Outokumpu operates in accordance with the risk management policy approved by the company’s Board of Directors. The policy has been reviewed and updated in 2017 and it defines the objectives, approaches, and areas of responsibility in the Group’s risk management activities. In addition to supporting Outokumpu’s strategy, the aim of risk management is identifying, evaluating, and mitigating risks from the perspective of shareholders, customers, suppliers, personnel, creditors, and other stakeholders.

Risk management organization

The Board of Directors carries ultimate responsibility for risk management within Outokumpu. The CEO and members of the Leadership Team are responsible for defining and implementing risk management procedures, and for ensuring that risks are both properly addressed and taken into account in strategic and business planning.

Outokumpu’s Risk Management Steering Group, led by the CFO, is the governing body for risk management in Outokumpu. Business areas and Group functions are responsible for managing risks connected with their own operations. Internal Audit monitors risk management processes, and the Risk Management Steering Group, the Board Audit Committee and the Board of Directors review both key risks and actions taken to manage these risks on a regular basis. Treasury and Risk Management function supports implementation of Outokumpu’s risk management policy, facilitates and coordinates risk management activities, and prepares quarterly risk reports for management, the Board Audit Committee and Auditors.

 

Risk management process

Outokumpu has defined risk as anything that could have an adverse impact on achieving the Group’s objectives. Risks can, therefore, be threats, uncertainties, or lost opportunities connected with current or future operations. Outokumpu’s appetite for risk and risk tolerance are defined in relation to earnings, cash flows and capital structure. The risk management process is an integral part of the overall management processes and it is divided into four stages: risk identification, evaluation/prioritization, mitigation and reporting. Risk management process in Outokumpu is twofold, including a top-down approach to manage the Group’s key risks and a bottom-up approach focusing on the operational level.

Within Outokumpu, the risk management process is monitored and controlled at different organizational levels in a systematic manner. Regular risk updates are carried out to capture relevant information and to ensure that the process is operating in an uninterrupted manner. The monitoring and analysis of results and risk updates also ensure that accurate information is provided both internally – to business area management teams and members of the Leadership Team – and externally to parties such as shareholders and other stakeholders.

 

Focus areas

The focus in risk management in 2018 was on implementing the actions for the mitigation of identified risks, supporting improvements in operational reliability in Outokumpu e.g. by modelling business interruption risks and on improving the efficiency of the risk management process. The efforts also included actions to support the reduction of Group’s costs, improvements in metal and commodity risk management processes as well as improving the controls of Outokumpu’s operations as part of a large business process transformation program. Outokumpu continued its systematic fire safety and loss prevention audit program, which focused also in operational reliability to prevent machinery breakdown related business interruptions. In total, some twenty fire safety loss prevention audits were carried out in 2018 using in-house expertise in cooperation with external advisors.

The main realized risks in 2018 were related to increased costs in certain supply materials, inadequate profitability of business area Americas, market volatility as a result of trade political actions related to Section 232 and delayed implementation of the business transformation program.