Sitowise’s risk management is integrated into the Groups’ management, monitoring and reporting systems. Risk management covers the identification of risks, the assessment of the magnitude of risks and the definition of the necessary management measures, and if necessary, separate contingency plans. In accordance with the Group’s risk framework, risks are divided into strategic, financial, operational, and damage.
The objectives of Sitowise’s risk management:
- to provide management a real and accurate picture of the current situation.
- continuingly and systematically identify risks facing the company and its operating environment.
- managing risks so that the company's strategic and financial goals are not jeopardized.
- ensure prerequisite of the business and business continuity.
In practice, risk management is implemented on three main levels:
- GROUP: Sitowise group level risk management is carried out in accordance with the annual clock. It comprehends Group's annual risk assessment and its monitoring, as well as the regular status reports to the Management Team.
- BUSINES AREA: On the business area and service level, identification of the risks and actions needed are identified simultaneously every year during the action planning. Specific insights complement the Group's risk management from the perspective of each business area. Risk monitoring is performed as part of the follow-up of the action plan implementation.
- PROJECTS: The risk management of Sitowise's tenders and projects is based on a risk-based project taxonomy. The taxonomy specifies the level of risk management needed in certain project. The purpose is to focus risk management on those projects and themes that are most critical to the project's progress and achievement of the goals set. Sitowise uses its own digital collaboration tool Voima, which is tailored to company’s needs. In Voima there can also be found a specific tool for risk evaluation. The factors in the risk assessment are e.g. schedule, resources, content of the assignment, security, and sustainability. If needed, project risk management can also be reported to the client.
Actions based on the risk management are targeted on the most significant risks on each level. The necessary actions are decided case-by-case. For each case, there is a person pointed responsible of the planning, implementation, and monitoring of the actions and their effectiveness.
Responsibilities and organization of risk management
Sitowise's Board of Directors discusses e.g. matters related to the Group's strategy, business organization and significant investments. In addition, it approves the main principles of the Group's risk management and directs and supervises the planning and implementation of it.
The Group CEO has overall responsibility for risk management. CEO is responsible for organizing operations and implementing the main principles of risk management, as well as reporting to the Board.
The Group Management Team is responsible for the implementation of risk management, meaning the identification of the Group's risks, the monitoring and assessment of risks and measures related to risks. Management of the business area is responsible for managing the risks in each business, as well as the risks of tender and project activities. Actions include ensuring adequate insurance to cover project assignmenets.
HSEQ Director is responsible for the planning, development and guidance of the risk management and its implementation. HSEQ Director reports to the Group CEO.
Risk management procedures have been discussed and their adequacy has also been assessed in connection with internal and external audits. In addition, the management of tender and project operations risks, and complaints are developed together with the insurance company, e.g. through training. In project operations, risk management measures are implemented together with customers, if needed.