Relevant GRI Indicators

Sandvik Group key risks 2020

Identified key risk

Risk consequence

Risk mitigation

S1. Industry shifts and market developments
Identified key risk

Changing competitive landscape with decreased demands for certain products or segments and an increased demand for a sustainable offering.

Risk consequence

The inability to reach strategic objectives long term, leading to lower growth or lower financial performance.

Risk mitigation

Increased focus on M&As and business development to broaden existing product portfolio and meet customer demand for digital solutions, electrification and services. Competitor and market development is closely monitored and strategies are in place to reduce dependency on individual customer segments. The Covid-19 pandemic has given us further experience on our resilience, flexibility and ability to handle decline in specific segments and to reallocate resources to segments less effected by the pandemic.

S2. Macroeconomic developments
B13. Change management/demand/readiness
Identified key risk

Our ability to adapt to macroeconomic developments.

Risk consequence

The inability to plan long term, leading to less agile business, higher costs or price models not being profitable, causing lower financial performance long term.

Risk mitigation

All businesses are working with strong cost control and cost flexibility. All businesses are closely monitoring relevant Key Risk Indicators (capex investment in mining, raw material prices, GDP, oil rig count, daily order rates, etc.). They all have up to date contingency plans, including different scenarios, ready to activate at the first sign of a downturn.

S3. Technological change/shifts
Identified key risk

New and evolving technologies or technological demands leads to the need to attract new talent in key competence areas (digitalization, sustainability, etc).

Risk consequence

The inability to reach strategic objectives long term, leading to lower growth or financial performance. A general risk of losing competitiveness and business position on the market with a special risk focus if not being able to take a strong position in the digital area fast enough.

Risk mitigation

There is a strong focus on R&D in all our businesses as well as proactive business development and M&A activities where growth is a priority. The business is closely monitoring the development of new technologies and customer segments. Partnerships have been formed with key partners and research centers to advance knowledge and capabilities in areas currently outside the core business. The business has also invested in additive manufacturing, powder technology, digitalization and automation. Sandvik has, across the business areas, focused on developing the Sandvik employer brand. One key area is to use new, digital channels to attract and recruit competence for the future. Succession planning has been strengthened for top management positions.

S4. Regulatory change
Identified key risk

Changes in trade laws or chemical legislations. Stricter sustainability requirements.

Risk consequence

The inability to quickly respond to new regulations leading to higher costs, fines or the inability to continue manufacturing certain products. Can have a negative reputational impact.

Risk mitigation

All parts of Sandvik work with the monitoring of different initiatives and continually evaluate their impact on our business. We are active in business associations and other organizations, such as Jernkontoret, Svenskt Näringsliv, the Cobalt Institute and the International Tungsten Industry Association to name a few, to monitor regulatory development to benefit long-term sustainable business.

S6. Sustainability expectations and/or requirements
Identified key risk

Conflicting short- versus long-term financial priorities, leading to not meeting the 2030 sustainability goals, loss of competitiveness and stakeholder trust.

Risk consequence

Not meeting customers’ expectations of new business models built on sustainability. Negative reputational impact and not meeting stakeholder expectations could lead to a loss of business. Negative impact on the share’s attraction as an investment as well as on the attraction and retention of future or current employees.

Risk mitigation

The Group Executive Management has the overall responsibility for Sandvik’s sustainability strategy and agenda while the business areas/divisions are responsible for the implementation and follow-up. The business areas/divisions are also responsible for the assessment and management of sustainability risks in their operations. KPIs are consolidated and reported to follow up on goals at Group and business area/division levels. Each year we evaluate our performance, set targets and focus actions for the coming year to ensure delivery on our sustainable business strategy.

B1. Noncompliance with laws and regulations
Identified key risk

Breach of anti-bribary, anti-corruption, competition or antitrust laws, General Data Protection Regulations (GDPR) or trade compliance.

Risk consequence

Worst-case scenarios show high financial impact due to fines in multiple markets. Can have a major negative reputational impact if risk were to materialize.

Risk mitigation

The Sandvik Way, our governance framework, includes Group policies, Group procedures and other steering documentation, and is based on legal requirements and risk exposure with oversight through a Group functional council. To truly embed compliance in the business we have introduced the Compliance House, a system that enables the business to control and understand the status of compliance within their organizations. The Compliance House contains a breakdown of all the requirements in our four compliance programs: Anti-Bribery & Corruption, Competition Law, Data Privacy and Trade Compliance.

B7. IT failures
B8. Insufficient IT security
Identified key risk

Major IT incident causing significant downtime in critical operational IT systems or services. Incident could be caused by cyberattack resulting also in ransom demand and reputational loss.

Risk consequence

Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.

Risk mitigation

Revision of cyber security improvement program being planned to address multiple areas. Each business area is running an IT security improvement program, including risk review of critical business applications and risk-based network segmentation. Project initiated to investigate resilience of business critical systems and services and facilitate improvement in this area.

B4. Product development and product support
B8. Insufficient IT security
Identified key risk

Lack of security in digital offering lifecycle.

Risk consequence

Risk of compromising data and automation systems with negative reputational and financial impact. Risk of exposure to Sandvik internal IT systems.

Risk mitigation

All business areas/divisions are identifying the risks associated with their digital offering and taking appropriate actions to mitigate these risks.

B10. Information and data protection
Identified key risk

Leakage of confidential information and unstructured content management for internal systems as well as external platforms. Weaknesses in identity and access management and governance.

Risk consequence

Can lead to business critical information being made available to unauthorized individuals or organizations.

Risk mitigation

Target architecture work for identity and access management area to be launched during 2021 in order to mitigate risk. Increased authentication to prevent unauthorized access has been implemented. All business areas have strengthened their IT security management. A review of key processes for information release and overall communication channels has been initiated.

B15. Business interruptions
Identified key risk

Unforeseen major disturbance or failure in production or supply chain, caused by, for example, weather events, machinery break-downs, fires or pandemics.

Risk consequence

Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.

Risk mitigation

The Group’s Risk Management Policy was approved by the Group Executive Management in 2020. Procedures for Crisis Management and Business Continuity are continuously updated. Business areas/divisions have performed risk scenario planning for some of the most critical production entities, supply chain vulnerabilities and IT system dependencies.

B36. M&A transactions or integration
Identified key risk

Not being successful in identifying acquisition targets, completing efficient M&A processes and subsequent integration.

Risk consequence

Our growth targets for the coming years are dependent on us delivering on our M&A strategy. Not being able to identify, complete and integrate acquisitions could have a major impact on our growth objectives and financial performance.

Risk mitigation

Business areas and divisions are continuously reviewing their acquisition plans, capability and efficiency ensuring enough resources are in place to identify, analyze and integrate M&A targets. In addition, Group Functions are strengthening their ability to support the business in the M&A processes.