Risk management is one of the key components of the Company’s internal control system. The objective of Ahlstrom’s enterprise risk management process is to create a consistent consideration of risk and reward in day-to-day operations and to protect the Company against loss, uncertainty and lost business opportunities. Enterprise risk management also supports the achievement of the Company’s strategic and operational targets while managing risks within the risk appetite of the Company.
The enterprise risk management process facilitates the identification and assessment of as well as response to events that may threaten the achievement of Ahlstrom’s strategic or operational goals. Identified risks are assessed and prioritized according to their likelihood and their potential impact on Ahlstrom’s financial performance. Risks are categorized as strategic risks, operational risks, financial risks and hazard risks.
The enterprise risk management framework and process, their alignment with the overall management system as well as the related responsibilities are defined in the Group Risk Management Policy.
The Board has the ultimate responsibility for the Company’s risk management and also approves the Group’s Risk Management Policy. The Board reviews the identified key risks and is responsible for the determination of risk appetite and tolerance.
The Audit Committee also regularly reviews the effectiveness of the Company’s risk management activities, assesses the information provided to the management and the Board regarding key risks and evaluates the plans to manage such risks.
The CEO, EMT and other members of the management at the Group, Business Area, plant and function levels are responsible for implementing the Group Risk Management Policy and daily risk management procedures, each within his/her domain.
The CFO is responsible for overseeing the implementation of the Group Risk Management Policy, coordinating risk management activities and for risk reporting within the Company. As of 2011, the Group risk management activities have been outsourced to KPMG Oy Ab under the supervision of the CFO.
In Ahlstrom, the main principle is to manage risks at their source, i.e. within the business area, plant or function where risks may occur. Risk treatment and monitoring actions for the assessed risks are defined and carried out by the appropriate management at different levels of the organization. To realize economies of scale and to ensure appropriate Group-level control, certain risk management activities such as the establishment of Group-wide insurance programs and management of the Group’s financial risks are centralized.
Risk assessments are conducted annually by the business areas, the EMT and the Group functions. The outcome of these assessments is consolidated and presented to the EMT, the Audit Committee and the Board. Identified key risks and the respective risk treatment actions are followed up and taken into consideration in the Company’s business and annual planning processes. The evaluation by the Audit Committee of major risks and uncertainties relating to the Company and its operations is included in the Report of operations for 2015.