Overview of the risk management systems
Principles of risk management
Risk management is an essential part of the internal control system of the Group and an active means to analyze and manage opportunities and threats related to the business strategy and operations. The Company has defined the principles applied in the organization of the risk management. The purpose of risk management is to identify potential events that may affect the achievement of the Group’s objectives in changing business environment and to manage such risks to a level that the Group is capable and prepared to accept so that there is reasonable assurance and predictability on the achievement of the Group’s objectives. The risk management process of the Group is based on Enterprise Risk Management (ERM) framework of Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Risk management process and responsibilities
The Group’s risk management process involves assessing risks systematically by business unit, segment and Global function, improving risk management awareness and quality, sharing best practices and supporting cross-functional risk management initiatives. In order to systematize and facilitate the identification of risks they are categorized as strategic, operational, financial, and information risks. These categories are closely aligned with the strategic, operational, financial and compliance objectives of the Group.
Huhtamaki Group Enterprise Risk Management (ERM) Policy defines the objectives, scope and responsibilities of risk management. Compliance with the risk management policy assures timely identification and recording of risks and the application of relevant risk management measures to address these risks. More detailed risk management procedures are set forth in the Group’s ERM framework and process guideline.
The Audit Committee monitors the implementation of risk management activities, and evaluates the adequacy and appropriateness of ERM. The Audit Committee reports regularly to the Board, which is responsible for reviewing the Group’s strategic, operational, financial and information risks. The Board approves the risk level that the Group is capable and prepared to accept and the extent to which risks have been identified, addressed and followed up.
The GET is responsible for the adoption and deployment of the Group’s internal control principles and procedures relating to risk management. The risk management process includes systematic identification and assessment of risks in each business segment and their business units as well as at Group level. Risks are consolidated from the business unit to the segment level and from the business segment to the Group level. At each level risk treatment actions are defined in order to reach acceptable risk levels. Execution and supervision of these risk treatment actions is a task of line management. Upper level line management always approves lower level risk mitigation actions and the risk level reached after implementation of such actions. The Global Risk Management function monitors and reports the achievement of these actions. The purpose is to verify that risk treatment actions support the achievement of the Group’s strategic, operational, financial and compliance objectives.
The Global risk management function organizes, instructs, supports, supervises and monitors risk management activities on an ongoing basis. The function also analyzes changes in the impact, likelihood and level of control for each identified business risk. It reports results of the risk management process to the Audit Committee annually. The Global risk management function also prepares reports to the business segment and Group management as well as the internal audit and the Auditor.
Business unit, segment and Group level risk management process and activities are engaged with the Group’s strategic planning process. Risk management process may be commenced any time in the course of the financial year should a certain business area encounter essential strategic changes requiring initiation of the risk management process.
The most significant risks
Price management as well as raw material, energy price and other cost inflation are considered among the most significant risks and opportunities to the Group. Efficient price and cost management are vital in achieving the Group’s strategic and financial objectives. The Group takes the opportunity to leverage scale and share best practices to maintain profitability.
Shifts in consumer behavior and regulatory requirements on food packaging are important risks and opportunities for the Group. The company’s future growth and success depend on its continued ability to predict and respond to changes and its ability to innovate and develop new products in a timely manner. Urbanization and growing consumer demand for sustainable and safe food and drink packaging solutions create significant growth and innovation opportunities for the Group. On the other hand, growth and market position are at risk if the Group’s product and service offering, or production capacity, do not meet customer and consumer demand, or its products fail to comply with food packaging regulation. To manage these risks, the Group monitors regulatory changes and drivers through several sources and stakeholders, and actively innovates and invests in manufacturing capacity and capabilities, particularly in growth markets. Additionally, the Group pursues add-on and scale acquisitions across geographies to enhance its core business.
Macroeconomic and political risks continue to be among the important risks and opportunities for the Group. The global eco-nomic and financial market conditions have repeatedly undergone significant turmoil due to, among other matters, the uncertainties arising from Brexit and the continuous trade tensions between the United States and China. Economic growth is a key driver for organic and acquisitive business growth and performance. Political decisions often drive changes in the global and local economies and free trade agreements. Predicting such changes and their implications in the Group’s business is high on the agenda.
Human resources risks have slightly increased in comparison to 2018. Resourcing may become a challenge when the Group is deploying multiple change projects and competence is needed in specialized areas. To manage these risks, the Group maintains global and local talent pools, focuses on key talent retention and internal rotation as well as leadership and other competence development.
Risks related to destruction of facilities and continuity of operations, disruption in raw materials or energy supply as well as IT infrastructure, systems and applications, are important operational risks potentially impacting the business continuity of the Group. The company performs a continuous improvement program in property risk control, mitigating hazards that may lead to property damage and business interruption. To minimize the impact of a potential business interruption, the company maintains and further develops its disaster recovery and business continuity plans and allocates manufacturing capacity to several locations.
Product safety and quality is high on the Group’s agenda. While consistent high quality and safety of the Group’s product offering build a competitive advantage, a critical shortcoming in product safety or quality could deteriorate the company’s reputation and decrease sales. In 2019, the Group appointed a Global Food Contact Manager.
Foreign exchange transaction risk remains among the Group’s twenty most important risks with little change in ranking from 2018. More information on financial risks can be found in Note 5.8. of the Financial statements section of the Annual Report 2019.
None of the risks identified in connection with the 2019 risk assessment are considered of a magnitude that could not be managed or would endanger the implementation of the Group’s strategy. When considered necessary, appropriate risk treatment actions may also involve risk transfer by means of insurance. The Group maintains a number of global insurance programs. The need for insurance, including the adequacy of its scope and limits, is continuously evaluated by the Global Insurance function.