Risk management is an integrated part of business planning and performance management. The objective of risk management within Fortum is to support the creation of the corporate strategy and to enable the strategy execution, to support the achievement of agreed financial targets and to avoid unwanted operational events.
The Group Risk Policy, approved annually by Fortum’s Board of Directors, sets the objectives, principles and division of responsibilities for risk management activities within the Group as well as defines the overall risk management process.
The Audit and Risk Committee is responsible for risk oversight within the Group. Corporate Risk Management, an independent function headed by the Chief Risk Officer, reports to CFO and is responsible for assessing and reporting Group’s consolidated risk exposure to the Board of Directors and Group Management. Corporate Risk Management also monitors the risk in relation to mandates approved by CEO.
Fortum’s risk management process consists of identification, risk assessment, risk response and risk control. Risks are primarily identified by divisions and corporate units in accordance with Group instructions and models that are approved by Corporate Risk Management.
The generic risk management process is also embedded in the internal controls framework and the Fortum common process level control structure has been created by using a risk-based approach to define the individual control points.
More about risk management and the largest risks in the latest operational and financial review, interim reports and corporate governance statement.
Internal controls
The Fortum risk management process is also embedded in the internal control framework, and the process level internal control sructure has been created by using a risk-based approach. The same approach is also used for the financial reporting process. Fortum's internal control framework includes main elements from the framework introduced by the Committee of Sponsoring Organisations of the Treadway Commission (COSO).