The objective of Fingrid’s risk management is to support the implementation of the strategy and to secure the continuity of the company’s operations in the changing circumstances, and to manage the safety and environmental impacts of the operations. The goal is to engage the entire personnel to identify the risks associated with the company’s operations and to implement risk management measures. Risk management must be continuous and systematic by nature.
Fingrid’s risk management is divided into the identification and management of operative risks and strategic risks. In addition, the company applies operational assessment which supports risk management (audits) and draws up continuity plans.
The company’s strategy work analyses changes in the operating environment, assesses Fingrid’s strategic readiness, identifies the strategic risks, sets the strategic goals, and specifies the relevant measures.
Fingrid’s strategy is implemented in the management system, where the internal processes determine the work required to manage Fingrid’s core duties and supervise their implementation. The functions carry responsibility for planning, resourcing and implementing the work and for reporting the results of the work.
The objective of the identification of the operative risks is to describe the risks that are related to the planning, resourcing and implementation of the above duties. The risks of the various implementation options are assessed as part of project planning and decisions concerning measures taken.
The Board of Directors accepts the risk management policy and any changes in it annually. The audit committee of the Board of Directors obtains an annual report of the foremost risks pertaining to the company’s operations and of their management. The Board approves the risk management measures as part of the corporate strategy, performance indicators, action plan and budget.
The President is responsible for risk management related to the corporate-level strategic goals. The foremost strategic risks are identified as part of the company’s strategy work. The corporate strategy presents the primary corporate-level risks and the related risk management. These risks are monitored, co-ordinated and managed by the executive management group, but each function and/or business process is responsible for implementing its own risk management.
The heads of the units are responsible for the identification, reporting and risk management measures of operative risks in their respective areas of responsibility. Responsible persons in each function attend to the implementation and follow-up of risk management in their areas of responsibility.
Each Fingrid employee is responsible for identifying and reporting the risks in their own area of responsibility and for taking the accepted risk management measures.
Risk identification, assessment and classification are the basic conditions for internal control within the company. The risks threatening the achievement of the company’s strategic and financial objectives are identified and assessed in accordance with their likelihood and monetary value so that the risks can be controlled. The impact of the strategic risks on the company and society is assessed separately.
If necessary, development projects are launched to control major risks, and the corporate strategic indicators are supplemented for their more detailed monitoring whenever necessary. Extensive projects or ones having great significance are named strategic development projects and presented as part of Fingrid’s strategy. The President appoints project leaders for such projects, approves the contents of the projects and monitors their progress.
The financial administration of the Group is responsible for the control structures relating to the financial reporting process.
The strategic risks are analysed, and the associated risk management measures are planned as part of Fingrid’s annual strategy work. The updated strategy is presented to the Board of Directors annually in August.
A risk assessment of the operative risks is drawn up for the company’s operational planning in the autumn, and the risk management measures are planned. The risk map of the operative risks, the risk assessments and the situation with the risk management measures are updated in the spring. Operational assessments are carried out systematically throughout the year as part of Fingrid’s risk management. In all situations involving major changes to the operations, the risk caused by the change is evaluated as part of the project proposals and alternative measures. If the risk or other adverse event is realised, the impacts and likelihood of the event are always evaluated separately.
The impacts of operative risks are assessed from four points of view regarding Fingrid: impacts related to personnel and expertise, corporate finances, customers and stakeholders, and business processes. Moreover, the risks are assessed in view of society with regard to the functioning of the electricity market, system security, safety, and the environment. The likelihood of risks is also analysed as part of the risk survey.
The strategic risks, risks relating to financing, and counterparty risks involved in the business are reported regularly to the Board of Directors and audit committee. The operative risks, risks relating to financing and counterparty risks are reported regularly to the executive management group. The counterparty risks and operative risks of a particular business unit are reported regularly to the relevant business units.
Guidelines for protection against risks are maintained in Fingrid’s instruction system. The instruction system is composed of three levels:
Risk protection takes place by reducing the likelihood and/or seriousness of a disadvantageous event. Damage and loss related to a risk are restricted by means of advance protection measures and/or corrective action carried out in retrospect. The main means of practical protection are (usually in this particular order): changing of procedures, contingency plans, guidelines and safety arrangements, improvement of technical solutions, contractual limitation (major and unexpected risks), and derivatives and insurance policies (risks distributed over several parties).
Financial administration is to support and assist the business functions so that risk management in the business processes is ensured. The risks are related to financing, loss energy procurement, balance service, grid service and asset management in particular. Risks to which the company is typically exposed include risks pertaining to the counterparties and the operating environment. Such risks are reported to the corporate management.
The limitation of risks is based on identification, assessment, analysis and reporting. The risks are limited using various mechanisms and measures, such as by setting limits in euros, by requiring collateral, monitoring the financial standing and credit rating of a counterparty, and by using contractual limitations.