Sandvik Group key risks 2018

Risk description

Risk consequence

Risk mitigation

S1. Industry shifts and market developments
Risk description

Risks connected to shifts or consolidation in the industry, in certain customer segments or markets.

Risk consequence

The inability to reach strategic objectives long term, leading to lower growth or lower financial performance.

Risk mitigation

The different business areas are working with proactive business development and M&A. There is a strong focus on product segmentation (multi-company development/strategies, midmarket), aiming to diversify the product portfolio and reduce dependence on individual customer segments. There is also strong cost control in all our businesses.

S2. Macroeconomic developments
Risk description

Risks connected to high market volatility, rapid macroeconomic fluctuations and cyclical industries/markets.

Risk consequence

The inability to plan long term, leading to less agile business, higher costs or price models not being profitable, causing lower financial performance long term.

Risk mitigation

All businesses are working with strong cost control and cost flexibility. All businesses are closely monitoring relevant Key Risk Indicators (capex investment in mining, raw material prices, GDP, oil rig count, daily order rates, etc.). They all have up to date contingency plans, including different scenarios, ready to activate at first signs of a down-turn.

S3. Technological change/shifts
Risk description

Risks connected to technological developments/advancements that can impact or challenge current ways of doing business or demand for current products/ services. Increased need for specialist/expert competence in R&D and other niche areas. Inability to attract new talents in certain highly competitive markets.

Risk consequence

The inability to reach strategic objectives long term, leading to lower growth or financial performance. A general risk of losing competitiveness and business position on the market with a special risk focus if not being able to take a strong position in the digital area fast enough.

Risk mitigation

There is a strong focus on R&D in all our businesses as well as proactive business development and M&A activities where growth is a priority. The business is closely monitoring the development of new technologies and customer segments. Partnerships have been formed with key partners and research centers to advance knowledge and capabilities in areas currently not core business. The business has also invested in additive manufacturing, powder technology, digitalization and automation. Sandvik has, across the business areas, focused on developing the Sandvik employer brand. One key area is to use new, digital channels to attract and recruit competence for the future. Succession planning has been strengthened for top management positions.

S4. Regulatory change
Risk description

Significant new legislation or regulations that could have an impact on the Sandvik business.

Risk consequence

The inability to quickly respond to new regulations leading to higher costs, fines or the inability to continue manufacturing of certain products. Can have negative reputational impact.

Risk mitigation

All parts of Sandvik work with the monitoring of different initiatives and continually evaluate their impact on our business. We are active in business associations and other organizations, such as Jernkontoret and Svenskt Näringsliv, to name a few, to monitor regulatory development to benefit long-term sustainable business.

B1. Noncompliance with laws and regulations
Risk description

Risks that legal and regulatory requirements are not met.

Risk consequence

Worst-case scenarios show high financial impact due to fines in multiple markets. Can have a major negative reputational impact if risk were to materialize.

Risk mitigation

The Group has an established governance framework, The Sandvik Way, which includes Group policies, Group procedures and other steering documentation. The scope of the governance framework, including the controls implemented, is based on legal requirements and risk exposure. Sandvik's formal compliance programs of antibribery and anti-corruption, competition law, customs and export controls and data privacy are managed by the business with oversight through a Group functional council. GDPR (General Data Protection Regulation) program being rolled out globally.

B7. IT failures
Risk description

Risks of disturbances in critical IT systems, business processes or other digital infrastructure. Increased need for digital and innovative business development competence.

Risk consequence

Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.

Risk mitigation

A cyber security improvement program across the Sandvik Group is ongoing. Each business area is running an IT security improvement program, including risk review of critical business applications and risk-based network segmentation.

B10. Information and data protection
Risk description

Failure to adequately restrict access to information which may result in unauthorized knowledge or use of confidential information.

Risk consequence

Can lead to business critical information being made available to unauthorized individuals/organizations.

Risk mitigation

Increased authentication to prevent unauthorized access to certain systems has been implemented in Sandvik’s IT environment. All business areas have strengthened their IT security management and information security resources during the year. Review of key processes for information release and overall communication channels initiated. GDPR (General Data Protection Regulation) implementation is being rolled out globally.

B13. Change management/demand/readiness
Risk description

Risk of unclarity on mandate and responsibilities in the new decentralized way of working.

Risk consequence

Can result in both organisational inefficiency and inability to deliver products or services on time to customers.

Risk mitigation

Improved communication and training on roles and responsibilities in the new decentralized way of working. Compliance with Limits of authority.

B15. Business interruptions
Risk description

Risks that major disasters or hazardous events disrupt the company’s ability to sustain operations, provide essential products and services to customers, or recover operating costs.

Risk consequence

Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.

Risk mitigation

A review and update of the Group’s Crisis Management Policy was conducted during 2018 and the development of the Business Continuity framework has been initiated. The business areas have already performed risk scenario planning for some of the most critical production entities, supply chain vulnerabilities and IT system dependencies.