Sandvik risk management processes support our business to manage and effectively mitigate critical risks.
The ability to effectively identify and manage risk is a vital element of business success for all parts of the Sandvik business.
The Group’s risk management approach follows our decentralized structure. The Sandvik Board of Directors is ultimately responsible for the governance of risk management. Sandvik’s Group Executive Management ensures there is a common and efficient process in place.
All management teams are responsible for their own risk management. The teams must follow the minimum requirements outlined in The Sandvik Way.
Part of the Board’s requirements are clear and transparent information about Sandvik’s enterprise risks and mitigating activities.
ERM – a part of our strategic work
Sandvik has implemented an Enterprise Risk Management (ERM) program that covers all business areas, divisions and functions within the Group. The management teams analyze risks in their operations and related to their strategic objectives at least annually. Assessment and management of sustainability risks are integrated and significant parts of the ERM program. In addition, the ERM methodology is used as a tool for decision-making, operationally and within projects, as well as in the strategy process in various levels of the Group. The Group Executive Management reviews and discusses the Sandvik Group risk appetite and decide on the Group risk profile once per year. An ERM 2019 report, summarizing key risks and mitigating activities across our business, was provided to Sandvik’s Audit Committee and Board of Directors in December. The Board of Directors’ and the Audit Committe’s involvement in the ERM process is further described on pages Board of Directors and Board committees.
ERM process at Sandvik
Insurance as a risk management tool
Sandvik has tailored insurance programs that transfer the risks associated with the Group’s property, cargo and liability exposures. Insurable risks are continuously evaluated and actions are taken to reduce these insurable risks, as part of Sandvik’s loss-prevention strategy. Supported by our loss-prevention guidance, risk evaluations highlight opportunities to reduce the potential for significant losses and to ensure the Group’s ability to deliver to its customers. In order to ensure cost efficient and tailored insurance solutions, selected risks are reinsured through the Group’s captive insurance company.
Business continuity and crisis management
The global policies for business continuity and crisis management set the requirements for local management teams to ensure their ability to successfully respond to disruptive events and continue their business operations on an acceptable level. Once a risk materializes, our crisis management priorities are to minimize harm to people, to the environment, and to minimize damage to Sandvik’s business, as well as ensuring a swift return to normal activities and safeguarding the company brands.
Internal audit and internal control in Sandvik’s risk work
The internal audit function regularly follows up the implementation of different risk management programs such as ERM, business continuity, crisis management and the insurance programs. Sandvik applies group-wide internal controls to mitigate primarily financial risks but also some of the business risks.
Sandvik’s risk universe
Sandvik’s risk universe is based on risk categories that are organized in three main risk areas – strategic risks, business risks and financial risks. Each risk category can in one way or another significantly impact the Group’s performance if not managed effectively.
Strategic risks are risks that can significantly impact the execution of our business strategies and our ability to achieve our objectives. At Sandvik we include external and emerging risks in this risk area, such as industry shifts, technological shifts and macroeconomic developments. These risks can all impact our business negatively long term but often also create business opportunities if managed well. Our approach to managing these risks differs from other categories as it includes evaluation of which strategic risks to take and improving the business ability to manage them by establishing risk tolerance, predicting the impact of possible risks and monitoring key risk indicators (KRIs).
In this risk area we include operational and commercial risks. These types of risks can often impact the financial performance of the business negatively or can have a negative reputational impact on the brands of the Group. Examples are sustainability risks, such as health and safety risks and compliance risks, and operational risks, such as cyber security risks, IT failures, information and data protection as well as talent attraction and retention. The approach to managing these risks is through active prevention and by designing and implementing mitigation actions and controls.
Through its complex and international operations, Sandvik is exposed to multiple financial risks such as currency risks, interest risks, liquidity and refinancing risk. Sandvik’s Group Treasury is functionally responsible for managing the greater part of the Group’s financial risks. The Board of Directors establishes the principles for the Group’s financial risk management, which comprises guidelines, objectives, and limits for financial management as well as the management of financial risks.
Operating entities within the Sandvik Group present reports on their financial performance and economic status on a regular basis in accordance with internal reporting rules and the accounting policies applied by Sandvik and the International Financial Reporting Standards (IFRS). The Group’s Finance function validates and analyzes the financial information as part of the quality control of financial reporting.
For information about currency risks, interest risks, liquidity and refinancing risks, credit risks, raw material price risks and pension commitments, please see note 27.