The target of risk management is to ensure the implementation of Group strategy, development of financial results, shareholder value, dividend payment ability and business continuity. The operational management of the business units is responsible for risk management. They are also responsible for determining sufficient measures and their implementation, and for monitoring and ensuring that the measures are implemented as part of daily management of operations. Risk management is coordinated by the Group CFO, who reports to the CEO.

The Audit Committee monitors the efficiency of the risk management systems and deals with the plans and reports of the risk management.

Each business unit has a separate risk management program. Business risks and their management are dealt with in the business unit management teams. The functions common to the whole Group will ensure that sufficient risk assessment and reporting procedures are incorporated into the processes they are responsible for. In terms of certain risks, the risk management principles and main content have been defined in Group-level policies and guidelines. Group administration is responsible for Group-level insurance plans.

Risk management is essentially based on the aforementioned procedures of internal control, where the chain of responsibility extends throughout the Group. The most important factors in business risk management are a profound understanding of the business and command of the tools which are used for daily business operations and their management. Characteristic risks in each business area are identified in the business units, assessed in the business unit management teams, and reported to the subsidiary Boards and, if need be, also to the Aspo Board of Directors or the Audit Committee. Aspo’s CEO acts as the Chairman of the subsidiaries. Risks are continuously assessed and their management is discussed in the business unit management teams. Risk assessments are updated according to Aspo’s management policy and the most noteworthy findings are presented in the quarterly interim reports. Larger projects always include a separate risk analysis. The most significant risks for the Group are assessed once a year and the results are presented in the annual report.

Updated: 29.07.2021