Sandvik risk management processes support our business to manage and effectively mitigate critical risks with the potential to impact our ability to achieve our financial targets and strategic objectives.
To effectively identify and manage risk is a vital element of business success for all parts of the Sandvik business.
The Group’s risk management approach follows our decentralized structure. The Sandvik Board of Directors is ultimately responsible for the governance of risk management. Sandvik’s Group Executive Management ensures there is a common and efficient process in place.
All management teams are responsible for their own risk management. The teams must follow the minimum requirements outlined in The Sandvik Way.
Part of the Board’s requirements are clear and transparent information about Sandvik’s enterprise risks and mitigating activities.
ERM – a part of our strategic work
Sandvik has implemented an Enterprise Risk Management (ERM) program that covers all business areas, divisions and functions within the Group. The management teams analyze risks in their operations and related to their strategic objectives at least annually. Assessment and management of sustainability risks, including climate change, are integrated parts of the ERM program. In addition, the ERM methodology is used as a tool for decision-making, operationally and within projects, as well as in the strategy process in various levels of the Group. The Group Executive Management reviews and discusses the Sandvik Group risk appetite and decides on the Group risk profile once per year, based on a bottom-up risk assessment, an external risk outlook and top management input. An ERM report, summarizing key risks and mitigating activities across our business, was provided to Sandvik’s Audit Committee and Board of Directors in December 2021. The Board of Directors’ and the Audit Committee’s involvement in the ERM process is further described on the page about Board of Directors.
Insurance as a risk management tool
Sandvik has tailored insurance programs that transfer the risks associated with, amongst others, the Group’s property, cargo and liability exposures. Insurable risks are continuously evaluated and actions are taken to reduce these insurable risks, as part of Sandvik’s loss-prevention strategy. Supported by our loss-prevention guidelines, risk evaluations highlight opportunities to reduce the potential for business interruption and to ensure the Group’s ability to deliver to its customers. In order to ensure cost efficient and tailored insurance solutions, selected risks are reinsured through the Group’s captive insurance company.
Business continuity and crisis management
The global risk management policy and related procedures for business continuity and crisis management set the requirements for local management teams to ensure their ability to successfully respond to disruptive events and continue their business operations on an acceptable level. Once a risk materializes, our crisis management priorities are to minimize harm to people, to the environment, and to minimize damage to Sandvik’s business, as well as ensuring a swift return to normal activities and safeguarding the company brands.
Internal audit and internal control in Sandvik’s risk work
The internal audit function regularly follows up the implementation of different risk management programs such as ERM, business continuity, crisis management and the insurance programs. Sandvik applies group-wide internal controls to monitor risk mitigations. Read more about the internal control programs on the page Internal control over financial reporting.
Sandvik Group Risk Profile
Sandvik Group risk profile is based on a bottom-up, top-down approach where the divisions, business areas and functions first make their assessment and the Group Risk Management Council makes recommendations for a new Group risk profile based on the outcome of these assessments. The Group Executive Management reviews the proposal from a Group, top-down perspective and makes necessary adjustments. The outcome of this annual cycle is presented in the table Sandvik Group Key Risks 2021 together with examples of what the identified risks mean for Sandvik in different parts of the organization and the mitigating activities taken to manage them.
Overall risk mitigation identified aligns well with the Sandvik Strategy and Key Objectives. With regards to IT-related risks, major mitigation activities are ongoing through the Digital Security Improvement Program. Much focus will be placed on overall risks related to the integration of newly acquired businesses in the coming year. Talent attraction and retention in high focus areas have been further highlighted. For some parts of our business, increasing protectionism and global trade wars are expected challenges to manage. Within Business Interruption, the shortage of components, freight and energy supply has been added due to the current global situation.
We have chosen to remove the Sustainability Expectations and Requirements risk. The 2030 sustainability targets are in line with current expectations and sustainability exists as a risk factor, with mitigating actions, in many of the risks in the Group risk profile.