of projects and other operations. The primary objective of the management of event risks is the prevention of damage. A responsible operating model takes economic, social as well as environmental perspectives into consideration.
The Group’s business development function is responsible for steering the practical development of risk management. The implementation of the annually selected development themes is spread out across the organisation.