Risk management

Sandvik risk management processes support our business to manage and effectively mitigate critical risks.

The ability to effectively identify and manage risk is a vital element of business success for all parts of the Sandvik business.

The Group’s risk management approach follows our decentralized structure. The Sandvik Board of Directors is ultimately responsible for the governance of risk management. Sandvik’s Group Executive Management ensures there is a common and efficient process in place.

All management teams are responsible for their own risk management. The teams must follow the minimum requirements outlined in The Sandvik Way.

Part of the Board’s requirements are clear and transparent information about Sandvik’s enterprise risks and mitigating activities.

ERM – a part of our strategic work

Sandvik has implemented an Enterprise Risk Management (ERM) program that covers all business areas, divisions and functions within the Group. The management teams analyze risks in their operations and related to their strategic objectives at least annually. About 80 workshops are conducted annually within the business. These include assigning risk owners and establishing mitigating action plans with follow-up procedures. Assessment and management of sustainability risks are integrated and significant parts of the ERM program. In addition, the ERM methodology is used as a tool for decision-making, operationally and within projects, as well as in the strategy process in various levels of the Group. The Group Executive Management reviews and discusses the Sandvik Group risk appetite and decides on the Group risk profile once per year, based on a bottom-up risk assessment, an external risk outlook and top management input. An ERM report, summarizing key risks and mitigating activities across our business, was provided to Sandvik’s Audit Committee and Board of Directors in December. The Board of Directors’ and the Audit Committee’s involvement in the ERM process is further described on Board of Directors and Board committees.

ERM process at Sandvik

Assess and evaluate risks
Communicate risks
Manage risks
Monitor and follow up risks

Insurance as a risk management tool

Sandvik has tailored insurance programs that transfer the risks associated with the Group’s property, cargo and liability exposures. Insurable risks are continuously evaluated and actions are taken to reduce these insurable risks, as part of Sandvik’s loss-prevention strategy. Supported by our loss-prevention guidance, risk evaluations highlight opportunities to reduce the potential for business interuption and to ensure the Group’s ability to deliver to its customers. In order to ensure cost efficient and tailored insurance solutions, selected risks are reinsured through the Group’s captive insurance company.

Business continuity and crisis management

The global risk management policy and related procedures for business continuity and crisis management set the requirements for local management teams to ensure their ability to successfully respond to disruptive events and continue their business operations on an acceptable level. Once a risk materializes, our crisis management priorities are to minimize harm to people, to the environment, and to minimize damage to Sandvik’s business, as well as ensuring a swift return to normal activities and safeguarding the company brands.

Covid-19 pandemic

Although none of our divisions had a pandemic included in their risk profiles, the response to the Covid-19 pandemic was handled in a professional way. Our decentralized governance model enabled us to be agile with local country coordination to safeguard our employees and with global coordination on a business area level to safeguard supply chain and allocation of production. Many divisions did have a pandemic as one of the scenarios covered in their crisis management and could quickly respond when Covid-19 began to spread globally.

It is encouraging to see how our processes within risk management complement each other and support us in effectively mitigating and acting when a crisis occurs. This includes the Business Continuity Management procedure which has proven to further strengthen our resilience and preparedness for sudden events.

Internal audit and internal control in Sandvik’s risk work

The internal audit function regularly follows up the implementation of different risk management programs such as ERM, business continuity, crisis management and the insurance programs. Sandvik applies group-wide internal controls to mitigate primarily financial risks but also some of the business risks. Read more about the internal controls program at Sandvik.

Sandvik’s risk universe

Sandvik’s risk universe is based on risk categories that are organized in three main risk areas – strategic risks, business risks and financial risks. Each risk category can in one way or another significantly impact the Group’s performance if not managed effectively. The detailed risk universe is outlined on the page Sandvik risk universe.

Strategic risks

Strategic risks are risks that can significantly impact the execution of our business strategies and our ability to achieve our objectives. At Sandvik we include external and emerging risks in this risk area, such as industry shifts, technological shifts and macroeconomic developments. These risks can all impact our business negatively long term but often also create business opportunities if managed well. Our approach to managing these risks differs from other categories as it includes evaluation of which strategic risks to take and improving the business ability to manage them by establishing risk tolerance, predicting the impact of possible risks and monitoring key risk indicators (KRIs).

Business risks

In this risk area we include operational and commercial risks. These types of risks can often impact the financial performance of the business negatively or can have a negative reputational impact on the brands of the Group. Examples are sustainability risks, such as health and safety risks and compliance risks, and operational risks, such as cyber security risks, IT failures, information and data protection as well as talent attraction and retention. The approach to managing these risks is through active prevention and by designing and implementing mitigation actions and controls.

Financial risks

Through its complex and international operations, Sandvik is exposed to multiple financial risks such as currency risks, interest risks, liquidity and refinancing risks. Sandvik’s Group Treasury is functionally responsible for managing the greater part of the Group’s financial risks. The Board of Directors establishes the principles for the Group’s financial risk management, which comprises guidelines, objectives, and limits for financial management as well as the management of financial risks.

Operating entities within the Sandvik Group present reports on their financial performance and economic status on a regular basis in accordance with internal reporting rules and the accounting policies applied by Sandvik and the International Financial Reporting Standards (IFRS). The Group’s Finance function validates and analyzes the financial information as part of the quality control of financial reporting. More information is available in the Corporate Governance Report.

For information about currency risks, interest risks, liquidity and refinancing risks, credit risks, raw material price risks and pension commitments, please see note G28.