Risk management is an essential part of the internal control system of the Group. The Company has defined the principles applied in the organization of the risk management. The purpose of risk management is to identify potential events that may affect the achievement of the Group’s objectives in changing business environment and to manage such risks to a level that the Group is capable and prepared to accept so that there is reasonable assurance and predictability on the achievement of the Group’s objectives. The risk management process of the Group is based on Enterprise Risk Management (ERM) framework of Committee of Sponsoring Organizations of the Treadway Commission (COSO).
The Group’s risk management process involves assessing risks systematically by business unit, segment and Global function, improving risk management awareness and quality, sharing best practices and supporting cross-functional risk management initiatives. In order to systematize and facilitate the identification of risks they are categorized as strategic, operational, financial, and information risks. These categories are closely aligned with the strategic, operational, financial and compliance objectives of the Group.
Huhtamaki Group Enterprise Risk Management (ERM) Policy defines the objectives, scope and responsibilities of risk management. Compliance with the risk management policy assures timely identification and recording of risks and the application of relevant risk management measures to address these risks. More detailed risk management procedures are set forth in the Group’s ERM framework and process guideline.
The Audit Committee monitors the implementation of risk management activities, and evaluates the adequacy and appropriateness of ERM. The Audit Committee reports regularly to the Board of Directors, which is responsible for reviewing the Group’s strategic, operational, financial and information risks. The Board of Directors approves the risk level that the Group is capable and prepared to accept and the extent to which risks have been identified, addressed and followed up.
The Global Executive Team is responsible for the adoption and deployment of the Group’s internal control principles and procedures relating to risk management. The risk management process includes systematic identification and assessment of risks in each business segment and their business units as well as at Group level. Risks are consolidated from the business unit to the segment level and from the business segment to the Group level. At each level risk treatment actions are defined in order to reach acceptable risk levels. Execution and supervision of these risk treatment actions is a task of line management. Upper level line management always approves lower level risk mitigation actions and the risk level reached after implementation of such actions. The Global Risk Management function monitors and reports the achievement of these actions. The purpose is to verify that risk treatment actions support the achievement of the Group’s strategic, operational, financial and compliance objectives.
The Global Risk Management function organizes, instructs supports, supervises and monitors risk management activities on an ongoing basis. The function also analyzes changes in the impact, likelihood and level of control for each identified business risk. It reports results of the risk management process to the Audit Committee annually. The Global risk management function also prepares reports to the business segment and Group management as well as the internal audit and the Auditor.
Business unit, segment and Group level risk management process and activities are engaged with the Group’s strategic planning process. Risk management process may be commenced any time in the course of the financial year should a certain business area encounter essential strategic changes requiring initiation of the risk management process.
Risk management at Huhtamaki aims at identifying potential events that may affect the achievement of the Group’s objectives. The purpose is to manage risks to a level which the Group is capable and prepared to accept so that there is reasonable assurance and predictability regarding the achievement of the Group’s objectives. The aim is also to enable efficient allocation of resources and risk management efforts.
In order to systematize and facilitate the identification of risks they are categorized as strategic, operational, financial and information risks. These categories are closely aligned with the strategic, operational, financial and compliance objectives of the Group.
During 2017 the key risks identified in the 2016 risk assessment process were monitored to assess their existing and newly implemented controls and any changes in the risk level itself. Actions to manage those risks were planned and executed at Group or segment level and followed by the Group Risk Management function on a quarterly basis with focus on each business segment’s most significant risks.
Parallel to the strategic planning process, business units, segments and Group functions identified and assessed business risks against their medium to long term objectives. These risk assessment results were consolidated from business unit to segment and further to Group level and used to identify the key risks at segment and Group levels. At each level from business unit to Group, risk treatment actions were subsequently defined in order to reach acceptable risk levels. The acceptable risk levels associated with appropriate risk management efforts were approved by the Global Executive Team, reviewed by the Audit Committee of the Board of Directors and finally approved by the Board of Directors. Agreed risk management efforts will be conducted and followed during 2018.
Price management and raw material and energy price risks are considered among the most significant risks and opportunities to the Group’s strategic and financial objectives. The prevailing macroeconomic instability increases volatility in raw material and energy prices that may affect the Group’s financial performance and thus increases the importance of efficient price management.
Growth and market position, together with demand and competition, shifts in consumer behavior and reliance on large customers are seen as the most important risks and opportunities to the Group’s growth strategy. To sustain and boost business growth, the Group needs to continuously meet customers’ and end consumers’ demand with a competitive and sustainable product offering.
Macroeconomic and political risks continue to be among the most important risks and opportunities to the Group. Economic growth is a key driver to organic and acquisitive business growth and performance. Political decisions may drive changes in the global and local economies and world free trade treaties. Predicting such changes and their implications to business is high on agenda in order to assure business contingency and continued solid financial performance.
Risks relating to human resources, destruction of facilities and continuity of operations, disruption in raw materials or energy supply as well as product safety and quality are considered the most significant operational risks for the Group. Destruction of a major facility or disruption in raw material supply and thereby compromised business continuity could have negative impact on business through decreased sales. Critical shortcoming in product safety or quality could decrease sales as a result of potential reputation issues.
Foreign exchange translation and transaction risks remain among the Group’s twenty most important risks with very little change in ranking from 2016. More information on financial risks can be found in Note 28 of the Annual Accounts 2017.
Variance between the assessed business impacts of the Group’s ten most important risks after risk treatment actions is relatively small. None of the identified risks are considered of a magnitude that could not be managed or would endanger the implementation of the Group’s strategy.
When considered necessary, appropriate risk treatment actions may also involve risk transfer by means of insurance. The Group maintains a number of global insurance programs. The need for insurance, including the adequacy of its scope and limits, is continuously evaluated by the Global Risk Management function.
The Group invests in continuous improvement of property risk control and business continuity management. In 2017, the Flexible Packaging segment started implementing its Fire Protection Concept, a common fire protection standard for all the segment’s business units, aligned with the Group’s Property Risk Control Program. Investments in property risk control were also made by other segments, for example the expansion of Foodservice Europe-Asia-Oceania segment’s manufacturing unit in Guangzhou, China involved investment in the unit’s fire safety. During the second half of 2017, the Global Risk Management function tendered the Group’s global broking and risk engineering services.