Annual report Risk management
The management of VR Group is committed to risk management and to the development of risk management. The risk management of VR Group is guided by the risk management policy approved by the Board of Directors of VR-Group Ltd. The policy sets out the principles, objectives and responsibilities of risk management and the operating practices observed in the risk management.
The purpose of risk management is to provide an up-to-date, accurate and comprehensive opinion on the risks of VR Group. In VR Group, risk management is a continuous activity. The purpose of this is a comprehensive and appropriate identification, assessment, management and control of the Group's major risks.
Risk management is an essential element of all processes in the VR Group. The Chief Executive Officer is responsible for arranging risk management in the Group. In business and support units, risk management is the responsibility of the senior management. VR Safety is responsible for ensuring an up-to-date risk policy, for supporting its implementation and for monitoring and developing risk management practices and for reporting on them to the Management Team and the Board of Directors. A separately appointed risk-management development team guides and supports persons responsible for individual risk types in the implementation of risk management.
The aim of risk management in VR Group is to promote the achievement of the Group's strategic and operational objectives and to ensure that the Group's business operations are on a profitable and long-term basis. In VR Group's risk management, risks are divided into four categories: strategic, economic, operational and hazard risks. These four categories are further divided into different types of risk. Below is a category-specific listing of the most important types of risk examined here.
Strategic risks
Factors affecting the prerequisites and development of the business operations and factors connected with the operating environment, markets and stakeholder groups:
- Group-level strategic risks
- Logistics
- Passenger services
- Infrastructure engineering
- International business operations
- Reputation and communications
- Political developments and regulation
- Company acquisitions
Economic risks
Events resulting from inadequate information or events connected with business processes that may cause financial losses:
- Agreements and responsibilities
- Compliance risks
- Governance risks
- Purchases
- Credits
- Interest payments, currencies and liquidity
- Financial reporting
Operational risks
Threats to operations or achievement of objectives arising from internal processes, systems or external factors:
- Organization and management
- Human resources
- Train operations
- Logistics operations
- Passenger services operations
- Infrastructure engineering production and maintenance
- Rolling stock maintenance
- Information technology
- Management of traffic disruptions and crisis situations
Hazard risks
Accidents or other losses:
- Personnel
- Customers and stakeholder groups
- Environment
- Group assets
A plan of action has been prepared to prevent major risks from occurring and a person has been appointed to be responsible for each risk. The Group's Management Team receives a biannual and the Board of Directors and the audit committee a yearly risk management situation report in connection with strategy monitoring and operational planning.
