The objective of risk management is to support the realisation of Atria’s strategy and the achievement of targets, to prevent unfavourable events from occurring and to safeguard business continuity. Atria’s risk management operations are guided by the Risk Management Policy, approved by the Board of Directors and, where applicable, ISO 31000 and ISO 31010 standards. Risk Management Policy specifies risk management goals, principles, responsibilities and powers, together with the principles of risk assessment and reporting.
Risk management at Atria is systematic and dynamic, and supports the continuous development of the organisation. It is based on a uniform model for risk identification, assessment and reporting in all business areas and Group administration, and forms an integral part of the annual planning process. In risk assessment, a risk management plan is drawn up for managing the risks identified.
Atria defines risk as the effect of uncertainty on the company’s objectives. Risks can cause positive or negative deviations from theo bjectives. Risks may be caused by events within Atria, or by external conditions or events. For reporting purposes, Atria’s risks are divided into four categories: strategic risks, operational risks, liability risks and financial risks.
Organisation and responsibilities of risk management
The Board of Directors approves the Risk Management Policy and any changes to it, and supervises the implementation of the principles specified in the policy. The Group’s CEO is responsible for the appropriate organisation of risk management at Atria, and the CFO sees to the development of the risk management and risk reporting framework.
The members of the Group’s Management Team are responsible for identifying and assessing strategic risks and for implementing risk management in their respective areas of responsibility. The management teams of the business areas are responsible for identifying and assessing risks and for implementing risk management in their respective business areas. The directors of the business areas ensure that the management teams fulfil their risk management and risk reporting responsibilities.
The Group’s Treasury Committee is responsible for identifying and assessing financial risks and for implementing risk management throughout the Group. When preparing an annual plan for internal audit, key observations from the risk assessments made as part of the Group’s planning process are taken into account. Every Atria employee is responsible for identifying and assessing risks associated with their work and any other risks that they encounter, and for drawing attention to and preventing such risks.
Major risks and uncertainties which the Board of Directors is aware of are discussed in more detail in the Report by the Board of Directors under “Risk management at Atria”.