General principles of the risk management and the connection to internal control
Risk management is an integral part of internal control. The Group's risk management is guided by legal requirements, business requirements set by the shareholders as well as the expectations of the customers, personnel and other important stakeholders. Risk management refers to identification, assessment, measurement, monitoring and mitigating of risks that are fundamentally related to or part of the business.
The aim of the risk management is to identify the risks relevant to the business operations and to define the measures, responsibilities and time schedules required for effective risk management. The risk management process is aligned with other governance and management processes and the results achieved are used systematically as part of operative planning.
Risk management is carried out and risks are reported in accordance with company’s risk management policy and risk management process. The evaluations of risks reviews are performed annually and risks and activities are being followed up on periodically in Board and Audit Committee meetings.
The steering and monitoring of business operations is based on the reporting and business planning system covering the entire Group. The CEO and CFO give both Board and Executive Team meetings presentations of the Group's situation and development in monthly reports.