Outokumpu operates in accordance with the risk management policy approved by the company’s Board of Directors. The policy has been reviewed and updated in 2017 and it defines the objectives, approaches, and areas of responsibility in the Group’s risk management activities. In addition to supporting Outokumpu’s strategy, the aim of risk management is identifying,
evaluating, and mitigating risks from the perspective of shareholders, customers, suppliers, personnel, creditors, and other stakeholders.
Risk management organization
The Board of Directors carries ultimate responsibility for risk management within Outokumpu. The CEO and members of the Leadership Team are responsible for defining and implementing risk management procedures, and for ensuring that risks are both properly addressed and taken into account in strategic
and business planning.
Outokumpu’s Risk Management Steering Group, led by the CFO, is the governing body for risk management in Outokumpu. Business areas and Group functions are responsible for managing risks connected with their own operations. Internal Audit monitors risk management processes, and the Risk Management Steering Group, the Board Audit Committee and the Board of Directors review both key risks and actions taken to manage these risks on a regular basis. Treasury and Risk
Management function supports implementation of Outokumpu’s risk management policy, facilitates and coordinates risk management activities, and prepares quarterly risk reports for management, the Board Audit Committee and Auditors.
Risk management process
Outokumpu has defined risk as anything that could have an adverse impact on achieving the Group’s objectives. Risks can, therefore, be threats, uncertainties, or lost opportunities connected with current or future operations. Outokumpu’s appetite for risk and risk tolerance are defined in relation to earnings, cash flows and capital structure. The risk management process is an integral part of the overall management processes and it is divided into four stages: risk identification, evaluation/prioritization, mitigation and reporting. Risk management process in Outokumpu is twofold, including a top-down
approach to manage the Group’s key risks and a bottom-up approach focusing on the operational level.
Within Outokumpu, the risk management process is monitored and controlled at different organizational levels in a systematic manner. Regular risk updates are carried out to capture relevant information and to ensure that the process is operating in an uninterrupted manner. The monitoring and analysis of
results and risk updates also ensure that accurate information is provided both internally – to business area management teams and members of the Leadership Team – and externally to parties such as shareholders and other stakeholders.
The focus in risk management in 2017 was in securing the steps to improve Outokumpu’s cost competitiveness as well as continuous improvement of risk management, including actions in safety, securing liquidity, managing project risks and improving the efficiency and controls of Outokumpu’s operations as part of large business transformation program aiming to renew fragmented IT systems going forward. Outokumpu continued its systematic fire safety and loss prevention audit programs, which also included machinery breakdown loss prevention. In total, some twenty fire safety and machinery
breakdown loss prevention audits were carried out in 2017 using in-house expertise in cooperation with external advisors. The main realized risks in last year were a fatal accident to a contractor at Degerfors, Sweden in May, risks related to production stability, especially in ferrochrome, and inadequate
profitability in the business area Americas.