Risk management
The risk analysis is performed as an ongoing process and is updated at least once a year. The analysis is based on the business we conduct, the industries in which we operate, the geographical market and the key resources on which we depend. Initially, we have assessed the likelihood of how external factors could impact our business. We have then evaluated the extent of the consequences from a financial perspective if the risks were to materialise. The risk areas that we have assessed as high or medium in terms of likelihood or consequence are described in the adjacent table.
| Risk | Description | Likelihood | Consequence | Management |
|---|---|---|---|---|
| Extreme weather | Prolonged power outages, operational disruptions, negative financial consequences. | Low | Medium | Choose suppliers that ensure solutions in the event of extreme weather and have continuous operation. The suppliers have backup systems to keep the servers running. |
| Discrimination against employees | Insecurity, deterioration in performance, increased staff turnover, legal consequences, negative financial consequences, difficulty attracting new staff. | Low | Medium | Employee handbook, regular employee survey, annual salary mapping. The level of availability in the labour market has increased. |
| Work environment shortcomings | Insecurity, deterioration in performance, increased staff turnover, legal consequences, negative financial consequences, difficulty attracting new staff. | Low | Medium | Employee handbook, regular employee survey, generous benefits, flexibility. The level of availability in the labour market has increased. |
| Stricter regulatory/legal requirements linked to sustainability | CSRD, new skills needs, increased administration, increased costs. | High | Low | CSRD competence assurance, structured activities for goal monitoring and follow-up, skills training. |
| Lack of innovation/adaptability | Reduced demand, decreased revenues. | Low | High | Ongoing investments, development of services, customer surveys. The establishment of a single Public business area to make better use of our resources. |
| Deficient information security | Deficient regulatory compliance, compromised privacy, compromised trust, negative financial consequences. | Medium | High | Comprehensive procedures, robust systems, certification according to ISO 27001. |
| IT attacks | Deficient compliance with policies, compromised privacy, compromised trust, negative financial consequences. | High | Medium | Comply with policies, management system, ongoing testing and training. Investment in processes, staff, technology and systems to monitor, mitigate and minimise risks. |
| Non-sustainable suppliers | Negative environmental impact, human rights violations. | Low | Medium | Selection of sustainable suppliers, Code of Conduct, ongoing compliance monitoring. |
| Financing risks | Insufficient sustainability initiatives could result in worse terms from lenders/investors, deterioration of the share price. | Low | Medium | Appointed sustainability group, skills training, management system for structure and goal monitoring and follow-up. |
| Fraud | Fraud, giving/taking of bribes, legal consequences, damaged brand, negative financial consequences. | Medium | Medium | Ongoing training initiatives, management system, regulated via agreements with customers, Code of Conduct with suppliers and employment contracts with staff. Division of areas of responsibility. |
