Risk management policy

The purpose of Retta Group Oy* risk management is to identify the most significant risks to Retta Group of companies (“Retta”) business operations and to manage them. Risk management is integral part of effective management practice. By appropriate risk management we aim to ensure the continuity of our operations and achievement of our business objectives.

Retta´ s risk management policy describes the main principles of risk management at Retta. CEO together with his management team has overall responsibility for Retta´ s risk management. Business and support functions are responsible for the practices relating to identification, evaluation, review and management of risks in their field of business and mandate. They manage risks by defining and implementing controls. Appointed risk owners are responsible for specific identified risks within their range of responsibility.

Compliance function follows compliance of legislation, generally acknowledged ethical principles, Retta´ s Code of Conduct and internal instructions and procedures, including risk management process. Employees and stakeholders are encouraged to report any misconducts or suspected misconducts. Internal Audit performs annually audits according to audit plan and presents audit outcomes to the Audit Committee.

Retta has identified key risks to its operations and maintains a risk register. Risk owners have been named in the risk register. Risk register is regularly reviewed, assessed and kept updated. Retta management team has annually separate risk review meeting. Risk management is also part of the Management system and reporting process. Between regular reviews, identified material changes are evaluated, reported and discussed separately.

Key risks have been categorized to strategic, operational, financial and damage risks in Retta´ s risk register. Strategic risks refer to such external or internal events that may have impact on company´s ability to achieve it´s objectives and strategic goals in short or longer term, such as market conditions, organizational structure, company´s reputation and brand etc. Strategic risk may even endanger the existence of the company. Operational risks are risk of losses caused by failed processes, policies, systems or events that interrupt or disrupt business operations. Typical categories of operational risks are people risks, process risks, system risks, contract-related risks and legal & compliance risks. Financial risk is any risk associated with financing. Financial risks include market risk, credit risk, liquidity risk and operational risk. By damage risks are meant risks to people or property.

Risk identification and evaluation process:

  • Identification of possible risks
  • Analysis of identified risks
  • Evaluation and prioritization of risks (impact and likelihood)
  • Key risks are listed in risk register
  • Risk register kept updated and reviewed regularly