Risk management framework and objectives
Fortum’s Risk Management framework is described in the Group Risk Policy and supporting documents. The Group Risk Policy includes an overview of Fortum’s risk management systems consisting of the general principles of risk management and the main features of the risk management process. The objective of the risk management systems are to;
- support the development of the Group strategy,
- support strategy execution,
- support the achievement of agreed targets within acceptable risk levels so that the Group’s ability to meet financial commitments is not compromised,
- ensure the understanding of material risks and uncertainties affecting Fortum, and
- support the prevention of accidents that can have a severe effect on the health and safety of employees or third parties, and from incidents that can have a material impact on Fortum’s assets, reputation or the environment.
The main principle is that risks are managed at source meaning that each Division and Corporate Function Head is responsible for managing risks that arise within their business operations. However, certain risks, such as currency, interest rate, liquidity and refinancing risks, are managed centrally.
Internal controls in relation to financial reporting
The internal control and risk management systems relating to financial reporting are designed to provide reasonable assurance regarding the reliability of financial reporting and aim at ensuring compliance with the applicable laws and regulations.
Fortum’s internal control framework is based on the main elements of the framework introduced by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). The controls including financial reporting controls, have been defined based on the main risks in the process. Internal controls are one of the key elements of Compliance
Programme in Fortum, which also covers business ethics and regulatory compliance.
Fortum has decentralised organisational model, and a substantial degree of authority and responsibility has been delegated to the divisions in the form of control responsibilities. Fortum’s control governance applies the so-called “Three lines of defense” model as illustrated in the graphic.